public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, FidoAuthenticateResponse authResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { authResponse.Validate(); var clientData = authResponse.ClientData; ExpectClientDataType(clientData, AuthenticateType); if (clientData.Challenge != startedAuthentication.Challenge) { throw new InvalidOperationException("Incorrect challenge signed in client data"); } ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin)); var signatureData = authResponse.SignatureData; VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration); deviceRegistration.UpdateCounter(signatureData.Counter); return(signatureData.Counter); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, string rawAuthResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse); return(FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds)); }
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model) { if (App.CurrentUser == null) { return(BadRequest(new { error = "You must login.", code = 401 })); } if (model == null || string.IsNullOrEmpty(model.KeyHandle)) { return(BadRequest(new { error = "Invalid device id.", code = 400 })); } var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle)); if (device == null) { return(BadRequest(new { error = "Device not found.", code = 400 })); } var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); if (deviceRegistration == null) { return(BadRequest(new { error = "Unknown key handle.", code = 400 })); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var facetIds = new List <FidoFacetId> { new FidoFacetId(AppId.ToString()) }; var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds); deviceRegistration.Counter = counter; device.Usage++; return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") })); }
public ActionResult Login(LoginDeviceViewModel model) { model = model ?? new LoginDeviceViewModel(); try { if (!String.IsNullOrEmpty(model.RawAuthenticationResponse)) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle); return(View(new LoginDeviceViewModel())); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(appId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains()); // save the counter somewhere, the device registration of the next authentication should use this updated counter //deviceRegistration.Counter = counter; return(RedirectToAction("LoginSuccess")); } } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return(View(model)); }