private async void UnregisterDevices()
{
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
//DeviceListBox.Items.Clear();
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
System.Diagnostics.Debug.WriteLine(deviceInfo.DeviceFriendlyName);
//DeviceListBox.Items.Add(deviceInfo.DeviceId);
await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(deviceInfo.DeviceId);
}
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
System.Diagnostics.Debug.WriteLine(deviceInfo.DeviceFriendlyName);
//DeviceListBox.Items.Add(deviceInfo.DeviceId);
//await SecondaryAuthenticationFactorRegistration.UnregisterDeviceAsync(deviceInfo.DeviceId);
}
//RefreshDeviceList(deviceList);
}
void RefreshDeviceList(IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList)
{
DeviceListBox.Items.Clear();
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
DeviceListBox.Items.Add(deviceInfo.DeviceId);
}
}
private string ExtractDateFromDeviceInfo(SecondaryAuthenticationFactorInfo info)
{
string deviceConfigurationData = CryptographicBuffer.ConvertBinaryToString(0, info.DeviceConfigurationData);
string[] dcdArray = deviceConfigurationData.
Replace(info.DeviceFriendlyName, "").
Replace(info.DeviceId, "").
Split('-');
return(dcdArray[4]);
}
void RefreshDeviceList(IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList, int slectedIndex)
{
string dateString = string.Empty;
listContent listItem;
List <DateTime> dateList = new List <DateTime>();
int cpt = 0;
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
//Debug.WriteLine(deviceInfo.DeviceConfigurationData);
listItem = new listContent();
//DateTime now = DateTime.Now;
listItem.deviceFriendlyName = deviceInfo.DeviceFriendlyName;
listItem.deviceGUID = deviceInfo.DeviceId;
int count = deviceInfo.DeviceFriendlyName.Count();
listItem.date = DateTime.Parse(ExtractDateFromDeviceInfo(deviceInfo));
dateString = CommomMethods.FormatDate(listItem.date);
listItem.dateString = dateString;
if (DeviceListBox.Items.Count > index - cpt)
{
DeviceListBox.Items.Remove(DeviceListBox.Items.ElementAt(index - cpt));
cpt++;
}
}
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
listItem = new listContent();
listItem.deviceFriendlyName = deviceInfo.DeviceFriendlyName;
listItem.deviceGUID = deviceInfo.DeviceId;
int count = deviceInfo.DeviceFriendlyName.Count();
listItem.date = DateTime.Parse(ExtractDateFromDeviceInfo(deviceInfo));
dateString = CommomMethods.FormatDate(listItem.date);
listItem.dateString = dateString;
if (index == deviceList.Count - 1)
{
listItem.isVisible = false;
}
else
{
listItem.isVisible = true;
}
DeviceListBox.Items.Add(listItem);
}
}
async void PerformAuthentication()
{
ShowToastNotification("Performing Auth!");
//Get the selected device from app settings
var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;
String m_selectedDeviceId = localSettings.Values["SelectedDevice"] as String;
SecondaryAuthenticationFactorAuthenticationStageInfo authStageInfo = await SecondaryAuthenticationFactorAuthentication.GetAuthenticationStageInfoAsync();
if (authStageInfo.Stage != SecondaryAuthenticationFactorAuthenticationStage.CollectingCredential)
{
ShowToastNotification("Unexpected!");
throw new Exception("Unexpected!");
}
ShowToastNotification("Post Collecting Credential");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.AllUsers);
if (deviceList.Count == 0)
{
ShowToastNotification("Unexpected exception, device list = 0");
throw new Exception("Unexpected exception, device list = 0");
}
ShowToastNotification("Found companion devices");
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(0);
m_selectedDeviceId = deviceInfo.DeviceId;
ShowToastNotification("Device ID: " + m_selectedDeviceId);
//a nonce is an arbitrary number that may only be used once - a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
IBuffer svcNonce = CryptographicBuffer.GenerateRandom(32); //Generate a nonce and do a HMAC operation with the nonce
//In real world, you would need to take this nonce and send to companion device to perform an HMAC operation with it
//You will have only 20 second to get the HMAC from the companion device
SecondaryAuthenticationFactorAuthenticationResult authResult = await SecondaryAuthenticationFactorAuthentication.StartAuthenticationAsync(
m_selectedDeviceId, svcNonce);
if (authResult.Status != SecondaryAuthenticationFactorAuthenticationStatus.Started)
{
ShowToastNotification("Unexpected! Could not start authentication!");
throw new Exception("Unexpected! Could not start authentication!");
}
ShowToastNotification("Auth Started");
//
// WARNING: Test code
// The HAMC calculation SHOULD be done on companion device
//
byte[] combinedDataArray;
CryptographicBuffer.CopyToByteArray(authResult.Authentication.DeviceConfigurationData, out combinedDataArray);
byte[] deviceKeyArray = new byte[32];
byte[] authKeyArray = new byte[32];
for (int index = 0; index < deviceKeyArray.Length; index++)
{
deviceKeyArray[index] = combinedDataArray[index];
}
for (int index = 0; index < authKeyArray.Length; index++)
{
authKeyArray[index] = combinedDataArray[deviceKeyArray.Length + index];
}
// Create device key and authentication key
IBuffer deviceKey = CryptographicBuffer.CreateFromByteArray(deviceKeyArray);
IBuffer authKey = CryptographicBuffer.CreateFromByteArray(authKeyArray);
// Calculate the HMAC
MacAlgorithmProvider hMACSha256Provider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha256);
CryptographicKey deviceHmacKey = hMACSha256Provider.CreateKey(deviceKey);
IBuffer deviceHmac = CryptographicEngine.Sign(deviceHmacKey, authResult.Authentication.DeviceNonce);
// sessionHmac = HMAC(authKey, deviceHmac || sessionNonce)
IBuffer sessionHmac;
byte[] deviceHmacArray = { 0 };
CryptographicBuffer.CopyToByteArray(deviceHmac, out deviceHmacArray);
byte[] sessionNonceArray = { 0 };
CryptographicBuffer.CopyToByteArray(authResult.Authentication.SessionNonce, out sessionNonceArray);
combinedDataArray = new byte[deviceHmacArray.Length + sessionNonceArray.Length];
for (int index = 0; index < deviceHmacArray.Length; index++)
{
combinedDataArray[index] = deviceHmacArray[index];
}
for (int index = 0; index < sessionNonceArray.Length; index++)
{
combinedDataArray[deviceHmacArray.Length + index] = sessionNonceArray[index];
}
// Get a Ibuffer from combinedDataArray
IBuffer sessionMessage = CryptographicBuffer.CreateFromByteArray(combinedDataArray);
// Calculate sessionHmac
CryptographicKey authHmacKey = hMACSha256Provider.CreateKey(authKey);
sessionHmac = CryptographicEngine.Sign(authHmacKey, sessionMessage);
ShowToastNotification("Before finish auth");
SecondaryAuthenticationFactorFinishAuthenticationStatus authStatus = await authResult.Authentication.FinishAuthenticationAsync(deviceHmac,
sessionHmac);
if (authStatus != SecondaryAuthenticationFactorFinishAuthenticationStatus.Completed)
{
ShowToastNotification("Unable to complete authentication!");
throw new Exception("Unable to complete authentication!");
}
ShowToastNotification("Auth completed");
}
private async void RegisterDevice(string uid)
{
String deviceId = System.Guid.NewGuid().ToString();
//String deviceId = uid;
// WARNING: Test code
// These keys should be generated on the companion device
// Create device key and authentication key
IBuffer deviceKey = CryptographicBuffer.GenerateRandom(32);
IBuffer authKey = CryptographicBuffer.GenerateRandom(32);
//
// WARNING: Test code
// The keys SHOULD NOT be saved into device config data
//
byte[] deviceKeyArray = { 0 };
CryptographicBuffer.CopyToByteArray(deviceKey, out deviceKeyArray);
byte[] authKeyArray = { 0 };
CryptographicBuffer.CopyToByteArray(authKey, out authKeyArray);
//Generate combinedDataArray
int combinedDataArraySize = deviceKeyArray.Length + authKeyArray.Length;
byte[] combinedDataArray = new byte[combinedDataArraySize];
for (int index = 0; index < deviceKeyArray.Length; index++)
{
combinedDataArray[index] = deviceKeyArray[index];
}
for (int index = 0; index < authKeyArray.Length; index++)
{
combinedDataArray[deviceKeyArray.Length + index] = authKeyArray[index];
}
// Get a Ibuffer from combinedDataArray
IBuffer deviceConfigData = CryptographicBuffer.CreateFromByteArray(combinedDataArray);
//
// WARNING: Test code
// The friendly name and device model number SHOULD come from device
//
String deviceFriendlyName = "Test Simulator";
String deviceModelNumber = "Sample A1";
SecondaryAuthenticationFactorDeviceCapabilities capabilities = SecondaryAuthenticationFactorDeviceCapabilities.SecureStorage;
SecondaryAuthenticationFactorRegistrationResult registrationResult = await SecondaryAuthenticationFactorRegistration.RequestStartRegisteringDeviceAsync(deviceId,
capabilities,
deviceFriendlyName,
deviceModelNumber,
deviceKey,
authKey);
if (registrationResult.Status != SecondaryAuthenticationFactorRegistrationStatus.Started)
{
MessageDialog myDlg = null;
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.DisabledByPolicy)
{
//For DisaledByPolicy Exception:Ensure secondary auth is enabled.
//Use GPEdit.msc to update group policy to allow secondary auth
//Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Microsoft Secondary Authentication Factor\Allow Companion device for secondary authentication
myDlg = new MessageDialog("Disabled by Policy. Please update the policy and try again.");
}
if (registrationResult.Status == SecondaryAuthenticationFactorRegistrationStatus.PinSetupRequired)
{
//For PinSetupRequired Exception:Ensure PIN is setup on the device
//Either use gpedit.msc or set reg key
//This setting can be enabled by creating the AllowDomainPINLogon REG_DWORD value under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System Registry key and setting it to 1.
myDlg = new MessageDialog("Please setup PIN for your device and try again.");
}
if (myDlg != null)
{
await myDlg.ShowAsync();
return;
}
}
System.Diagnostics.Debug.WriteLine("Device Registration Started!");
await registrationResult.Registration.FinishRegisteringDeviceAsync(deviceConfigData);
//DeviceListBox.Items.Add(deviceId);
System.Diagnostics.Debug.WriteLine("Device Registration is Complete!");
IReadOnlyList <SecondaryAuthenticationFactorInfo> deviceList = await SecondaryAuthenticationFactorRegistration.FindAllRegisteredDeviceInfoAsync(
SecondaryAuthenticationFactorDeviceFindScope.User);
//RefreshDeviceList(deviceList);
var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;
for (int index = 0; index < deviceList.Count; ++index)
{
SecondaryAuthenticationFactorInfo deviceInfo = deviceList.ElementAt(index);
//Store the selected device in settings to be used in the BG task
localSettings.Values["SelectedDevice"] = uid;
}
DisplayTaskCreatedDialog("Device registration is complete!.");
RegisterTask();
}
