public RawAuthenticatorMakeCredentialOptions(AuthenticatorMakeCredentialOptions makeOptions)
{
ExcludeCredentialsList = new RawCredentialsList(makeOptions.ExcludeCredentials);
if (makeOptions.ExcludeCredentialsEx?.Count > 0)
{
_excludeCredentialsExList = new RawCredentialExList(makeOptions.ExcludeCredentialsEx);
ExcludeCredentialsExListPtr = Marshal.AllocHGlobal(Marshal.SizeOf<RawCredentialExList>());
Marshal.StructureToPtr(_excludeCredentialsExList, ExcludeCredentialsExListPtr, false);
}
CancellationId = IntPtr.Zero;
if (makeOptions.CancellationId.HasValue)
{
CancellationId = Marshal.AllocHGlobal(Marshal.SizeOf<Guid>());
Marshal.StructureToPtr(makeOptions.CancellationId.Value, CancellationId, false);
}
TimeoutMilliseconds = makeOptions.TimeoutMilliseconds;
AuthenticatorAttachment = makeOptions.AuthenticatorAttachment;
UserVerificationRequirement = makeOptions.UserVerificationRequirement;
AttestationConveyancePreference = makeOptions.AttestationConveyancePreference;
RequireResidentKey = makeOptions.RequireResidentKey;
Extensions = new RawWebauthnExtensions { Count = 0, Extensions = IntPtr.Zero }; //TODO
}
public RawAuthenticatorGetAssertionOptions(AuthenticatorGetAssertionOptions getOptions)
{
AllowCredentialsList = new RawCredentialsList(getOptions.AllowedCredentials);
if (getOptions.AllowedCredentialsEx?.Count > 0)
{
_allowedCredentialsExList = new RawCredentialExList(getOptions.AllowedCredentialsEx);
AllowCredentialsExListPtr = Marshal.AllocHGlobal(Marshal.SizeOf <RawCredentialExList>());
Marshal.StructureToPtr(_allowedCredentialsExList, AllowCredentialsExListPtr, false);
}
CancellationId = IntPtr.Zero;
if (getOptions.CancellationId.HasValue)
{
CancellationId = Marshal.AllocHGlobal(Marshal.SizeOf <Guid>());
Marshal.StructureToPtr(getOptions.CancellationId.Value, CancellationId, false);
}
U2fAppId = getOptions.U2fAppId;
U2fAppIdUsedBoolPtr = Marshal.AllocHGlobal(Marshal.SizeOf <bool>());
TimeoutMilliseconds = getOptions.TimeoutMilliseconds;
AuthenticatorAttachment = getOptions.AuthenticatorAttachment;
UserVerificationRequirement = getOptions.UserVerificationRequirement;
Extensions = new RawWebauthnExtensions {
Count = 0, Extensions = IntPtr.Zero
}; //TODO
}
public JsonResult MakeCredentialOptions([FromForm] string username, [FromForm] string attType, [FromForm] string authType, [FromForm] bool requireResidentKey, [FromForm] string userVerification)
{
try
{
// 1. Get user from DB by username (in our example, auto create missing users)
var user = DemoStorage.GetOrAddUser(username, () => new User
{
DisplayName = "Display " + username,
Name = username,
Id = Encoding.UTF8.GetBytes(username) // byte representation of userID is required
});
// 2. Get user existing keys by username
List <PublicKeyCredentialDescriptor> existingKeys = DemoStorage.GetCredentialsByUser(user).Select(c => c.Descriptor).ToList();
// 3. Create options
var authenticatorSelection = new AuthenticatorSelection
{
AuthenticatorAttachment = !string.IsNullOrEmpty(authType) ? AuthenticatorAttachment.Parse(authType) : null,
RequireResidentKey = requireResidentKey,
UserVerification = UserVerificationRequirement.Parse(userVerification)
};
var options = _lib.RequestNewCredential(user, existingKeys, authenticatorSelection, AttestationConveyancePreference.Parse(attType));
// 4. Temporarily store options, session/in-memory cache/redis/db
HttpContext.Session.SetString("fido2.attestationOptions", options.ToJson());
// 5. return options to client
return(Json(options));
}
catch (Exception e)
{
return(Json(new CredentialCreateOptions {
Status = "error", ErrorMessage = FormatException(e)
}));
}
}
public InitiateAuthenticatorDeviceEnrollmentCommand(AuthenticatorAttachment authenticatorAttachment)
{
this.AuthenticatorAttachment = authenticatorAttachment;
}
/// <summary>
/// Create on database the new FIDO2 Key for the user.
/// </summary>
public async Task CreateFido2Key(Guid userId, string name, string credentialId, string publicKey, long signatureCounter, PublicKeyCredentialType credentialType, AuthenticatorAttachment authenticatorType, string transports)
{
using (var connection = new SqlConnection(ConnectionString))
{
await connection.ExecuteAsync(
$"[{Schema}].[Fido2Key_Create]",
new
{
Id = CoreHelpers.GenerateComb(),
UserId = userId,
Name = name,
CredentialId = credentialId,
PublicKey = publicKey,
SignatureCounter = signatureCounter,
CredentialType = credentialType,
AuthenticatorType = authenticatorType,
Transports = transports,
CreationDate = DateTime.UtcNow
},
commandType : CommandType.StoredProcedure);
}
}
