/// <summary>
/// 断言:创建断言选项
/// <para> 当用户想要登录时,我们会根据注册的凭据进行断言。</para>
/// </summary>
public async Task <AssertionOptions> AssertionOptionsPost(User user, AssertionClientParams assertionClientParams)
{
string error = "";
// 1. Get user from DB
if (user == null)
{
error = "username was not registered";
var ass = new AssertionOptions()
{
Status = "bad",
ErrorMessage = error
};
return(ass);
}
// 2. Get registered credentials from database
var existingCredentials = GetPublicKeyCredentialDescriptors(user.UserId);
var options = _fido2.GetAssertionOptions(
existingCredentials,
assertionClientParams.UserVerification,
assertionClientParams.Extensions
);
distributedCache.SetString(user.UserId.ToString() + "assertionOptions", options.ToJson(), 120);
return(options);
}
public async Task <IActionResult> CreateAssertionOptions(string email)
{
string error = "";
try
{
var user = userService.GetUserByEmail(email);
var assertionClientParams = new AssertionClientParams();
var success = await fido2Service.AssertionOptionsPost(user, assertionClientParams);
// 4. return "ok" to the client
return(Json(success));
}
catch (Exception e)
{
return(Json(new CredentialMakeResult(status: "error", errorMessage: FormatException(e), result: null)));
}
}
