/// <summary>
/// GetUserStoredCredentials method implementation
/// </summary>
public List <WebAuthNCredentialInformation> GetUserStoredCredentials(AuthenticationContext ctx)
{
List <WebAuthNCredentialInformation> wcreds = new List <WebAuthNCredentialInformation>();
var user = RuntimeRepository.GetUser(Config, ctx.UPN);
List <MFAUserCredential> creds = RuntimeRepository.GetCredentialsByUser(Config, user);
if (creds.Count == 0)
{
return(wcreds);
}
foreach (MFAUserCredential st in creds)
{
WebAuthNCredentialInformation itm = new WebAuthNCredentialInformation()
{
CredentialID = HexaEncoding.GetHexStringFromByteArray(st.Descriptor.Id),
AaGuid = st.AaGuid,
CredType = st.CredType,
RegDate = st.RegDate,
SignatureCounter = st.SignatureCounter
};
if (st.Descriptor.Type != null)
{
itm.Type = EnumExtensions.ToEnumMemberValue(st.Descriptor.Type.Value);
}
wcreds.Add(itm);
}
return(wcreds.OrderByDescending(c => c.RegDate).ToList <WebAuthNCredentialInformation>());
}
/// <summary>
/// GetLoginAssertionsOptions method implementation
/// </summary>
private string GetLoginAssertionsOptions(AuthenticationContext ctx)
{
try
{
List <MFAPublicKeyCredentialDescriptor> existingCredentials = new List <MFAPublicKeyCredentialDescriptor>();
if (!string.IsNullOrEmpty(ctx.UPN))
{
var user = RuntimeRepository.GetUser(Config, ctx.UPN);
if (user == null)
{
throw new ArgumentException("Username was not registered");
}
existingCredentials = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList();
}
AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs()
{
SimpleTransactionAuthorization = "FIDO",
GenericTransactionAuthorization = new TxAuthGenericArg
{
ContentType = "text/plain",
Content = new byte[] { 0x46, 0x49, 0x44, 0x4F }
},
UserVerificationIndex = this.UserVerificationIndex,
Location = this.Location,
UserVerificationMethod = this.UserVerificationMethod,
EnforceCredProtect = this.EnforceCredProtect,
CredProtect = this.CredProtect,
HmacSecret = this.HmacSecret
};
UserVerificationRequirement uv = this.UserVerificationRequirement.ToEnum <UserVerificationRequirement>();
AssertionOptions options = _webathn.GetAssertionOptions(existingCredentials.ToCore(), uv, exts);
string result = options.ToJson();
ctx.AssertionOptions = result;
return(result);
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), EventLogEntryType.Error, 5000);
string result = (new AssertionOptions {
Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "")
}).ToJson();
ctx.AssertionOptions = result;
return(result);
}
}
/// <summary>
/// GetLoginAssertionsOptions method implementation
/// </summary>
private string GetLoginAssertionsOptions(AuthenticationContext ctx)
{
try
{
List <MFAPublicKeyCredentialDescriptor> existingCredentials = new List <MFAPublicKeyCredentialDescriptor>();
if (!string.IsNullOrEmpty(ctx.UPN))
{
var user = RuntimeRepository.GetUser(Config, ctx.UPN);
if (user == null)
{
throw new ArgumentException("Username was not registered");
}
existingCredentials = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList();
}
AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs()
{
Extensions = this.Extentions,
UserVerificationMethod = this.UserVerificationMethod,
};
UserVerificationRequirement uv = this.UserVerificationRequirement;
AssertionOptions options = null;
if (existingCredentials.Count > 0)
{
options = _webathn.GetAssertionOptions(existingCredentials.ToCore(), uv, exts);
}
else
{
options = _webathn.GetAssertionOptions(null, uv, exts);
}
string result = options.ToJson();
ctx.AssertionOptions = result;
return(result);
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), EventLogEntryType.Error, 5000);
string result = (new AssertionOptions {
Status = "error", ErrorMessage = string.Format("{0} / {1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "")
}).ToJson();
ctx.AssertionOptions = result;
return(result);
}
}
/// <summary>
/// GetUserStoredCredentials method implementation
/// </summary>
public List <WebAuthNCredentialInformation> GetUserStoredCredentials(string upn)
{
List <WebAuthNCredentialInformation> wcreds = new List <WebAuthNCredentialInformation>();
try
{
MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, upn);
if (user != null)
{
List <MFAUserCredential> creds = RuntimeRepository.GetCredentialsByUser(Config, user);
if (creds.Count == 0)
{
return(null);
}
// return wcreds;
foreach (MFAUserCredential st in creds)
{
WebAuthNCredentialInformation itm = new WebAuthNCredentialInformation()
{
CredentialID = HexaEncoding.GetHexStringFromByteArray(st.Descriptor.Id),
AaGuid = st.AaGuid,
CredType = st.CredType,
RegDate = st.RegDate,
SignatureCounter = st.SignatureCounter,
NickName = st.NickName
};
if (st.Descriptor.Type != null)
{
itm.Type = EnumExtensions.ToEnumMemberValue(st.Descriptor.Type.Value);
}
wcreds.Add(itm);
}
return(wcreds.OrderByDescending(c => c.RegDate).ToList());
}
else
{
Log.WriteEntry(string.Format("{0}\r\n{1}", upn, "User does not exists !"), EventLogEntryType.Error, 5000);
throw new ArgumentNullException(string.Format("{0}\r\n{1}", upn, "User does not exists !"));;
}
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", upn, e.Message), EventLogEntryType.Error, 5000);
throw e;
}
}
/// <summary>
/// GetRegisterCredentialOptions method implementation
/// </summary>
private string GetRegisterCredentialOptions(AuthenticationContext ctx)
{
try
{
if (string.IsNullOrEmpty(ctx.UPN))
{
throw new ArgumentNullException(ctx.UPN);
}
string attType = this.ConveyancePreference; // none, direct, indirect
string authType = this.Attachement; // <empty>, platform, cross-platform
string userVerification = this.UserVerificationRequirement; // preferred, required, discouraged
bool requireResidentKey = this.RequireResidentKey; // true,false
MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN);
if (user != null)
{
List <MFAPublicKeyCredentialDescriptor> existingKeys = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList();
// 3. Create options
AuthenticatorSelection authenticatorSelection = new AuthenticatorSelection
{
RequireResidentKey = requireResidentKey,
UserVerification = userVerification.ToEnum <UserVerificationRequirement>()
};
if (!string.IsNullOrEmpty(authType))
{
authenticatorSelection.AuthenticatorAttachment = authType.ToEnum <AuthenticatorAttachment>();
}
AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs()
{
Extensions = this.Extentions,
UserVerificationIndex = this.UserVerificationIndex,
Location = this.Location,
UserVerificationMethod = this.UserVerificationMethod,
EnforceCredProtect = this.EnforceCredProtect,
CredProtect = this.CredProtect,
HmacSecret = this.HmacSecret,
BiometricAuthenticatorPerformanceBounds = new AuthenticatorBiometricPerfBounds
{
FAR = float.MaxValue,
FRR = float.MaxValue
}
};
RegisterCredentialOptions options = _webathn.GetRegisterCredentialOptions(user.ToCore(), existingKeys.ToCore(), authenticatorSelection, attType.ToEnum <AttestationConveyancePreference>(), exts);
string result = options.ToJson();
ctx.CredentialOptions = result;
return(result);
}
else
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), EventLogEntryType.Error, 5000);
string result = (new RegisterCredentialOptions {
Status = "error", ErrorMessage = string.Format("{0}", "User does not exists !")
}).ToJson();
ctx.CredentialOptions = result;
return(result);
}
}
catch (Exception e)
{
Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000);
string result = (new RegisterCredentialOptions {
Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "")
}).ToJson();
ctx.CredentialOptions = result;
return(result);
}
}
