/// <summary> /// GetUserStoredCredentials method implementation /// </summary> public List <WebAuthNCredentialInformation> GetUserStoredCredentials(AuthenticationContext ctx) { List <WebAuthNCredentialInformation> wcreds = new List <WebAuthNCredentialInformation>(); var user = RuntimeRepository.GetUser(Config, ctx.UPN); List <MFAUserCredential> creds = RuntimeRepository.GetCredentialsByUser(Config, user); if (creds.Count == 0) { return(wcreds); } foreach (MFAUserCredential st in creds) { WebAuthNCredentialInformation itm = new WebAuthNCredentialInformation() { CredentialID = HexaEncoding.GetHexStringFromByteArray(st.Descriptor.Id), AaGuid = st.AaGuid, CredType = st.CredType, RegDate = st.RegDate, SignatureCounter = st.SignatureCounter }; if (st.Descriptor.Type != null) { itm.Type = EnumExtensions.ToEnumMemberValue(st.Descriptor.Type.Value); } wcreds.Add(itm); } return(wcreds.OrderByDescending(c => c.RegDate).ToList <WebAuthNCredentialInformation>()); }
/// <summary> /// GetLoginAssertionsOptions method implementation /// </summary> private string GetLoginAssertionsOptions(AuthenticationContext ctx) { try { List <MFAPublicKeyCredentialDescriptor> existingCredentials = new List <MFAPublicKeyCredentialDescriptor>(); if (!string.IsNullOrEmpty(ctx.UPN)) { var user = RuntimeRepository.GetUser(Config, ctx.UPN); if (user == null) { throw new ArgumentException("Username was not registered"); } existingCredentials = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList(); } AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs() { SimpleTransactionAuthorization = "FIDO", GenericTransactionAuthorization = new TxAuthGenericArg { ContentType = "text/plain", Content = new byte[] { 0x46, 0x49, 0x44, 0x4F } }, UserVerificationIndex = this.UserVerificationIndex, Location = this.Location, UserVerificationMethod = this.UserVerificationMethod, EnforceCredProtect = this.EnforceCredProtect, CredProtect = this.CredProtect, HmacSecret = this.HmacSecret }; UserVerificationRequirement uv = this.UserVerificationRequirement.ToEnum <UserVerificationRequirement>(); AssertionOptions options = _webathn.GetAssertionOptions(existingCredentials.ToCore(), uv, exts); string result = options.ToJson(); ctx.AssertionOptions = result; return(result); } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), EventLogEntryType.Error, 5000); string result = (new AssertionOptions { Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "") }).ToJson(); ctx.AssertionOptions = result; return(result); } }
/// <summary> /// GetLoginAssertionsOptions method implementation /// </summary> private string GetLoginAssertionsOptions(AuthenticationContext ctx) { try { List <MFAPublicKeyCredentialDescriptor> existingCredentials = new List <MFAPublicKeyCredentialDescriptor>(); if (!string.IsNullOrEmpty(ctx.UPN)) { var user = RuntimeRepository.GetUser(Config, ctx.UPN); if (user == null) { throw new ArgumentException("Username was not registered"); } existingCredentials = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList(); } AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs() { Extensions = this.Extentions, UserVerificationMethod = this.UserVerificationMethod, }; UserVerificationRequirement uv = this.UserVerificationRequirement; AssertionOptions options = null; if (existingCredentials.Count > 0) { options = _webathn.GetAssertionOptions(existingCredentials.ToCore(), uv, exts); } else { options = _webathn.GetAssertionOptions(null, uv, exts); } string result = options.ToJson(); ctx.AssertionOptions = result; return(result); } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), EventLogEntryType.Error, 5000); string result = (new AssertionOptions { Status = "error", ErrorMessage = string.Format("{0} / {1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "") }).ToJson(); ctx.AssertionOptions = result; return(result); } }
/// <summary> /// GetUserStoredCredentials method implementation /// </summary> public List <WebAuthNCredentialInformation> GetUserStoredCredentials(string upn) { List <WebAuthNCredentialInformation> wcreds = new List <WebAuthNCredentialInformation>(); try { MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, upn); if (user != null) { List <MFAUserCredential> creds = RuntimeRepository.GetCredentialsByUser(Config, user); if (creds.Count == 0) { return(null); } // return wcreds; foreach (MFAUserCredential st in creds) { WebAuthNCredentialInformation itm = new WebAuthNCredentialInformation() { CredentialID = HexaEncoding.GetHexStringFromByteArray(st.Descriptor.Id), AaGuid = st.AaGuid, CredType = st.CredType, RegDate = st.RegDate, SignatureCounter = st.SignatureCounter, NickName = st.NickName }; if (st.Descriptor.Type != null) { itm.Type = EnumExtensions.ToEnumMemberValue(st.Descriptor.Type.Value); } wcreds.Add(itm); } return(wcreds.OrderByDescending(c => c.RegDate).ToList()); } else { Log.WriteEntry(string.Format("{0}\r\n{1}", upn, "User does not exists !"), EventLogEntryType.Error, 5000); throw new ArgumentNullException(string.Format("{0}\r\n{1}", upn, "User does not exists !"));; } } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", upn, e.Message), EventLogEntryType.Error, 5000); throw e; } }
/// <summary> /// GetRegisterCredentialOptions method implementation /// </summary> private string GetRegisterCredentialOptions(AuthenticationContext ctx) { try { if (string.IsNullOrEmpty(ctx.UPN)) { throw new ArgumentNullException(ctx.UPN); } string attType = this.ConveyancePreference; // none, direct, indirect string authType = this.Attachement; // <empty>, platform, cross-platform string userVerification = this.UserVerificationRequirement; // preferred, required, discouraged bool requireResidentKey = this.RequireResidentKey; // true,false MFAWebAuthNUser user = RuntimeRepository.GetUser(Config, ctx.UPN); if (user != null) { List <MFAPublicKeyCredentialDescriptor> existingKeys = RuntimeRepository.GetCredentialsByUser(Config, user).Select(c => c.Descriptor).ToList(); // 3. Create options AuthenticatorSelection authenticatorSelection = new AuthenticatorSelection { RequireResidentKey = requireResidentKey, UserVerification = userVerification.ToEnum <UserVerificationRequirement>() }; if (!string.IsNullOrEmpty(authType)) { authenticatorSelection.AuthenticatorAttachment = authType.ToEnum <AuthenticatorAttachment>(); } AuthenticationExtensionsClientInputs exts = new AuthenticationExtensionsClientInputs() { Extensions = this.Extentions, UserVerificationIndex = this.UserVerificationIndex, Location = this.Location, UserVerificationMethod = this.UserVerificationMethod, EnforceCredProtect = this.EnforceCredProtect, CredProtect = this.CredProtect, HmacSecret = this.HmacSecret, BiometricAuthenticatorPerformanceBounds = new AuthenticatorBiometricPerfBounds { FAR = float.MaxValue, FRR = float.MaxValue } }; RegisterCredentialOptions options = _webathn.GetRegisterCredentialOptions(user.ToCore(), existingKeys.ToCore(), authenticatorSelection, attType.ToEnum <AttestationConveyancePreference>(), exts); string result = options.ToJson(); ctx.CredentialOptions = result; return(result); } else { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, "User does not exists !"), EventLogEntryType.Error, 5000); string result = (new RegisterCredentialOptions { Status = "error", ErrorMessage = string.Format("{0}", "User does not exists !") }).ToJson(); ctx.CredentialOptions = result; return(result); } } catch (Exception e) { Log.WriteEntry(string.Format("{0}\r\n{1}", ctx.UPN, e.Message), System.Diagnostics.EventLogEntryType.Error, 5000); string result = (new RegisterCredentialOptions { Status = "error", ErrorMessage = string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "") }).ToJson(); ctx.CredentialOptions = result; return(result); } }