public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, string rawAuthResponse, FidoDeviceRegistration deviceRegistration, IEnumerable<FidoFacetId> trustedFacetIds) { var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse); return FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, FidoAuthenticateResponse authResponse, FidoDeviceRegistration deviceRegistration, IEnumerable<FidoFacetId> trustedFacetIds) { authResponse.Validate(); var clientData = authResponse.ClientData; ExpectClientDataType(clientData, AuthenticateType); if (clientData.Challenge != startedAuthentication.Challenge) throw new InvalidOperationException("Incorrect challenge signed in client data"); ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin)); var signatureData = authResponse.SignatureData; VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration); deviceRegistration.UpdateCounter(signatureData.Counter); return signatureData.Counter; }
public ActionResult Login(LoginDeviceViewModel model) { model = model ?? new LoginDeviceViewModel(); try { if (!String.IsNullOrEmpty(model.RawAuthenticationResponse)) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle); return View(new LoginDeviceViewModel()); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(appId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains()); // save the counter somewhere, the device registration of the next authentication should use this updated counter deviceRegistration.Counter = counter; return RedirectToAction("LoginSuccess"); } } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return View(model); }