Overview

Overview

The Rock Solid Knowledge FIDO2 component for .NET 6.0 and .NET 8 allows you to build web applications that can authenticate users using password-less or any FIDO2 compatible authenticator device. Configuring the component will allow your .NET web application to act as a FIDO2 relying party, generating registration and authentication requests, validating responses, and storing public keys.

Authentication using FIDO2 requires a browser with the WebAuthn JS API, and a valid authenticator (e.g. a CTAP1/CTAP2 roaming authenticator, or OS platform authenticator).

Our component aims to be as simple as possible to use, with minimal FIDO knowledge necessary. We support .NET 6.0, and .NET 8.0. The component can be installed directly on the Web Application that requires it, or used as an API.

At a high level, our FIDO2 component has a single entry point, IFidoAuthentication, that consists of four methods

• InitiateRegistration and CompleteRegistration
• InitiateAuthentication and CompleteAuthentication

When registering a new FIDO Device, the InitiateRegistration method generates a WebAuthn Challenge, JavaScript is used to interact with the browser's WebAuthN API for attestation. The response is passed back to CompleteRegistration and the FIDO device will be registered for the user.

When authenticating using a FIDO Device the InitiateAuthentication method generates the WebAuthn challenge, JavaScript is used to interact with the browser's WebAuthN API for authentication. The response is passed back to CompleteAuthentication and the FIDO component will validate the response and return a UserId that can be used to sign a user in.

To learn more about FIDO2 and the WebAuthn API, we recommend the following resources:

• https://webauthn.guide/
• https://www.yubico.com/solutions/webauthn/
• https://www.w3.org/TR/webauthn/