/// <summary>
/// 请求注册用户
/// </summary>
/// <returns></returns>
public static async Task <AuthenticatorState> RegisterUserAsync()
{
if (await CheckSupportAsync().ConfigureAwait(false))
{
KeyCredentialRetrievalResult CredentiaResult = await KeyCredentialManager.RequestCreateAsync(CredentialName, KeyCredentialCreationOption.ReplaceExisting);
switch (CredentiaResult.Status)
{
case KeyCredentialStatus.Success:
{
string PublicKey = CryptographicBuffer.EncodeToHexString(CredentiaResult.Credential.RetrievePublicKey());
ApplicationData.Current.LocalSettings.Values["WindowsHelloPublicKeyForUser"] = PublicKey;
return(AuthenticatorState.RegisterSuccess);
}
case KeyCredentialStatus.UserCanceled:
{
return(AuthenticatorState.UserCanceled);
}
default:
{
return(AuthenticatorState.UnknownError);
}
}
}
else
{
return(AuthenticatorState.WindowsHelloUnsupport);
}
}
public AccountController(AppUserManager userManager, KeyCredentialManager keyManager, AppIdentityDbContext context, FidoMetadataService metadataService, ILogger <AccountController> logger)
{
_userManager = userManager;
_keyManager = keyManager;
_metadataService = metadataService;
_logger = logger;
}
private async Task <IBuffer> CreatePassportKeyCredentialAsync()
{
// Create a new KeyCredential for the user on the device.
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(userId, KeyCredentialCreationOption.ReplaceExisting);
if (keyCreationResult.Status == KeyCredentialStatus.Success)
{
// User has autheniticated with Windows Hello and the key credential is created.
KeyCredential userKey = keyCreationResult.Credential;
return(userKey.RetrievePublicKey());
}
else if (keyCreationResult.Status == KeyCredentialStatus.NotFound)
{
MessageDialog message = new MessageDialog("To proceed, Windows Hello needs to be configured in Windows Settings (Accounts -> Sign-in options)");
await message.ShowAsync();
return(null);
}
else if (keyCreationResult.Status == KeyCredentialStatus.UnknownError)
{
MessageDialog message = new MessageDialog("The key credential could not be created. Please try again.");
await message.ShowAsync();
return(null);
}
return(null);
}
/// <summary>
/// Decrypts the user's profile and logs in
/// </summary>
/// <returns></returns>
private async Task EnterProfile(ProfileModel profile, string passphrase)
{
try
{
// Check the profile and determine if the passphrase is correct
await KryptPadApi.LoadProfileAsync(profile.Profile, passphrase);
// Success, tell the app we are signed in
(App.Current as App).SignInStatus = SignInStatus.SignedInWithProfile;
// Check if Windows hellow is supported and save the passphrase
var supported = await KeyCredentialManager.IsSupportedAsync();
if (supported && SavePassphraseEnabled)
{
// Prompt to save profile passphrase if Windows Hello is enabled
StorePassphrase(profile.Id.ToString(), passphrase);
}
// When a profile is selected, navigate to main page
NavigationHelper.Navigate(typeof(ItemsPage), null, NavigationHelper.NavigationType.Main);
}
catch (WebException)
{
// Something went wrong in the api
await DialogHelper.ShowMessageDialogAsync(ResourceHelper.GetString("UnlockProfileFailed"));
}
catch (Exception ex)
{
// Failed
await DialogHelper.ShowGenericErrorDialogAsync(ex);
}
}
public static async Task <bool> TryDeleteCredentialAccountAsync(string userId)
{
bool deleted = false;
try
{
await KeyCredentialManager.DeleteAsync(userId);
deleted = true;
}
catch (Exception ex)
{
switch (ex.HResult)
{
case NTE_NO_KEY:
// Key is already deleted. Ignore this error.
break;
case NTE_PERM:
// Access is denied. Ignore this error. We tried our best.
break;
default:
throw;
}
}
return(deleted);
}
public static async Task <bool> UnlinkAccount(string userId)
{
var retrieveResult = await KeyCredentialManager.OpenAsync(userId);
if (retrieveResult.Status != KeyCredentialStatus.Success)
{
return(false);
}
KeyCredential userCredential = retrieveResult.Credential;
string publicKeyHint = CalculatePublicKeyHint(userCredential.RetrievePublicKey());
var unlinkResult = await PlayFab.PlayFabClientAPI.UnlinkWindowsHelloAsync(new UnlinkWindowsHelloAccountRequest
{
PublicKeyHint = publicKeyHint
});
if (unlinkResult.Error != null)
{
MessageDialog message = new MessageDialog($"Error while un-linking: {unlinkResult.Error.Error} {unlinkResult.Error.ErrorMessage}");
await message.ShowAsync();
}
return(unlinkResult.Error == null);
}
/// <summary>
/// Check if a ms passport account exists
/// </summary>
/// <exception cref="UserCancelledException"></exception>
/// <exception cref="UserPrefersPasswordException"></exception>
/// <exception cref="UnknownException"></exception>
/// <exception cref="AggregateException"></exception>
/// <param name="accountId">The id of the account to check</param>
/// <returns>true if the account exists</returns>
public static bool PassportAccountExists(string accountId)
{
// Try to get the account
Task <KeyCredentialRetrievalResult> task = Task.Run(async() => await KeyCredentialManager.OpenAsync(accountId));
// Check the result
switch (task.Result.Status)
{
case KeyCredentialStatus.Success:
// The account was found
return(true);
case KeyCredentialStatus.NotFound:
// The account was not found
return(false);
case KeyCredentialStatus.UserCanceled:
// The operation was cancelled by the user
throw new UserCancelledException();
case KeyCredentialStatus.UserPrefersPassword:
// The user prefers a password
throw new UserPrefersPasswordException();
default:
// An unknwon error occurred
throw new UnknownException();
}
}
/// <summary>
/// Creates a Passport key on the machine using the _account id passed.
/// </summary>
/// <param name="accountId">The _account id associated with the _account that we are enrolling into Passport</param>
/// <returns>Boolean representing if creating the Passport key succeeded</returns>
public static async Task <bool> CreatePassportKeyAsync(string accountId)
{
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(accountId, KeyCredentialCreationOption.ReplaceExisting);
switch (keyCreationResult.Status)
{
case KeyCredentialStatus.Success:
// In the real world authentication would take place on a server.
// So every time a user migrates or creates a new Microsoft Passport account Passport details should be pushed to the server.
// The details that would be pushed to the server include:
// The public key, keyAttesation if available,
// certificate chain for attestation endorsement key if available,
// status code of key attestation result: keyAttestationIncluded or
// keyAttestationCanBeRetrievedLater and keyAttestationRetryType
// As this sample has no concept of a server it will be skipped for now
// for information on how to do this refer to the second Passport sample
//For this sample just return true
return(true);
case KeyCredentialStatus.UserCanceled:
//Debug.WriteLine("User cancelled sign-in process.");
break;
case KeyCredentialStatus.NotFound:
// User needs to setup Microsoft Passport
//Debug.WriteLine("Microsoft Passport is not setup!\nPlease go to Windows Settings and set up a PIN to use it.");
break;
default:
break;
}
return(false);
}
public async ValueTask <bool> IsSupportedAsync()
{
// https://docs.microsoft.com/zh-cn/windows/uwp/security/microsoft-passport#3-implementing-windows-hello
var keyCredentialAvailable = await KeyCredentialManager.IsSupportedAsync();
return(keyCredentialAvailable);
}
private async void tryToCloseWinHello()
{
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync("WinHello", KeyCredentialCreationOption.ReplaceExisting);
var resourceLoader = Windows.ApplicationModel.Resources.ResourceLoader.GetForCurrentView();
if (keyCreationResult.Status == KeyCredentialStatus.Success)
{
Password.winHelloStatus = false;
LockButton.IsEnabled = false;
Password.WriteWinHelloData();
}
else if (keyCreationResult.Status == KeyCredentialStatus.NotFound)
{
Password.winHelloStatus = true;
WHToggle.IsOn = true;
MessageDialog message = new MessageDialog(resourceLoader.GetString("WHError1"));
await message.ShowAsync();
}
else if (keyCreationResult.Status == KeyCredentialStatus.UnknownError)
{
Password.winHelloStatus = true;
WHToggle.IsOn = true;
MessageDialog message = new MessageDialog(resourceLoader.GetString("WHError2"));
await message.ShowAsync();
}
else
{
Password.winHelloStatus = true;
WHToggle.IsOn = true;
}
}
public static async Task <bool> Login()
{
var result = await KeyCredentialManager.IsSupportedAsync();
String message;
if (result)
{
var authenticationResult = await KeyCredentialManager.RequestCreateAsync("login", KeyCredentialCreationOption.ReplaceExisting);
if (authenticationResult.Status == KeyCredentialStatus.Success)
{
message = "User is logged in";
}
else
{
message = "Login error: " + authenticationResult.Status;
}
}
else
{
message = "Windows Hello is not enabled for this device.";
}
String imagePath = Windows.ApplicationModel.Package.Current.InstalledLocation.Path;
String xml = "<toast><visual><binding template='ToastGeneric'><text hint-maxLines='1'>" + message + "</text></binding></visual></toast>";
Toast.CreateToast(xml);
return(result);
}
static private async Task <bool> TryDeleteCredentialAccountAsync(string userName)
{
try
{
AppSettings.Current.WindowsHelloPublicKeyHint = null;
await KeyCredentialManager.DeleteAsync(userName);
return(true);
}
catch (Exception ex)
{
switch (ex.HResult)
{
case NTE_NO_KEY:
// Key is already deleted. Ignore this error.
break;
case NTE_PERM:
// Access is denied. Ignore this error. We tried our best.
break;
default:
System.Diagnostics.Debug.WriteLine(ex.Message);
break;
}
}
return(false);
}
public static async Task <bool> CreatePassportKeyAsync(Guid userId, string username)
{
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(username, KeyCredentialCreationOption.ReplaceExisting);
switch (keyCreationResult.Status)
{
case KeyCredentialStatus.Success:
Debug.WriteLine("Successfully made key");
await GetKeyAttestationAsync(userId, keyCreationResult);
return(true);
case KeyCredentialStatus.UserCanceled:
Debug.WriteLine("User cancelled sign-in process.");
break;
case KeyCredentialStatus.NotFound:
// User needs to setup Windows Hello
Debug.WriteLine("Windows Hello is not setup!\nPlease go to Windows Settings and set up a PIN to use it.");
break;
default:
break;
}
return(false);
}
public const int ERR_CREAT_KEY_EXISTS = 170; // Avoid reserved exit codes of UNIX
static async Task <(int err, string pubKey)> CreatePublicKey(string key_name)
{
int err;
var createRes = await KeyCredentialManager.RequestCreateAsync(key_name, KeyCredentialCreationOption.FailIfExists);
IBuffer pubKey;
if (createRes.Status == KeyCredentialStatus.CredentialAlreadyExists)
{
var existing = await KeyCredentialManager.OpenAsync(key_name);
if (existing.Status != KeyCredentialStatus.Success)
{
return(ERR_CREAT_FAIL, null);
}
err = ERR_CREAT_KEY_EXISTS;
pubKey = existing.Credential.RetrievePublicKey();
}
else if (createRes.Status != KeyCredentialStatus.Success)
{
return(ERR_CREAT_FAIL, null);
}
else
{
err = 0;
pubKey = createRes.Credential.RetrievePublicKey();
}
var pem = String.Format("-----BEGIN PUBLIC KEY-----\n{0}\n-----END PUBLIC KEY-----\n", CryptographicBuffer.EncodeToBase64String(pubKey));
return(err, pem);
}
static async Task <(int err, byte[] sig)> VerifyUser(string key_name, string contentToSign)
{
if (await KeyCredentialManager.IsSupportedAsync() == false)
{
await(new MessageDialog("KeyCredentialManager not supported")).ShowAsync();
return(ERR_VERIFY_HELLO_NOT_SUPPORTED, null);
}
var key = await KeyCredentialManager.OpenAsync(key_name);
if (key.Status != KeyCredentialStatus.Success)
{
return(CredentialStatusToExitCode(key.Status), null);
}
var buf = CryptographicBuffer.ConvertStringToBinary(contentToSign, BinaryStringEncoding.Utf8);
var signRes = await key.Credential.RequestSignAsync(buf);
if (signRes.Status != KeyCredentialStatus.Success)
{
return(CredentialStatusToExitCode(key.Status), null);
}
byte[] sig;
CryptographicBuffer.CopyToByteArray(signRes.Result, out sig);
return(0, sig);
}
private async void EmailProtectionSwitch_Toggled(object sender, RoutedEventArgs e)
{
if (EmailProtectionSwitch.IsOn)
{
if (await KeyCredentialManager.IsSupportedAsync())
{
ApplicationData.Current.LocalSettings.Values["EmailProtectionMode"] = true;
}
else
{
EmailProtectionSwitch.IsOn = false;
ApplicationData.Current.LocalSettings.Values["EmailProtectionMode"] = false;
ContentDialog dialog = new ContentDialog
{
Title = "警告",
Content = " 由于Windows Hello尚未设置,无法启用Windows Hello验证\r\r 请先设置Windows Hello后再试",
PrimaryButtonText = "前往",
CloseButtonText = "取消",
Background = Application.Current.Resources["DialogAcrylicBrush"] as Brush
};
dialog.PrimaryButtonClick += async(s, t) =>
{
await Launcher.LaunchUriAsync(new Uri("ms-settings:signinoptions"));
};
_ = await dialog.ShowAsync();
}
}
else
{
ApplicationData.Current.LocalSettings.Values["EmailProtectionMode"] = false;
}
}
public async Task <Result> SignInWithWindowsHelloAsync()
{
string userName = AppSettings.Current.UserName;
if (IsWindowsHelloEnabled(userName))
{
var retrieveResult = await KeyCredentialManager.OpenAsync(userName);
if (retrieveResult.Status == KeyCredentialStatus.Success)
{
var credential = retrieveResult.Credential;
var challengeBuffer = CryptographicBuffer.DecodeFromBase64String("challenge");
var result = await credential.RequestSignAsync(challengeBuffer);
if (result.Status == KeyCredentialStatus.Success)
{
UpdateAuthenticationStatus(true);
return(Result.Ok());
}
return(Result.Error("Windows Hello", $"Cannot sign in with Windows Hello: {result.Status}"));
}
return(Result.Error("Windows Hello", $"Cannot sign in with Windows Hello: {retrieveResult.Status}"));
}
return(Result.Error("Windows Hello", "Windows Hello is not enabled for current user."));
}
/// <summary>
/// Create a passport key
/// </summary>
/// <exception cref="UserCancelledException"></exception>
/// <exception cref="MissingPinException"></exception>
/// <exception cref="UserPrefersPasswordException"></exception>
/// <exception cref="UnknownException"></exception>
/// <exception cref="AggregateException"></exception>
/// <param name="accountId">The account id</param>
public static void CreatePassportKey(string accountId)
{
// Run KeyCredentialManager.RequestCreateAsync to create the account.
// Overwrites any existing accounts
Task <KeyCredentialRetrievalResult> task = Task.Run(async() =>
await KeyCredentialManager.RequestCreateAsync(accountId, KeyCredentialCreationOption.ReplaceExisting));
// Check the KeyCredentialRetrievalResult status
switch (task.Result.Status)
{
case KeyCredentialStatus.Success:
// The operation was successful
return;
case KeyCredentialStatus.UserCanceled:
// User cancelled the Passport enrollment process
throw new UserCancelledException();
case KeyCredentialStatus.NotFound:
// User needs to create PIN
throw new MissingPinException();
case KeyCredentialStatus.UserPrefersPassword:
// The user prefers a password
throw new UserPrefersPasswordException();
default:
// An unknown error occurred
throw new UnknownException();
}
}
private async void SignInWithPassword()
{
// Perform traditional standard authentication here.
// Our sample accepts any userid and password.
// Next, see if we can offer to switch to Windows Hello sign-in.
// Check if the device is capable of provisioning Microsoft Passport key credentials and
// the user has set up Windows Hello with a PIN on the device.
if (await KeyCredentialManager.IsSupportedAsync())
{
// Navigate to Enable Hello Page, passing the account ID (username) as a parameter
string accountID = UserNameTextBox.Text;
Frame.Navigate(typeof(EnableHelloPage), accountID);
}
else
{
// Windows Hello is not available, so go directly to the signed-in state.
// For the purpose of this sample, we will display a message to indicate
// that this code path has been reached.
MessageDialog message = new MessageDialog("Sample note: Windows Hello is not set up");
await message.ShowAsync();
return;
}
}
public AuthController(IIdentityServerInteractionService identity, AppUserManager userManager, SignInManager <AppUser> signInManager, KeyCredentialManager keyManager, ILogger <AuthController> logger)
{
_identity = identity;
_userManager = userManager;
_signInManager = signInManager;
_keyManager = keyManager;
_logger = logger;
}
private async void Hello_Click(object sender, RoutedEventArgs e)
{
var keyCredentialAvailable = await KeyCredentialManager.IsSupportedAsync();
var result = await KeyCredentialManager.RequestCreateAsync(Viewmodel.Username, KeyCredentialCreationOption.ReplaceExisting);
//return public key, Attestation and Username to ASB for backend storage. Visit: https://docs.microsoft.com/en-us/windows/uwp/security/microsoft-passport for more info
Result.TrySetResult(true);
}
public static async Task <bool> MicrosoftPassportAvailableCheckasync()
{
bool keyCredentialAvailable = await KeyCredentialManager.IsSupportedAsync();
if (keyCredentialAvailable == false)
{
Debug.WriteLine("device is not setup go to setting and setup");
}
return(false);
}
public static async Task <bool> MicrosoftPassportAvailableCheckAsync()
{
bool keyCredentialAvailable = await KeyCredentialManager.IsSupportedAsync();
if (keyCredentialAvailable == false)
{
Debug.WriteLine("Microsoft Passport is not setup!\nPlease go to Windows Settings and set up a PIN to use it.");
return(false);
}
return(true);
}
/// <summary>
/// Requests the deletion of a Microsoft Key credential.
/// </summary>
/// <param name="credentialName">Name of the credential to be deleted.</param>
internal static async void DeleteCredential(string credentialName)
{
try
{
await KeyCredentialManager.DeleteAsync(credentialName);
}
catch (Exception ev)
{
MessageService.ShowWarning("Credential not deleted: " + ev.Message);
//Debug.Write("Expected exception: " + ev.Message);
}
}
private async Task <bool> SignInWithHelloAsync()
{
LookupUser();
// Open the existing user key credential.
KeyCredentialRetrievalResult retrieveResult = await KeyCredentialManager.OpenAsync(userId);
if (retrieveResult.Status != KeyCredentialStatus.Success)
{
return(false);
}
KeyCredential userCredential = retrieveResult.Credential;
// Request a challenge from the server.
JsonValue jsonChallenge = await JsonRequest.Create()
.AddString("userId", userId)
.AddString("publicKeyHint", publicKeyHint)
.PostAsync("api/Authentication/RequestChallenge");
if (jsonChallenge == null)
{
return(false);
}
// Sign the challenge using the user's KeyCredential.
IBuffer challengeBuffer = CryptographicBuffer.DecodeFromBase64String(jsonChallenge.GetString());
KeyCredentialOperationResult opResult = await userCredential.RequestSignAsync(challengeBuffer);
if (opResult.Status != KeyCredentialStatus.Success)
{
return(false);
}
// Get the signature.
IBuffer signatureBuffer = opResult.Result;
// Send the signature back to the server to confirm our identity.
// The publicKeyHint tells the server which public key to use to verify the signature.
JsonValue jsonResult = await JsonRequest.Create()
.AddString("userId", userId)
.AddString("publicKeyHint", publicKeyHint)
.AddString("signature", CryptographicBuffer.EncodeToBase64String(signatureBuffer))
.PostAsync("api/Authentication/SubmitResponse");
if (jsonResult == null)
{
return(false);
}
return(jsonResult.GetBoolean());
}
/// <summary>
/// Creates a Passport key on the machine using the _account id passed.
/// </summary>
/// <param name="accountId">The _account id associated with the _account that we are enrolling into Passport</param>
/// <returns>Boolean representing if creating the Passport key succeeded</returns>
public static async Task <bool> CreatePassportKeyAsync(Guid userId, string username)
{
Debug.WriteLine("Before calling KeyCredentialManager.RequestCreateAsync");
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync(username, KeyCredentialCreationOption.ReplaceExisting);
Debug.WriteLine("After calling KeyCredentialManager.RequestCreateAsync");
switch (keyCreationResult.Status)
{
case KeyCredentialStatus.Success:
Debug.WriteLine("Successfully made key");
// In the real world authentication would take place on a server.
// So every time a user migrates or creates a new Microsoft Passport account Passport details should be pushed to the server.
// The details that would be pushed to the server include:
// The public key, keyAttesation if available,
// certificate chain for attestation endorsement key if available,
// status code of key attestation result: keyAttestationIncluded or
// keyAttestationCanBeRetrievedLater and keyAttestationRetryType
// As this sample has no concept of a server it will be skipped for now
// for information on how to do this refer to the second Passport sample
//For this sample just return true
await GetKeyAttestationAsync(userId, keyCreationResult);
return(true);
case KeyCredentialStatus.UserCanceled:
Debug.WriteLine("User cancelled sign-in process.");
break;
case KeyCredentialStatus.NotFound:
// User needs to setup Microsoft Passport
Debug.WriteLine("Microsoft Passport is not setup!\nPlease go to Windows Settings and set up a PIN to use it.");
break;
case KeyCredentialStatus.CredentialAlreadyExists:
Debug.WriteLine("Credential already exists!");
break;
case KeyCredentialStatus.UnknownError:
Debug.WriteLine("Unknown error generating credentials key");
break;
default:
Debug.WriteLine("Some error making the credentials key!");
break;
}
return(false);
}
private async Task <IBuffer> GetPassportAuthenticationMessage(IBuffer message, string accountId)
{
KeyCredentialRetrievalResult openKeyResult = await KeyCredentialManager.OpenAsync(accountId);
if (openKeyResult.Status == KeyCredentialStatus.Success)
{
KeyCredential userKey = openKeyResult.Credential;
IBuffer publicKey = userKey.RetrievePublicKey();
KeyCredentialOperationResult signResult = await userKey.RequestSignAsync(message);
if (signResult.Status == KeyCredentialStatus.Success)
{
return(signResult.Result);
}
else if (signResult.Status == KeyCredentialStatus.UserCanceled)
{
// User cancelled the Passport PIN entry.
//
// We will return null below this and the username/password
// sign in form will show.
}
else if (signResult.Status == KeyCredentialStatus.NotFound)
{
// Must recreate Passport key
}
else if (signResult.Status == KeyCredentialStatus.SecurityDeviceLocked)
{
// Can't use Passport right now, remember that hardware failed and suggest restart
}
else if (signResult.Status == KeyCredentialStatus.UnknownError)
{
// Can't use Passport right now, try again later
}
return(null);
}
else if (openKeyResult.Status == KeyCredentialStatus.NotFound)
{
// Passport key lost, need to recreate it
//textblock_PassportStatusText.Text = "Microsoft Passport is almost ready!\nPlease go to Windows Settings and set up a PIN to use it.";
//grid_PassportStatus.Background = new SolidColorBrush(Color.FromArgb(255, 50, 170, 207));
//button_PassportSignIn.IsEnabled = false;
m_passportAvailable = false;
}
else
{
// Can't use Passport right now, try again later
}
return(null);
}
public static async Task <bool> testPassportAvailable()
{
bool x = await KeyCredentialManager.IsSupportedAsync();
if (x == true)
{
return(true);
}
else
{
return(false);
}
}
private async void button1_ClickAsync(object sender, EventArgs e)
{
userId = UserName.Text;
if (await KeyCredentialManager.IsSupportedAsync())
{
// Navigate to Enable Hello Page, passing the account ID (username) as a parameter
MessageBox.Show("Support Windows Hello");
await StartUsingWindowsHello();
}
else
{
}
}
public static async Task <bool> CreatePassportKeyAsync()
{
KeyCredentialRetrievalResult keyCreationResult = await KeyCredentialManager.RequestCreateAsync("temp", KeyCredentialCreationOption.ReplaceExisting);
if (keyCreationResult.Status == KeyCredentialStatus.Success)
{
return(true);
}
else
{
return(false);
}
}
