/// <summary> /// GetAllUserRegistrations method implementation /// </summary> internal static RegistrationList GetAllUserRegistrations(DataOrderObject order, bool enabledonly = false) { EnsureService(); return(RuntimeRepository.GetAllUserRegistrations(Config, order, enabledonly)); }
/// <summary> /// DisableUserRegistration method implementation /// </summary> internal static Registration DisableUserRegistration(Registration reg) { EnsureService(); return(RuntimeRepository.DisableUserRegistration(Config, reg)); }
/// <summary> /// GetUserRegistrations method implementation /// </summary> internal static RegistrationList GetUserRegistrations(DataFilterObject filter, DataOrderObject order, DataPagingObject paging) { EnsureService(); return(RuntimeRepository.GetUserRegistrations(Config, filter, order, paging)); }
/// <summary> /// AddUserRegistration method implementation /// </summary> internal static Registration AddUserRegistration(Registration reg, bool resetkey = true, bool canupdate = true, bool email = false) { EnsureService(); return(RuntimeRepository.AddUserRegistration(Config, reg, resetkey, canupdate, email)); }
/// <summary> /// DeleteUserRegistration method implementation /// </summary> internal static bool DeleteUserRegistration(Registration reg, bool dropkey = true) { EnsureService(); return(RuntimeRepository.DeleteUserRegistration(Config, reg, dropkey)); }
/// <summary> /// GetUserRegistration method implementation /// </summary> internal static Registration GetUserRegistration(string upn) { EnsureService(); return(RuntimeRepository.GetUserRegistration(Config, upn)); }
/// <summary> /// SetUserRegistration method implementation /// </summary> internal static Registration SetUserRegistration(Registration reg, bool resetkey = false, bool caninsert = true, bool email = false) { EnsureService(); return(RuntimeRepository.SetUserRegistration(Config, reg, resetkey, caninsert, email)); }
/// <summary> /// GetEncodedUserKey method implmentation /// </summary> internal static string NewUserKey(string upn) { EnsureService(); return(RuntimeRepository.NewUserKey(Config, upn)); }
/// <summary> /// GetUserRegistrationsCount method implementation /// </summary> internal static int GetUserRegistrationsCount(DataFilterObject filter) { EnsureService(); return(RuntimeRepository.GetMFAUsersCount(Config, filter)); }
/// <summary> /// DisableUserRegistration method implementation /// </summary> internal static MFAUser DisableUserRegistration(MFAUser reg) { EnsureService(); return(RuntimeRepository.DisableMFAUser(Config, reg)); }
/// <summary> /// SetLoginAssertionResult method implementation /// </summary> private int SetLoginAssertionResult(AuthenticationContext ctx, string jsonResponse) { try { string jsonOptions = ctx.AssertionOptions; if (string.IsNullOrEmpty(jsonOptions)) { throw new ArgumentNullException(jsonOptions); } if (string.IsNullOrEmpty(jsonResponse)) { throw new ArgumentNullException(jsonResponse); } MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN); if (user != null) { AssertionOptions options = AssertionOptions.FromJson(jsonOptions); AuthenticatorAssertionRawResponse clientResponse = JsonConvert.DeserializeObject <AuthenticatorAssertionRawResponse>(jsonResponse); // AuthData Flags byte flag = clientResponse.Response.AuthenticatorData[32]; var userpresent = (flag & (1 << 0)) != 0; var userverified = (flag & (1 << 2)) != 0; var attestedcred = (flag & (1 << 6)) != 0; var hasextenddata = (flag & (1 << 7)) != 0; MFAUserCredential creds = RuntimeRepository.GetCredentialById(Config, user, clientResponse.Id); if (creds == null) { throw new Exception("Unknown credentials"); } uint storedCounter = creds.SignatureCounter; bool callback(IsUserHandleOwnerOfCredentialIdParams args) { var storedCreds = RuntimeRepository.GetCredentialsByUserHandle(Config, user, args.UserHandle); return(storedCreds.Exists(c => c.Descriptor.Id.SequenceEqual(args.CredentialId))); } AssertionVerificationResult res = _webathn.SetAssertionResult(clientResponse, options, creds.PublicKey, storedCounter, callback); RuntimeRepository.UpdateCounter(Config, user, res.CredentialId, res.Counter); if (!userpresent || !userverified) { switch (creds.CredType) { case "none": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.None)); break; case "android-key": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.AndroidKey)); break; case "android-safetynet": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.AndroidSafetyNet)); break; case "fido-u2f": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Fido2U2f)); break; case "packed": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Packed)); break; case "tpm": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.TPM)); break; case "apple": ctx.PinRequirements = (this.PinRequirements.HasFlag(WebAuthNPinRequirements.Apple)); break; default: ctx.PinRequirements = false; break; } } else { ctx.PinRequirements = false; } return((int)AuthenticationResponseKind.Biometrics); } else { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), System.Diagnostics.EventLogEntryType.Error, 5000); return((int)AuthenticationResponseKind.Error); } } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000); return((int)AuthenticationResponseKind.Error); } }
/// <summary> /// GetRegisterCredentialOptions method implementation /// </summary> private string GetRegisterCredentialOptions(AuthenticationContext ctx) { try { if (string.IsNullOrEmpty(ctx.UPN)) { throw new ArgumentNullException(ctx.UPN); } string attType = this.ConveyancePreference; // none, direct, indirect string authType = this.Attachement; // <empty>, platform, cross-platform string userVerification = this.UserVerificationRequirement; // preferred, required, discouraged bool requireResidentKey = this.RequireResidentKey; // true,false MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN); if (user != null) { List <MFAPublicKeyCredentialDescriptor> existingKeys = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList(); // 3. Create options AuthenticatorSelection authenticatorSelection = new AuthenticatorSelection { RequireResidentKey = requireResidentKey, UserVerification = userVerification.ToEnum <UserVerificationRequirement>() }; if (!string.IsNullOrEmpty(authType)) { authenticatorSelection.AuthenticatorAttachment = authType.ToEnum <AuthenticatorAttachment>(); } AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs() { Extensions = this.Extentions, UserVerificationIndex = this.UserVerificationIndex, Location = this.Location, UserVerificationMethod = this.UserVerificationMethod, BiometricAuthenticatorPerformanceBounds = new AuthenticatorBiometricPerfBounds { FAR = float.MaxValue, FRR = float.MaxValue } }; RegisterCredentialOptions options = _webathn.GetRegisterCredentialOptions(user.ToCore(), existingKeys.ToCore(), authenticatorSelection, attType.ToEnum <AttestationConveyancePreference>(), exts); string result = options.ToJson(); ctx.CredentialOptions = result; return(result); } else { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), System.Diagnostics.EventLogEntryType.Error, 5000); return((new RegisterCredentialOptions { Status = "error", ErrorMessage = string.Format("{0}", "User does not exists !") }).ToJson()); } } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000); return((new RegisterCredentialOptions { Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "") }).ToJson()); } }