WebAuthn Component

Properties   Methods   Events   Config Settings   Errors  

The WebAuthn component provides a simple way to implement a WebAuthn Relying Party server in your web application.

Syntax

nsoftware.IPWorksWebAuthn.WebAuthn

Remarks

The WebAuthn component provides a simple way to implement a WebAuthn Relying Party server, enabling passwordless authentication in your web application.

A typical Relying Party consists of two entities: the server-side logic and the front-end script. The WebAuthn component implements the server-side logic. The implementation and communication between these two key entities is up to the application. For a simple example, please refer to the demo in the installation directory.

Setup

Credential Storage

Before utilizing the component the application should implement some credential repository, storage, or database used to store and retrieve user credentials. The exact implementation of this storage is up to the application. For example, in the included demo, user credential information is stored in a text file on disk. Other implementations could store credentials in memory, a database, etc.

For more information on when to store and retrieve user credentials, and what information is necessary, please refer to the registration and authentication sections below.

Configuring the Relying Party Server

A Relying Party Server has multiple properties that serve as identifiers to WebAuthn clients. These can be configured in the WebAuthn component by using the following properties:

• Origin
• RelyingPartyId
• RelyingPartyName

The Origin is a required property and specifies the full web origin, including the protocol (http or https) and domain, of the Relying Party. For example, this property may be set to https://login.example.com:7112. This property, along with RelyingPartyId, ensures the application's security by restricting requests to valid origins and domains, preventing unauthorized entities from attempting to use credentials.

The RelyingPartyId is a valid domain string used to identify the Relying Party during registration or authentication. By default, this value is empty, and will be calculated by parsing the default effective domain of the specified Origin. Using the previous example, this would mean login.example.com would be used as the RelyingPartyId.

The RelyingPartyId can be manually specified, though it should be ensured that a valid effective domain is defined for the given Origin. Using the previous example, example.com would suffice, however, m.login.example.com would be an invalid identifier.

The RelyingPartyName is a user-friendly identifier for the component, intended only for display. For example, this could be set to a company name, such as ACME Corporation.

Related Origins

If manually specified, the RelyingPartyId must be equal to an effective domain of the Origin. However, singular domains can prove difficult for deployments in larger environments, where multiple country-specific domains are in use.

As such, the Origin property may be used to specify a comma-separated list of possible origins, for example, https://example.com:7112,https://example.co.uk:7112. Implementations can allow clients to create and use a credential across this set of origins.

In this case, implementations must manually specify a RelyingPartyId to use across all operations from related origins. Additionally, a JSON document must be hosted at the webauthn well-known URL for the RelyingPartyId (e.g., hosted at https://RelyingPartyId/.well-known/webauthn) as described here. This document should contain all origins specified in Origin.

Please see below for a simple example of configuring the mentioned properties. Note that at the very least, Origin must be set for each step of the registration and authentication processes below.

C#
 Copy
WebAuthn server = new WebAuthn();

// Automatically set RelyingPartyId to default effective domain
server.Origin = "https://login.example.com:7112";
server.RelyingPartyName = "Example Name";

Console.WriteLine(server.RelyingPartyId); // Prints "login.example.com"

// Manually set RelyingPartyId to a different effective domain
server.Origin = "https://login.example.com:7112";
server.RelyingPartyId = "example.com";
server.RelyingPartyName = "Example Name";

// Specify related origins
server.Origin = "https://login.example.com:7112,https://login.example.co.uk:7112";
server.RelyingPartyId = "example.com";
server.RelyingPArtyName = "Example Name";

Registration

Creating Registration Options

To create a new user credential, a user must first initiate the registration process. Typically, the user initates a request to the front-end script, which should then communicate with the component to start this process.

During registration, the component is first required to build options for creating, or registering, a new user credential by calling CreateRegistrationRequest. After receiving a request from a front-end, several relevant properties should be set before building these options.

In addition to setting the Relying Party properties, as mentioned in the previous section, the only other required property to set is the UserName. The UserName property should be set to the user-friendly identifier for the user account attempting registration. Typically, the UserName is provided by the client in the front-end request. The client may also provide the UserDisplayName, specifying a name associated with the user account intended only for display.

The UserId property may be set to some unique identifier for the relevant UserName. By default, the UserId is empty, and will be calculated by the component as the SHA256 hash of the provided UserName. If manually specified, implementations should ensure that this identifier is unique to the user, and available in future operations related to this user.

Lastly, it may be that the specified UserName has existing credentials previously obtained from various authenticators. Before calling CreateRegistrationRequest, implementations should query their existing credential database for credentials associated with the specified UserName. Once identified, the UserCredentials collection should be populated by calling AddUserCredential for each credential. Doing so will ensure that a new credential is not created on an authenticator containing a credential mapped to this UserName. While not explicitly required, this step should be performed.

The following properties may also be set or modified for additional configuration of the produced registration options:

• AttestationType
• AuthenticatorAttachment
• DiscoverableCredentials
• Extensions
• PublicKeyAlgorithms
• Timeout
• UserVerification

Once the component is configured, CreateRegistrationRequest should be called, producing a JSON string of the relevant options that should be returned to the client. Implementations should store the created options somewhere for use during verification (see below). For example, these options could be stored in the HTTP session context, which should persist during registration.

The client should pass these options to the JavaScript function navigator.credentials.create(). After doing so, the client will then interact with the authenticator. For example, the client may enter a PIN or touch a security key. Assuming this is successful, navigator.credentials.create() will return the authenticator response, which should then be returned to the component.

Please see below for an example of configuring the component in this case, and storing the options in the HTTP context:

C#
 Copy
server.UserName = "test";
server.UserDisplayName = "Test User";

// Some List of WACredential type, search by UserName
List<WACredential> existingCredentials = QueryCredentialsByUser(server.UserName);

for (int i = 0; i < existingCredentials.Count; i++) {
  server.AddUserCredential(existingCredentials[i].IdB, existingCredentials[i].PublicKey, existingCredentials[i].SignCount, existingCredentials[i].SignAlgorithm)
}

// JSON options string that should be returned to the client and passed to navigator.credentials.create()
string ret = server.CreateRegistrationRequest();

// Store the options in the same context for later use during registration.
context.Session.SetString("registrationOptions", ret);

Verifying the Authenticator's Registration Response

Assuming a response has been received from the authenticator, to complete registration, the client must provide this response to the component. To verify the authenticator response, VerifyRegistrationResponse should be called, taking the options previously generated with CreateRegistrationRequest and the recently received response as parameters.

After calling VerifyRegistrationResponse, the RegistrationInfo event will fire, providing the Id of the recently created credential. During this event, implementations should search for the provided credential Id in their database. Credential Ids must be unique, i.e., no existing credential in the database may have the provided credential Id. If the provided credential Id exists for any user, verification should fail, and the Cancel parameter of RegistrationInfo should be set to true to do so.

Assuming the credential Id does not exist for any other user and the additional verification performed by the component succeeds, RegistrationComplete will fire. This event will provide various information about the newly created credential record. During this event, implementations should save this information to their existing credential database for use during future registration or authentication ceremonies. Specifically, implementations should save the following values associated with the credential record.

1. The current UserName associated with the credential.
2. If manually specified, the associated UserId.
3. The CredentialId parameter of RegistrationComplete.
4. The PublicKey parameter of RegistrationComplete.
5. The SignCount parameter of RegistrationComplete.
6. The Algorithm parameter of RegistrationComplete.

Additionally, implementations may wish to store the BackupEligible, BackupState, and UvInitialized configs as well.

Once the relevant credential information is saved, registration is officially complete, and the registered credential may be used in future authentication ceremonies.

Please see below for an example of the verification process:

C#
 Copy
server.OnRegistrationInfo += (o, e) => {
  // Some List of WACredential type, search by Credential Id
  existingCredentials = QueryCredentialsById(e.CredentialId);

  if (existingCredentials.Count != 0) {
    // Registration should fail since CredentialId exists
    e.Cancel = true;
  }
};

server.OnRegistrationComplete += (o, e) => {
  // Save credential info for authentication
  SaveCredential(server.UserName, e.CredentialIdB, e.PublicKey, e.SignCount, e.Algorithm);
};

string response = StreamReader(context.Request.Body).ReadToEnd();
string cachedOptions = context.Session.GetString("registrationOptions") ?? String.Empty;

server.VerifyRegistrationResponse(response, options);

Console.WriteLine("Registration Successful.");

Authentication

Creating Login Options

To log in using an existing credential, a user must first initiate the authentication process. Typically, the user initiates a request to the front end which should communicate directly with the component to start this process.

During authentication, the component is first required to build options for logging in using an existing user credential by calling CreateAuthenticationRequest. After receiving a request from a front-end, several relevant properties should be set before building these options.

In addition to setting the Relying Party properties, as mentioned in the first section, there are no required properties that must be set before calling CreateAuthenticationRequest.

Typically, the user attempting to log in will provide the username associated with their account, however, this is not a requirement. If the username is provided, implementations should query their existing credential database for any credentials associated with this username. Once identified, the UserCredentials collection should be populated by calling AddUserCredential for each user credential. When sending the options to the client in a later step, the authenticator will then allow the client to select from these credentials during authentication. Note that the UserName property should not be specified in this case, as it is not included in the options.

If the client does not specify a username, implementations should leave the UserCredentials collection empty. When sending the options to the client in a later step, the authenticator will then allow the client to utilize any discoverable credentials that were previously created. Discoverable credentials are made available to the client in this specific case, and the client may choose any of the existing discoverable credentials as presented by the authenticator. A discoverable credential can be created during registration. The component can indicate its preference regarding whether a discoverable credential is created using the DiscoverableCredentials property during this step. If no discoverable credentials exist, this will result in an error.

The following properties may also be set or modified for additional configuration of the produced login options:

• Extensions
• Timeout

Once the component is configured, CreateAuthenticationRequest should be called, producing a JSON string of the relevant options that should be returned to the client. Implementations should store the created options somewhere for use during verification (see below). For example, these options could be stored in the HTTP session context, which should persist during authentication.

The client should pass these options to the JavaScript function navigator.credentials.get(). After doing so, the client will then interact with the authenticator. For example, the client may enter a PIN or touch a security key. Assuming this is successful, navigator.credentials.get() will return the authenticator response, which should then be returned to the component.

Please see below for an example of configuring the component in this case, and storing the options in the HTTP context:

C#
 Copy
string userName = "test"; // If provided, optional
List<existingCredentials> = QueryCredentialsByUser(userName);

for (int i = 0; i < existingCredentials.Count; i++) {
  server.AddUserCredential(existingCredentials[i].IdB, existingCredentials[i].PublicKey, existingCredentials[i].SignCount, existingCredentials[i].SignAlgorithm)
}

// JSON options string that should be returned to the client and passed to navigator.credentials.create()
string ret = server.CreateAuthenticationRequest();

// Store the options in the same context for later use during login.
context.Session.SetString("loginOptions", ret);

Verifying the Authenticator's Login Response

Assuming a response has been received from the authenticator, to complete the login process, the client must provide this response to the component. To verify the authenticator response, VerifyAuthenticationResponse should be called, taking the recently received response, and the options previously generated with CreateAuthenticationRequest (stored in the HTTP context).

After calling VerifyAuthenticationResponse, the AuthenticationInfo event will fire, providing the Id of the recently created credential. During this event, implementations should search for the provided credential Id in their database. Since a user is attempting to use an existing credential, it is assumed this credential exists in the database. If the provided credential Id does not exist, the Cancel parameter of AuthenticationInfo should be set to true, and verification should fail.

Assuming the credential exists in the database, the following properties and event parameters should be set during AuthenticationInfo:

• The current UserName associated with the credential.
• If manually specified, the associated UserId.
• The PublicKey parameter of AuthenticationInfo.
• The SignCount parameter of AuthenticationInfo.
• The Algorithm parameter of AuthenticationInfo.

Assuming this information is correct, the component will continue the verification process accordingly, and AuthenticationComplete will fire. This event will provide necessary information regarding any updates to the existing credential. During this event, implementations should update the credential in their database for future use. Specifically, implementations should update the signature counter associated with the credential record by utilizing the SignCount parameter of AuthenticationComplete.

Implementations may wish to query the values of the BackupState and UvInitialized configs to update the stored credential record accordingly.

Once the relevant credential information is updated, authentication is complete.

Please see below for an example of the verification process:

C#
 Copy
server.OnAuthenticationInfo += (o, e) => {
  // Search for single Credential Id
  existingCredential = QueryCredentialById(e.CredentialId);
  string user = QueryUserById(e.CredentialId);

  if (existingCredential == null) {
    // Registration should fail since CredentialId does not exist
    e.Cancel = true;
  }

  server.UserName = user;
  e.PublicKey = existingCredential.PublicKey;
  e.SignCount = existingCredential.SignCount;
  e.Algorithm = existingCredential.SignAlgorithm;
};

server.OnAuthenticationComplete += (o, e) => {
  // Update credential info
  SaveCredential(e.CredentialIdB, e.SignCount);
};

string response = new StreamReader(context.Request.Body).ReadToEnd();
string cachedOptions = context.Session.GetString("loginOptions") ?? String.Empty;

server.VerifyAuthenticationResponse(response, options);

Console.WriteLine("Authentication Successful.");

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AttestationType Property (WebAuthn Component)

Specifies the preference regarding attestation conveyance during registration

Syntax

• C#
• VB.NET

public WebAuthnAttestationTypes AttestationType { get; set; }

enum WebAuthnAttestationTypes {
  atNone,
  atIndirect,
  atDirect,
  atEnterprise
}

Public Property AttestationType As WebauthnAttestationTypes

Enum WebAuthnAttestationTypes
  atNone
  atIndirect
  atDirect
  atEnterprise
End Enum

Default Value

0

Remarks

This property specifies the preference regarding attestation conveyance during registration. This value may be set prior to calling CreateRegistrationRequest. Possible values include:

AuthenticatorAttachment Property (WebAuthn Component)

Specifies the preference regarding authenticator attachment modality during registration.

Syntax

• C#
• VB.NET

public WebAuthnAuthenticatorAttachments AuthenticatorAttachment { get; set; }

enum WebAuthnAuthenticatorAttachments {
  atAny,
  atPlatform,
  atCrossPlatform
}

Public Property AuthenticatorAttachment As WebauthnAuthenticatorAttachments

Enum WebAuthnAuthenticatorAttachments
  atAny
  atPlatform
  atCrossPlatform
End Enum

Default Value

0

Remarks

This property specifies the preference regarding authenticator attachment modality. This value may be set prior to calling CreateRegistrationRequest. Possible values include:

Note that this value may not affect which types of authenticators (platform or cross-platform) are presented to the client, as it only indicates server-side preference.

This property is not available at design time.

DiscoverableCredentials Property (WebAuthn Component)

Specifies whether the Relying Party wishes to create a client-side discoverable credential during registration.

Syntax

• C#
• VB.NET

public WebAuthnDiscoverableCredentials DiscoverableCredentials { get; set; }

enum WebAuthnDiscoverableCredentials {
  dcUnspecified,
  dcDiscouraged,
  dcPreferred,
  dcRequired
}

Public Property DiscoverableCredentials As WebauthnDiscoverableCredentials

Enum WebAuthnDiscoverableCredentials
  dcUnspecified
  dcDiscouraged
  dcPreferred
  dcRequired
End Enum

Default Value

0

Remarks

This property specifies whether the Relying Party wishes to create a client-side discoverable credential during registration. This value may be set prior to calling CreateRegistrationRequest. Possible values include:

As some background, a discoverable credential is a credential that is discoverable and usable during authentication ceremonies where the UserCredentials is empty, i.e., when no existing credential Ids are specified. In this case, the Relying Party does not necessarily need to first identify the user. On the client-side, the user will be able to select some appropriate credential to log in with.

Assuming the authentication on the client-side is successful, the authenticator should return a response to the application, which will contain the relevant credential Id used to log in. The associated credential Id will be provided in AuthenticationInfo, and assuming the credential exists, relevant credential information should be provided.

This property is not available at design time.

Extensions Property (WebAuthn Component)

Specifies extensions that will either be sent to the client, or have been sent to the component.

Syntax

• C#
• VB.NET

public WAExtensionList Extensions { get; }

Public ReadOnly Property Extensions As WAExtensionList

Remarks

This property specifies extensions utilized by the component in two different cases.

In the first case, this property will be populated using AddExtension, which should be called to send extensions to the client prior to CreateRegistrationRequest and CreateAuthenticationRequest.

In the second case, this property may be populated after parsing an authenticator response with VerifyRegistrationResponse or VerifyAuthenticationResponse. Typically, the parsed extensions will be responses to any extensions sent during the first case, and implementations can view the result either in Extension, or RegistrationInfo and AuthenticationInfo.

In RegistrationInfo and AuthenticationInfo implementations may perform validation of the extensions present (or missing) from this collection. While implementations may verify responses to all previously sent extensions were received in the response, implementations must be able to handle such situations where unsolicited extensions were received, or certain extensions were ignored. Please see RegistrationInfo and AuthenticationInfo for additional details.

This property is read-only and not available at design time.

Origin Property (WebAuthn Component)

Specifies the full web origin, including the protocol (http or https) and domain, of the component (WebAuthn Relying Party).

Syntax

• C#
• VB.NET

public string Origin { get; set; }

Public Property Origin As String

Default Value

""

Remarks

This property specifies the full web origin, including the protocol (http or https) and domain, of the component (WebAuthn Relying Party). The origin must be specified before calling CreateRegistrationRequest, VerifyRegistrationResponse, CreateAuthenticationRequest, and VerifyAuthenticationResponse.

This property ensures the security of the application by restricting requests to valid origins, preventing unauthorized entities from attempting to use credentials. For example, setting the Origin property to https://login.example.com:7112 limits requests to that specific domain.

By default, after setting this property, the RelyingPartyId will be set to the default effective domain of the origin. In the above example, RelyingPartyId would be set to login.example.com.

The RelyingPartyId can be manually specified, though it should be ensured that a valid effective domain is specified for the given Origin. Using the previous example, example.com would suffice, however, m.login.example.com would be an invalid identifier.

Related Origins

If manually specified, the RelyingPartyId must be equal to an effective domain of the Origin. However, singular domains can prove difficult for deployments in larger environments, where multiple country-specific domains are in use.

As such, the Origin property may be used to specify a comma-separated list of possible origins, for example, https://example.com:7112,https://example.co.uk:7112. Implementations can allow clients to create and use a credential across this set of origins.

In this case, implementations must manually specify a RelyingPartyId to use across all operations from related origins. Additionally, a JSON document must be hosted at the webauthn well-known URL for the RelyingPartyId (e.g., hosted at https://RelyingPartyId/.well-known/webauthn) as described here. This document should contain all origins specified in Origin.

PublicKeyAlgorithms Property (WebAuthn Component)

Specifies an ordered, comma-separated list of acceptable algorithms for the public key during registration

Syntax

• C#
• VB.NET

public string PublicKeyAlgorithms { get; set; }

Public Property PublicKeyAlgorithms As String

Default Value

"ES256,RS256"

Remarks

This property specifies an ordered, comma-separated list of acceptable algorithms for the public key during registration. By default, this value is ES256,RS256, and must be specified before calling CreateRegistrationRequest.

Though those elements are sorted by preference (the first element being the most preferred), it is up to the client to choose among those elements for building the credential.

Possible values to include in this property are:

• ES256 (default)
• RS256 (default)
• ES384
• ES512
• EdDSA
• PS256
• PS384
• PS512
• RS1

The selected algorithm will be made available in RegistrationComplete, after verifying the authenticator response using VerifyRegistrationResponse.

RelyingPartyId Property (WebAuthn Component)

Specifies the unique identifier of the Relying Party.

Syntax

• C#
• VB.NET

public string RelyingPartyId { get; set; }

Public Property RelyingPartyId As String

Default Value

""

Remarks

This property specifies the unique identifier of the WebAuthn Relying Party.

A Relying Party identifier is a valid domain string identifying the WebAuthn Relying Party on whose behalf registration or authentication is being performed.

By default, this value is empty, and will be set as the default effective domain of the Origin. For example, if the Origin is specified as https://example.com, this property will be set to example.com.

The RelyingPartyId can be manually specified after setting Origin, though it should be ensured that a valid effective domain is specified for the given origin. Using the previous example, example.com would suffice, however, m.login.example.com would be an invalid identifier.

Note: If the Origin is specified as a comma-separated list of valid origins, this property must be manually specified, otherwise, it will remain empty.

RelyingPartyName Property (WebAuthn Component)

Specifies a user-friendly name for the WebAuthn Relying Party.

Syntax

• C#
• VB.NET

public string RelyingPartyName { get; set; }

Public Property RelyingPartyName As String

Default Value

""

Remarks

This property specifies a user-friendly identifier for the Relying Party, intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc.".

This property may be specified before calling CreateRegistrationRequest, VerifyRegistrationResponse, CreateAuthenticationRequest, and VerifyAuthenticationResponse.

Timeout Property (WebAuthn Component)

Specifies a time, in seconds, that the Relying Party is willing to wait for the operation to complete.

Syntax

• C#
• VB.NET

public int Timeout { get; set; }

Public Property Timeout As Integer

Default Value

60

Remarks

This property specifies a time, in seconds, that the Relying Party is willing to wait for the operation to complete. By default, this is set to 60 seconds.

When calling CreateRegistrationRequest or CreateAuthenticationRequest, this value simply represents a hint for the time the component is willing to wait for the completion of the operation. This property is optional and merely is a hint which may be overridden by the browser.

UserCredentials Property (WebAuthn Component)

Specifies existing credentials for a user account.

Syntax

• C#
• VB.NET

public WACredentialList UserCredentials { get; }

Public ReadOnly Property UserCredentials As WACredentialList

Remarks

This property specifies existing credentials for a user account. This collection may be populated using AddUserCredential before calling CreateRegistrationRequest or CreateAuthenticationRequest.

Before calling CreateRegistrationRequest, AddUserCredential may be called for each credential that exists for the specified UserName. This will ensure that the new credential is not created on an authenticator that already contains a credential mapped to the specific UserName. If a mapped credential for the selected authenticator already exists, this may result in an error.

Before calling CreateAuthenticationRequest, if a username is provided by the front-end, AddUserCredential may be called for each existing credential for the identified user account. The UserName property should not be specified in this case, as it is not included in the options.

If a username is not provided by the front-end, AddUserCredential should not called, and only discoverable credentials will be utilized for authentication. In this case, the user will select the relevant credential during authentication, unknown to the component initially. After receiving a response from the authenticator and calling VerifyAuthenticationResponse, the utilized credential will be present in AuthenticationInfo.

This property is read-only and not available at design time.

UserDisplayName Property (WebAuthn Component)

Specifies a user-friendly name for the associated user account intended only for display.

Syntax

• C#
• VB.NET

public string UserDisplayName { get; set; }

Public Property UserDisplayName As String

Default Value

""

Remarks

This property specifies a user-friendly name for the associated user account intended only for display.

UserId Property (WebAuthn Component)

Specifies the user Id, or user handle, for the associated user account.

Syntax

• C#
• VB.NET

public string UserId { get; set; }
public byte[] UserIdB { get; set; }

Public Property UserId As String
Public Property UserIdB As Byte()

Default Value

""

Remarks

This property specifies the user Id, or user handle, for the associated user account. By default, this value will be empty. If left unspecified, the Id will be calculated as the SHA256 hash of the UserName property for use during registration and authentication.

If manually specified, this property will be used instead. In this case, it should be ensured that the specified Id is an opaque byte sequence with a maximum size of 64 bytes.

Note that this property is not meant to be displayed to the user.

UserName Property (WebAuthn Component)

Specifies a user-friendly name for the associated user account.

Syntax

• C#
• VB.NET

public string UserName { get; set; }

Public Property UserName As String

Default Value

""

Remarks

This property specifies a user-friendly name or identifier for the associated user account. This property must be set prior to calling CreateRegistrationRequest.

For example, possible values include: "alexm", "+14255551234", "alex.mueller@example.com", "alex.mueller@example.com (prod-env)".

By default, the UserId will be calculated as the SHA256 hash of this property for use during registration and authentication.

UserVerification Property (WebAuthn Component)

Specifies the Relying Party's requirements regarding user verification during registration.

Syntax

• C#
• VB.NET

public WebAuthnUserVerifications UserVerification { get; set; }

enum WebAuthnUserVerifications {
  uvRequired,
  uvPreferred,
  uvDiscouraged
}

Public Property UserVerification As WebauthnUserVerifications

Enum WebAuthnUserVerifications
  uvRequired
  uvPreferred
  uvDiscouraged
End Enum

Default Value

1

Remarks

This property specifies whether the Relying Party's requirements regarding user verification during registration. Possible values include:

As some background, an authenticator must support at least one authentication factor. An authenticator that supports one or more additional authentication factors (i.e., 2 or 3 total authentication factors) can support user verification, and is known as a multi-factor capable authenticator. In that regard, an authenticator that is not multi-factor capable is defined as single-factor capable, and do not support user verification. If this property is set to 0 (uvRequired) and the client attempts to utilize a single-factor capable authenticator, registration will fail.

Whether user verification was successful, or even performed, is indicated by the UvInitialized config, which may be queried during RegistrationComplete or AuthenticationComplete. This config may be stored or updated during these events for future use.

AddExtension Method (WebAuthn Component)

Used to add an extension to include when building the options for registration or authentication.

Syntax

• C#
• VB.NET

public void AddExtension(string name, string value, int valueType);

Async Version
public async Task AddExtension(string name, string value, int valueType);
public async Task AddExtension(string name, string value, int valueType, CancellationToken cancellationToken);

Public Sub AddExtension(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer)

Async Version
Public Sub AddExtension(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer) As Task
Public Sub AddExtension(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer, cancellationToken As CancellationToken) As Task

Remarks

This method is used to add an extension to include when building the options for registration or authentication (i.e., when calling CreateRegistrationRequest and CreateAuthenticationRequest, respectively).

The Name parameter specifies the name of the extension.

The Value parameter specifies the value of the extension.

The ValueType parameter specifies the type of the value. Possible values are as follows:

• 0 (Object)
• 1 (Array)
• 2 (String)
• 3 (Number)
• 4 (Bool)
• 5 (Null)
• 6 (Raw)

For example, to include the registered FIDO AppId Extension (appid) when calling CreateAuthenticationRequest, you can do the following:

 
 Copy
webauthn.AddExtension("appid", "some_legacy_rp_id", 2);

Assuming the extensions are supported by the authenticator and client, the extension outputs are reported when verifying the response after calling either VerifyRegistrationResponse or VerifyAuthenticationResponse. For each extension, the Extension event will fire with the relevant response parameters and types.

In the above case, the extension output will report either true or false, depending on whether the provided appid was utilized. If true, the RelyingPartyId should be updated accordingly to ensure that verification succeeds. For example:

 
 Copy
webauthn.OnExtension += (o, e) => {
  // Ensure returned value is a boolean, and true, before updating
  if (e.Name.Equals("appid") && e.ValueType == 4 && bool.Parse(e.Value)) {
    webauthn.RelyingPartyId = "some_legacy_rp_id";
  }
};

AddUserCredential Method (WebAuthn Component)

Used to add a user credential to the UserCredentials collection.

Syntax

• C#
• VB.NET

public void AddUserCredential(byte[] credentialId, string publicKey, int signCount, string algorithm);

Async Version
public async Task AddUserCredential(byte[] credentialId, string publicKey, int signCount, string algorithm);
public async Task AddUserCredential(byte[] credentialId, string publicKey, int signCount, string algorithm, CancellationToken cancellationToken);

Public Sub AddUserCredential(ByVal credentialId As String, ByVal publicKey As String, ByVal signCount As Integer, ByVal algorithm As String)

Async Version
Public Sub AddUserCredential(ByVal credentialId As String, ByVal publicKey As String, ByVal signCount As Integer, ByVal algorithm As String) As Task
Public Sub AddUserCredential(ByVal credentialId As String, ByVal publicKey As String, ByVal signCount As Integer, ByVal algorithm As String, cancellationToken As CancellationToken) As Task

Remarks

This method is used to add a user credential to the UserCredentials collection, which can be used to hold existing credentials for a specified UserName prior to calling CreateRegistrationRequest and CreateAuthenticationRequest.

Before calling CreateRegistrationRequest, this method should be called for each credential that exists for the given UserName. Included credentials will be specified in the resulting options. This will ensure that the new credential is not created on an authenticator that already contains a credential mapped to the specific UserName. If a mapped credential for the selected authenticator already exists, this may result in an error.

Before calling CreateAuthenticationRequest, if a username is provided by the front-end, AddUserCredential should be called for each existing credential for the identified user account. The UserName property should not be specified in this case, as it is not included in the options.

If a username is not provided by the front-end, AddUserCredential should not called, and only discoverable credentials will be utilized for authentication. In this case, the user will select the relevant credential during authentication, unknown to the component initially. After receiving a response from the authenticator and calling VerifyAuthenticationResponse, the utilized credential will be present in AuthenticationInfo.

Config Method (WebAuthn Component)

Sets or retrieves a configuration setting.

Syntax

• C#
• VB.NET

public string Config(string configurationString);

Async Version
public async Task<string> Config(string configurationString);
public async Task<string> Config(string configurationString, CancellationToken cancellationToken);

Public Function Config(ByVal ConfigurationString As String) As String

Async Version
Public Function Config(ByVal ConfigurationString As String) As Task(Of String)
Public Function Config(ByVal ConfigurationString As String, cancellationToken As CancellationToken) As Task(Of String)

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreateAuthenticationRequest Method (WebAuthn Component)

Used to build the request options for a user attempting to login, or authenticate, using an existing credential.

Syntax

• C#
• VB.NET

public string CreateAuthenticationRequest();

Async Version
public async Task<string> CreateAuthenticationRequest();
public async Task<string> CreateAuthenticationRequest(CancellationToken cancellationToken);

Public Function CreateAuthenticationRequest() As String

Async Version
Public Function CreateAuthenticationRequest() As Task(Of String)
Public Function CreateAuthenticationRequest(cancellationToken As CancellationToken) As Task(Of String)

Remarks

This method is used to build the request options for a user attempting to login, or authenticate, an existing credential, and will return a JSON-formatted string of these options. These options should be returned to the front-end and then passed to navigator.credentials.get() after some additional modification.

Before calling this method, Origin, RelyingPartyId, and/or RelyingPartyName must be set accordingly.

Additionally, if the user account has been identified (i.e., the user has specified their username), AddUserCredential should be called to populate UserCredentials with existing credentials for the identified user. If the user account has not been specified, UserCredentials may remain empty, implying that only discoverable credentials will be utilized for login.

The following properties may also be set or modified for additional configuration of the produced login options:

• Extensions
• Timeout

Please see below for a simple example of this process:

C#
 Copy
string userName = "test"; // If provided, optional
List<existingCredentials> = QueryCredentialsByUser(userName);

for (int i = 0; i < existingCredentials.Count; i++) {
  server.AddUserCredential(existingCredentials[i].IdB, existingCredentials[i].PublicKey, existingCredentials[i].SignCount, existingCredentials[i].SignAlgorithm)
}

// JSON options string that should be returned to the client and passed to navigator.credentials.create()
string ret = server.CreateAuthenticationRequest();

// Store the options in the same context for later use during login.
context.Session.SetString("loginOptions", ret);

CreateRegistrationRequest Method (WebAuthn Component)

Used to build the request options for a user attempting to register a new credential.

Syntax

• C#
• VB.NET

public string CreateRegistrationRequest();

Async Version
public async Task<string> CreateRegistrationRequest();
public async Task<string> CreateRegistrationRequest(CancellationToken cancellationToken);

Public Function CreateRegistrationRequest() As String

Async Version
Public Function CreateRegistrationRequest() As Task(Of String)
Public Function CreateRegistrationRequest(cancellationToken As CancellationToken) As Task(Of String)

Remarks

This method is used to build the request options for a user attempting to register, and will return a JSON-formatted string of these options. These options should be returned to the front-end and then passed to navigator.credentials.create() after some additional modification.

Before calling this method, Origin, RelyingPartyId, and/or RelyingPartyName must be set accordingly.

To identify the user performing registration, the UserName, UserDisplayName, and UserId should be specified. Additionally, AddUserCredential should be called to populate UserCredentials with existing credentials for the relevant user.

The following properties may also be set or modified for additional configuration of the produced registration options:

• AttestationType
• AuthenticatorAttachment
• DiscoverableCredentials
• Extensions
• PublicKeyAlgorithms
• Timeout
• UserVerification

Please see below for a simple example of this process:

C#
 Copy
server.UserName = "test";
server.UserDisplayName = "Test User";

// Some List of WACredential type, search by UserName
List<WACredential> existingCredentials = QueryCredentialsByUser(server.UserName);

for (int i = 0; i < existingCredentials.Count; i++) {
  server.AddUserCredential(existingCredentials[i].IdB, existingCredentials[i].PublicKey, existingCredentials[i].SignCount, existingCredentials[i].SignAlgorithm)
}

// JSON options string that should be returned to the client and passed to navigator.credentials.create()
string ret = server.CreateRegistrationRequest();

// Store the options in the same context for later use during registration.
context.Session.SetString("registrationOptions", ret);

Reset Method (WebAuthn Component)

Resets the component properties.

Syntax

• C#
• VB.NET

public void Reset();

Async Version
public async Task Reset();
public async Task Reset(CancellationToken cancellationToken);

Public Sub Reset()

Async Version
Public Sub Reset() As Task
Public Sub Reset(cancellationToken As CancellationToken) As Task

Remarks

This method resets all message and key properties to their default values.

VerifyAuthenticationResponse Method (WebAuthn Component)

Used to log in, or authenticate, using an existing credential.

Syntax

• C#
• VB.NET

public void VerifyAuthenticationResponse(string response, string options);

Async Version
public async Task VerifyAuthenticationResponse(string response, string options);
public async Task VerifyAuthenticationResponse(string response, string options, CancellationToken cancellationToken);

Public Sub VerifyAuthenticationResponse(ByVal response As String, ByVal options As String)

Async Version
Public Sub VerifyAuthenticationResponse(ByVal response As String, ByVal options As String) As Task
Public Sub VerifyAuthenticationResponse(ByVal response As String, ByVal options As String, cancellationToken As CancellationToken) As Task

Remarks

This method is used to log in, or authenticate, using an existing credential.

Before calling this method, Origin, RelyingPartyId, and/or RelyingPartyName must be set accordingly.

The Response parameter is used to provide the JSON-formatted authenticator response returned from the front-end call to navigator.credentials.get().

The Options parameter is used to provide the options obtained from CreateAuthenticationRequest during the first step of authentication.

After parsing the Response and Options parameters, the component will first attempt to verify the Response. During verification, AuthenticationInfo will fire, requesting additional information regarding the current credential. Within this event, it should be confirmed that the relevant credential used to log in exists. Relevant information about this credential should also be provided to the component. Please see AuthenticationInfo for additional information.

Assuming the response is successfully verified, AuthenticationComplete will fire containing updated information about the existing credential, which must be stored for future use. Afterwards, this method will return successfully, indicating the authentication process is complete.

Please see below for a simple example of this process:

C#
 Copy
server.OnAuthenticationInfo += (o, e) => {
  // Search for single Credential Id
  existingCredential = QueryCredentialById(e.CredentialId);
  string user = QueryUserById(e.CredentialId);

  if (existingCredential == null) {
    // Registration should fail since CredentialId does not exist
    e.Cancel = true;
  }

  server.UserName = user;
  e.PublicKey = existingCredential.PublicKey;
  e.SignCount = existingCredential.SignCount;
  e.Algorithm = existingCredential.SignAlgorithm;
};

server.OnAuthenticationComplete += (o, e) => {
  // Update credential info
  SaveCredential(e.CredentialIdB, e.SignCount);
};

string response = new StreamReader(context.Request.Body).ReadToEnd();
string cachedOptions = context.Session.GetString("loginOptions") ?? String.Empty;

server.VerifyAuthenticationResponse(response, options);

Console.WriteLine("Authentication Successful.");

VerifyRegistrationResponse Method (WebAuthn Component)

Used to register a new credential.

Syntax

• C#
• VB.NET

public void VerifyRegistrationResponse(string response, string options);

Async Version
public async Task VerifyRegistrationResponse(string response, string options);
public async Task VerifyRegistrationResponse(string response, string options, CancellationToken cancellationToken);

Public Sub VerifyRegistrationResponse(ByVal response As String, ByVal options As String)

Async Version
Public Sub VerifyRegistrationResponse(ByVal response As String, ByVal options As String) As Task
Public Sub VerifyRegistrationResponse(ByVal response As String, ByVal options As String, cancellationToken As CancellationToken) As Task

Remarks

This method is used to register a new credential.

Before calling this method, Origin, RelyingPartyId, and/or RelyingPartyName must be set accordingly.

The Response parameter is used to provide the JSON-formatted authenticator response returned from the front-end call to navigator.credentials.create().

The Options parameter is used to provide the options obtained from CreateRegistrationRequest during the first step of registration.

After parsing the Response and Options parameters, the component will first attempt to verify the Response. During verification, RegistrationInfo will fire, requesting confirmation regarding the new credential. Within this event, it should be confirmed that the new credential does not already exist for any user. Please see RegistrationInfo for additional information.

Assuming the response is successfully verified, RegistrationComplete will fire containing information about the new credential, which must be stored for future use. Afterwards, this method will return successfully, indicating the registration process is complete.

Please see below for a simple example of this process:

C#
 Copy
server.OnRegistrationInfo += (o, e) => {
  // Some List of WACredential type, search by Credential Id
  existingCredentials = QueryCredentialsById(e.CredentialId);

  if (existingCredentials.Count != 0) {
    // Registration should fail since CredentialId exists
    e.Cancel = true;
  }
};

server.OnRegistrationComplete += (o, e) => {
  // Save credential info for authentication
  SaveCredential(server.UserName, e.CredentialIdB, e.PublicKey, e.SignCount, e.Algorithm);
};

string response = StreamReader(context.Request.Body).ReadToEnd();
string cachedOptions = context.Session.GetString("registrationOptions") ?? String.Empty;

server.VerifyRegistrationResponse(response, options);

Console.WriteLine("Registration Successful.");

AuthenticationComplete Event (WebAuthn Component)

Fired when a user successfully logs in.

Syntax

• C#
• VB.NET

public event OnAuthenticationCompleteHandler OnAuthenticationComplete;

public delegate void OnAuthenticationCompleteHandler(object sender, WebAuthnAuthenticationCompleteEventArgs e);

public class WebAuthnAuthenticationCompleteEventArgs : EventArgs {
  public string CredentialId { get; }
  public byte[] CredentialIdB { get; }
  public int SignCount { get; }
}

Public Event OnAuthenticationComplete As OnAuthenticationCompleteHandler

Public Delegate Sub OnAuthenticationCompleteHandler(sender As Object, e As WebAuthnAuthenticationCompleteEventArgs)

Public Class WebAuthnAuthenticationCompleteEventArgs Inherits EventArgs
  Public ReadOnly Property CredentialId As String
  Public ReadOnly Property CredentialIdB As Byte()
  Public ReadOnly Property SignCount As Integer
End Class

Remarks

This event is fired when a user successfully logs in, i.e., after VerifyAuthenticationResponse returns without error.

The CredentialId parameter should be used to identify the locally stored credential that has been used to successfully log in.

Once the stored credential is identified, the signature counter of this credential record should be updated to the value in the SignCount parameter.

If stored previously, implementations may also query the BackupState and UvInitialized configs to update the credential record accordingly.

AuthenticationInfo Event (WebAuthn Component)

Fired when the component requests additional information regarding the existing credential.

Syntax

• C#
• VB.NET

public event OnAuthenticationInfoHandler OnAuthenticationInfo;

public delegate void OnAuthenticationInfoHandler(object sender, WebAuthnAuthenticationInfoEventArgs e);

public class WebAuthnAuthenticationInfoEventArgs : EventArgs {
  public string CredentialId { get; }
  public byte[] CredentialIdB { get; }
  public bool Cancel { get; set; }
  public string PublicKey { get; set; }
  public string Algorithm { get; set; }
  public int SignCount { get; set; }
}

Public Event OnAuthenticationInfo As OnAuthenticationInfoHandler

Public Delegate Sub OnAuthenticationInfoHandler(sender As Object, e As WebAuthnAuthenticationInfoEventArgs)

Public Class WebAuthnAuthenticationInfoEventArgs Inherits EventArgs
  Public ReadOnly Property CredentialId As String
  Public ReadOnly Property CredentialIdB As Byte()
  Public Property Cancel As Boolean
  Public Property PublicKey As String
  Public Property Algorithm As String
  Public Property SignCount As Integer
End Class

Remarks

This event is fired when the component requests additional information regarding the existing credential after calling VerifyAuthenticationResponse.

The CredentialId parameter specifies the credential Id of the existing credential.

The Cancel parameter may be utilized to cancel the authentication of the current user or credential.

To handle this event appropriately, the CredentialId parameter should be utilized to check the existing credential database. If the credential does not exist in the database, authentication should fail, and the Cancel parameter should be set to true.

Otherwise, if the credential exists, PublicKey, Algorithm, and SignCount should be set to their relevant values associated with the credential. Additionally, the UserName (and possibly UserId) should be set to their relevant values. The component will utilize these to complete the verification and authentication process.

If stored previously, implementations may optionally set the BackupEligible config for use during verification.

Error Event (WebAuthn Component)

Fired when information is available about errors during data delivery.

Syntax

• C#
• VB.NET

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, WebAuthnErrorEventArgs e);

public class WebAuthnErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}

Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As WebAuthnErrorEventArgs)

Public Class WebAuthnErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component throws an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Extension Event (WebAuthn Component)

Fired when an extension is found while verifying an authenticator response.

Syntax

• C#
• VB.NET

public event OnExtensionHandler OnExtension;

public delegate void OnExtensionHandler(object sender, WebAuthnExtensionEventArgs e);

public class WebAuthnExtensionEventArgs : EventArgs {
  public string Name { get; }
  public string Value { get; }
  public int ValueType { get; }
}

Public Event OnExtension As OnExtensionHandler

Public Delegate Sub OnExtensionHandler(sender As Object, e As WebAuthnExtensionEventArgs)

Public Class WebAuthnExtensionEventArgs Inherits EventArgs
  Public ReadOnly Property Name As String
  Public ReadOnly Property Value As String
  Public ReadOnly Property ValueType As Integer
End Class

Remarks

This event is fired when an extension is found while verifying an authenticator response using either VerifyRegistrationResponse or VerifyAuthenticationResponse. Any extensions from the parsed response will be added to the Extensions collection and may be manually verified in RegistrationInfo or AuthenticationInfo.

The Name parameter specifies the name of the extension.

The Value parameter specifies the value of the extension.

The ValueType parameter specifies the type of the value. Possible values are as follows:

• 0 (Object)
• 1 (Array)
• 2 (String)
• 3 (Number)
• 4 (Bool)
• 5 (Null)
• 6 (Raw)

The component will not interpret the extensions found, and it will be up to the developer to interpret the extensions accordingly. For more information and an example, please see AddExtension.

Log Event (WebAuthn Component)

Fired once for each log message.

Syntax

• C#
• VB.NET

public event OnLogHandler OnLog;

public delegate void OnLogHandler(object sender, WebAuthnLogEventArgs e);

public class WebAuthnLogEventArgs : EventArgs {
  public int LogLevel { get; }
  public string Message { get; }
  public string LogType { get; }
}

Public Event OnLog As OnLogHandler

Public Delegate Sub OnLogHandler(sender As Object, e As WebAuthnLogEventArgs)

Public Class WebAuthnLogEventArgs Inherits EventArgs
  Public ReadOnly Property LogLevel As Integer
  Public ReadOnly Property Message As String
  Public ReadOnly Property LogType As String
End Class

Remarks

This event is fired once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"

RegistrationComplete Event (WebAuthn Component)

Fired when a user is successfully registered.

Syntax

• C#
• VB.NET

public event OnRegistrationCompleteHandler OnRegistrationComplete;

public delegate void OnRegistrationCompleteHandler(object sender, WebAuthnRegistrationCompleteEventArgs e);

public class WebAuthnRegistrationCompleteEventArgs : EventArgs {
  public string CredentialId { get; }
  public byte[] CredentialIdB { get; }
  public string UserName { get; }
  public string PublicKey { get; }
  public int SignCount { get; }
  public string Algorithm { get; }
}

Public Event OnRegistrationComplete As OnRegistrationCompleteHandler

Public Delegate Sub OnRegistrationCompleteHandler(sender As Object, e As WebAuthnRegistrationCompleteEventArgs)

Public Class WebAuthnRegistrationCompleteEventArgs Inherits EventArgs
  Public ReadOnly Property CredentialId As String
  Public ReadOnly Property CredentialIdB As Byte()
  Public ReadOnly Property UserName As String
  Public ReadOnly Property PublicKey As String
  Public ReadOnly Property SignCount As Integer
  Public ReadOnly Property Algorithm As String
End Class

Remarks

This event is fired when a user is successfully registered, i.e., after VerifyRegistrationResponse returns without error.

The CredentialId parameter indicates the credential Id of the new credential associated with the current UserName.

Along with the credential Id, the PublicKey, SignCount, and Algorithm parameters must be stored for future use. Specifically, these parameters will be utilized during authentication, when VerifyAuthenticationResponse is called. These parameters should be directly associated with the specific user this credential was created for.

Implementations may optionally store the BackupState, BackupEligible, UvInitialized configs for future use. Please refer to the config descriptions for additional details.

RegistrationInfo Event (WebAuthn Component)

Fired when the component requests additional information regarding the new credential.

Syntax

• C#
• VB.NET

public event OnRegistrationInfoHandler OnRegistrationInfo;

public delegate void OnRegistrationInfoHandler(object sender, WebAuthnRegistrationInfoEventArgs e);

public class WebAuthnRegistrationInfoEventArgs : EventArgs {
  public string CredentialId { get; }
  public byte[] CredentialIdB { get; }
  public bool Cancel { get; set; }
}

Public Event OnRegistrationInfo As OnRegistrationInfoHandler

Public Delegate Sub OnRegistrationInfoHandler(sender As Object, e As WebAuthnRegistrationInfoEventArgs)

Public Class WebAuthnRegistrationInfoEventArgs Inherits EventArgs
  Public ReadOnly Property CredentialId As String
  Public ReadOnly Property CredentialIdB As Byte()
  Public Property Cancel As Boolean
End Class

Remarks

This event is fired when the component requests additional information regarding the new credential after calling VerifyRegistrationResponse.

The Cancel parameter may be utilized to cancel the authentication of the current user or credential.

To handle this event appropriately, the CredentialId parameter should be utilized to check the existing credential database. If the credential Id already exists in the database for any user, this implies that registration should fail. In this case, the Cancel parameter should be set to true.

Otherwise, if the credential Id does not exist in the existing credential database, the Cancel parameter should not be modified, and verification will succeed.

WACredential Type

Represents a WebAuthn credential record.

Remarks

This type represents a WebAuthn credential record.

• Id
• PublicKey
• SignAlgorithm
• SignCount

Fields

Constructors

• C#
• VB.NET

public WACredential();

Public WACredential()

WAExtension Type

Represents an extension that will either be sent to the client and authenticator, or has been received from the client and authenticator.

Remarks

This type represents an extension that will either be sent to the client and authenticator, or has been received from the client and authenticator.

• Name
• Value
• ValueType

Fields

Constructors

• C#
• VB.NET

public WAExtension();

Public WAExtension()

Config Settings (WebAuthn Component)

WebAuthn Config Settings

Base Config Settings

Trappable Errors (WebAuthn Component)