public static CredentialAssertion ToCredentialAssertion(this PublicKeyCredentialAssertion browserObject)
{
var credentialId = WebEncoders.Base64UrlDecode(browserObject.Id);
var clientData = GetClientDataFromBase64UrlString(browserObject.Response.ClientDataJSON);
var signature = WebEncoders.Base64UrlDecode(browserObject.Response.Signature);
var userHandle = browserObject.Response.UserHandle == null ? null : WebEncoders.Base64UrlDecode(browserObject.Response.UserHandle);
var authenticatorData = new AuthenticatorData(WebEncoders.Base64UrlDecode(browserObject.Response.AuthenticatorData));
return(new CredentialAssertion(credentialId, browserObject.Type, clientData, signature, userHandle, authenticatorData));
}
public async Task <IActionResult> KeyLogin([FromBody] PublicKeyCredentialAssertion request)
{
var userIdCookie = await HttpContext.AuthenticateAsync(Constants.KeyAuthUserIdScheme);
if (!userIdCookie.Succeeded)
{
_logger.LogWarning("User id cookie must be present when signing in with security key");
return(Unauthorized());
}
var userId = userIdCookie.Principal.FindFirstValue(ClaimTypes.Name);
var returnUrl = userIdCookie.Principal.FindFirstValue(ClaimTypes.UserData);
var user = await _userManager.FindByIdAsync(userId);
if (user == null)
{
_logger.LogWarning("User with id {0} not found", userId);
return(Unauthorized());
}
var assertion = request.ToCredentialAssertion();
if (assertion.AuthenticatorData == null)
{
return(Unauthorized());
}
await HttpContext.SignOutAsync(Constants.KeyAuthUserIdScheme);
var keyIdentity = new ClaimsIdentity(Constants.KeyAuthScheme);
keyIdentity.AddClaim(new Claim("credential_id", request.Id));
await HttpContext.SignInAsync(Constants.KeyAuthScheme, new ClaimsPrincipal(keyIdentity));
await _signInManager.SignInAsync(user, true, "hwk");
return(Ok(new { returnUrl }));
}
