// Only API call public async Task <AuthorizationResponse> SignInAsync(SecurityKeySignInModel parameters) { var assertionRawResponse = parameters.AuthenticatorAssertionRawResponse; // Get the assertion options we sent the client var jsonOptions = _memoryCache.Get <string>(Convert.ToBase64String(assertionRawResponse.Id)); var options = AssertionOptions.FromJson(jsonOptions); // Get registered credential from database var creds = await GetCredentialById(assertionRawResponse.Id); if (creds == null) { throw new Exception("Unknown credentials"); } // Get credential counter from database var storedCounter = creds.SignatureCounter; // Create callback to check if userhandle owns the credentialId IsUserHandleOwnerOfCredentialIdAsync callback = async(args) => { var storedCreds = await GetCredentialsByUserHandleAsync(args.UserHandle); return(storedCreds.Exists(c => c.Descriptor.Id.SequenceEqual(args.CredentialId))); }; // Make the assertion var res = await _lib.MakeAssertionAsync(assertionRawResponse, options, creds.PublicKey, storedCounter, callback); // Store the updated counter await UpdateCounter(res.CredentialId, res.Counter); // Get authenticator flags var authData = new AuthenticatorData(assertionRawResponse.Response.AuthenticatorData); if (authData.UserPresent && authData.UserVerified) { var user = await _userManager.FindByNameAsync(creds.Username); if (user == null) { throw new HESException(HESCode.UserNotFound); } await _signInManager.SignInAsync(user, parameters.RememberMe); return(AuthorizationResponse.Success(user)); } return(AuthorizationResponse.Error(HESCode.AuthenticatorNotFIDO2)); }
public async Task <AuthorizationResponse> LoginWithFido2Async(SecurityKeySignInModel parameters) { var stringContent = new StringContent(JsonConvert.SerializeObject(parameters), Encoding.UTF8, "application/json"); var httpResponse = await _httpClient.PostAsync("api/Identity/LoginWithFido2", stringContent); var authorizationResponse = JsonConvert.DeserializeObject <AuthorizationResponse>(await httpResponse.Content.ReadAsStringAsync()); await TrySetCookieAsync(httpResponse); if (authorizationResponse.Succeeded) { await SetAuthenticatedAsync(authorizationResponse.User); } return(authorizationResponse); }
public async Task <AuthorizationResponse> LoginWithFido2(SecurityKeySignInModel parameters) { return(await _fido2Service.SignInAsync(parameters)); }