public async Task <JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
{
try
{
// 1. get the options we sent the client
//var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
var jsonOptions = await _distributedCache.GetStringAsync(UniqueId);
if (string.IsNullOrEmpty(jsonOptions))
{
throw new Exception("Can't get CredentialOptions from cache");
}
var options = CredentialCreateOptions.FromJson(jsonOptions);
// 2. Create callback so that lib can verify credential id is unique to this user
IsCredentialIdUniqueToUserAsyncDelegate callback = async(IsCredentialIdUniqueToUserParams args) =>
{
var users = await _fido2Storage.GetUsersByCredentialIdAsync(args.CredentialId);
if (users.Count > 0)
{
return(false);
}
return(true);
};
// 2. Verify and make the credentials
var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
// 3. Store the credentials in db
await _fido2Storage.AddCredentialToUser(options.User, new FidoStoredCredential
{
Username = options.User.Name,
Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
PublicKey = success.Result.PublicKey,
UserHandle = success.Result.User.Id,
SignatureCounter = success.Result.Counter,
CredType = success.Result.CredType,
RegDate = DateTime.Now,
AaGuid = success.Result.Aaguid
});
// 4. return "ok" to the client
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(Json(new CredentialMakeResult {
Status = "error", ErrorMessage = $"Unable to load user with ID '{_userManager.GetUserId(User)}'."
}));
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
if (await _userManager.CountRecoveryCodesAsync(user) == 0)
{
var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
RecoveryCodes = recoveryCodes.ToArray();
}
return(Json(success));
}
catch (Exception e)
{
return(Json(new CredentialMakeResult {
Status = "error", ErrorMessage = FormatException(e)
}));
}
}
public async Task <JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
{
try
{
// 1. get the options we sent the client
var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
var options = CredentialCreateOptions.FromJson(jsonOptions);
// 2. Create callback so that lib can verify credential id is unique to this user
IsCredentialIdUniqueToUserAsyncDelegate callback = async(IsCredentialIdUniqueToUserParams args) =>
{
var users = await _fido2Storage.GetUsersByCredentialIdAsync(args.CredentialId);
if (users.Count > 0)
{
return(false);
}
return(true);
};
// 2. Verify and make the credentials
var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
// 3. Store the credentials in db
await _fido2Storage.AddCredentialToUser(options.User, new FidoStoredCredential
{
Username = options.User.Name,
Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
PublicKey = success.Result.PublicKey,
UserHandle = success.Result.User.Id,
SignatureCounter = success.Result.Counter,
CredType = success.Result.CredType,
RegDate = DateTime.Now,
AaGuid = success.Result.Aaguid
});
// 4. return "ok" to the client
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(Json(new CredentialMakeResult {
Status = "error", ErrorMessage = _sharedLocalizer["FIDO2_USER_NOTFOUND", _userManager.GetUserId(User)]
}));
}
await _userManager.SetTwoFactorEnabledAsync(user, true);
var userId = await _userManager.GetUserIdAsync(user);
return(Json(success));
}
catch (Exception e)
{
return(Json(new CredentialMakeResult {
Status = "error", ErrorMessage = FormatException(e)
}));
}
}