-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fido2VerificationException is thrown at Controller.MakeCredential method. #26
Comments
I will test, but could it be that your response properties are not encoded with base64url? |
@daisukenishino2 if you set a breakpoint at https://github.com/abergs/fido2-net-lib/blob/master/fido2-net-lib/AuthenticatorResponse.cs#L18 what is your deserialized Json (stringx variable)? Mine is: |
@daisukenishino2 Also you can try to check out the latest master branch, I've since merged @aseigler changes which should add more information in the exception. |
Try using "https://localhost:44329" instead of "http:https://localhost:4728". SSL is assumed to be in use, I think you will get a Origin vs expectedOrigin mismatch if you use HTTP. @abergs, we should probably disable the non-SSL option in the project configuration. Was able to repro problem replaying data from @daisukenishino2 through the HTTP uri. This also explains why the demo site works. |
Set launchSettings.json as follows, this worked well. {
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "https://localhost:44329/",
"sslPort": 44329
} I also have plan to implement FIDO2 in ASP.NET, |
@daisukenishino2 Please leave feedback if you have any. We will of course release a nuget package when the library has matured for easier consumption. I 'm also investigating if a middleware would be a suitable integration point for easier consumption. |
I have experience to implement biometric authentication to the website by "Windows Hello". However, I does not have expert knowledge for FIDO2.
The result of observe the implementation of "fido2-net-lib", I started to think it is necessary to analyze the implementation of "Fido2Demo" side, And compared my implementation and "fido2-net-lib" implementation in this work, I thought that implementation of "Fido2NetLib" side is big. Therefore, I think it is important how to prove the reliability of the Fido2NetLib side. And, I think reliability is required for dependency library of Fido2NetLib as well. And I understood that I was too ignorant about spec aof FIDO2 in this work. Because, if provid this to enterprise users, then required guarantee quality. Therefore, even if user side, I think it is necessary to know more about spec of FIDO2. ... I will analyze "Fido2NetLib" side from now. I think that I will rather be taught, by this lib, but I will send you feedback if I notice something there. |
@daisukenishino2 Yes, the Fido2NetLib side is where 95% of the work is happening. There are however some things that is necessary to know about browser side and the HTTP server side.
Also note: This project is till heavily work in progress. We aim to make it fully compliant (100% test score on the official test tool). We also might change the requirement on base64url where the spec allows us. |
I implemented webauthn using fido2-net-lib to my Idp. |
@daisukenishino2, this is a very nice writeup and your IdP integration is a great success story! Thanks for sharing it with us!
@abergs, take a look at the JavaScript feedback, see if we can use it with the new demo web page |
Acquiring solution from the latest master branch and executing this on local, the following exception was thrown at Controller.MakeCredential method. But, this is working properly on your demo site. I confirmed on the console of chrome, but error is not occurred.
This is displayed as following on console of chrome
I am using YubiKey as authenticator.
And, the following json data is posted to Controller.MakeCredential method.
The text was updated successfully, but these errors were encountered: