public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication,
	        string rawAuthResponse,
	        FidoDeviceRegistration deviceRegistration,
	        IEnumerable<FidoFacetId> trustedFacetIds)
        {
            var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse);
            return FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds);
        }
        public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication,
			FidoAuthenticateResponse authResponse,
			FidoDeviceRegistration deviceRegistration,
			IEnumerable<FidoFacetId> trustedFacetIds)
        {
            authResponse.Validate();

            var clientData = authResponse.ClientData;

            ExpectClientDataType(clientData, AuthenticateType);

            if (clientData.Challenge != startedAuthentication.Challenge)
                throw new InvalidOperationException("Incorrect challenge signed in client data");

            ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin));

            var signatureData = authResponse.SignatureData;

            VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration);

            deviceRegistration.UpdateCounter(signatureData.Counter);
            return signatureData.Counter;
        }
示例#3
0
        public ActionResult Login(LoginDeviceViewModel model)
        {
            model = model ?? new LoginDeviceViewModel();

            try
            {
                if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
                {
                    var u2f = new FidoUniversalTwoFactor();
                    var appId = new FidoAppId(Request.Url);

                    var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
                    if (deviceRegistration == null)
                    {
                        ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
                        return View(new LoginDeviceViewModel());
                    }

                    var challenge = model.Challenge;

                    var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
                        FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));

                    var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());

                    // save the counter somewhere, the device registration of the next authentication should use this updated counter
                    deviceRegistration.Counter = counter;

                    return RedirectToAction("LoginSuccess");
                }
            }
            catch (Exception ex)
            {
                ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
            }

            return View(model);
        }