public static CredentialAssertion ToCredentialAssertion(this PublicKeyCredentialAssertion browserObject) { var credentialId = WebEncoders.Base64UrlDecode(browserObject.Id); var clientData = GetClientDataFromBase64UrlString(browserObject.Response.ClientDataJSON); var signature = WebEncoders.Base64UrlDecode(browserObject.Response.Signature); var userHandle = browserObject.Response.UserHandle == null ? null : WebEncoders.Base64UrlDecode(browserObject.Response.UserHandle); var authenticatorData = new AuthenticatorData(WebEncoders.Base64UrlDecode(browserObject.Response.AuthenticatorData)); return(new CredentialAssertion(credentialId, browserObject.Type, clientData, signature, userHandle, authenticatorData)); }
public async Task <IActionResult> KeyLogin([FromBody] PublicKeyCredentialAssertion request) { var userIdCookie = await HttpContext.AuthenticateAsync(Constants.KeyAuthUserIdScheme); if (!userIdCookie.Succeeded) { _logger.LogWarning("User id cookie must be present when signing in with security key"); return(Unauthorized()); } var userId = userIdCookie.Principal.FindFirstValue(ClaimTypes.Name); var returnUrl = userIdCookie.Principal.FindFirstValue(ClaimTypes.UserData); var user = await _userManager.FindByIdAsync(userId); if (user == null) { _logger.LogWarning("User with id {0} not found", userId); return(Unauthorized()); } var assertion = request.ToCredentialAssertion(); if (assertion.AuthenticatorData == null) { return(Unauthorized()); } await HttpContext.SignOutAsync(Constants.KeyAuthUserIdScheme); var keyIdentity = new ClaimsIdentity(Constants.KeyAuthScheme); keyIdentity.AddClaim(new Claim("credential_id", request.Id)); await HttpContext.SignInAsync(Constants.KeyAuthScheme, new ClaimsPrincipal(keyIdentity)); await _signInManager.SignInAsync(user, true, "hwk"); return(Ok(new { returnUrl })); }