Namespace: DSInternals.Win32.WebAuthn
Assembly: DSInternals.Win32.WebAuthn.dll
Windows WebAuthn API
public class WebAuthnApiobject.Equals(object?), object.Equals(object?, object?), object.GetHashCode(), object.GetType(), object.MemberwiseClone(), object.ReferenceEquals(object?, object?), object.ToString()
Requires Windows 10 1903+ to work.
Initializes a new instance of the class.
public WebAuthnApi()Gets the API version information.
public static ApiVersion? ApiVersion { get; }Indicates the presence of APIs and features.
Indicates the availability of the WebAuthn API.
public static bool IsAvailable { get; }Indicates whether operation cancellation is supported by the API.
public bool IsCancellationSupported { get; }Indicates the availability of the Credential Blob extension.
public static bool IsCredBlobSupported { get; }Support for the credBlob extension was added in V3 API.
Indicates the availability of the Credential Protection extension.
public static bool IsCredProtectExtensionSupported { get; }Support for the credProtect extension was added in V2 API.
Indicates the availability of enterprise attestation.
public static bool IsEnterpriseAttestationSupported { get; }Support for the enterprise attestation was added in V3 API.
Indicates the support for linked device data.
public static bool IsHybridStorageLinkedDataSupported { get; }Support for linked device data was added in V7 API.
Indicates the availability of the large blobs.
public static bool IsLargeBlobSupported { get; }Support for the large blobs was added in V5 API.
Indicates the availability of the minimum PIN length extension.
public static bool IsMinPinLengthSupported { get; }Support for the minPinLength extension was added in V3 API.
Indicates the availability of the API for platform credential management.
public static bool IsPlatformCredentialManagementSupported { get; }Support for platform credential management was added in V4 API.
Indicates the API can differentiate between browser modes.
public static bool IsPrivateBrowserModeIndicatorSupported { get; }Support for the browser mode indicator was added in V5 API.
Indicates the availability of the psuedo-random function (PRF) extension.
public static bool IsPsuedoRandomFunctionSupported { get; }Support for the prf extension was added in V6 API.
Indicates the support for unsigned extension outputs.
public static bool IsUnsignedExtensionOutputSupported { get; }Support for the unsigned extension outputs was added in V7 API.
Indicates the availability of user-verifying platform authenticator (e.g. Windows Hello).
public static bool IsUserVerifyingPlatformAuthenticatorAvailable { get; }AuthenticatorGetAssertion(string, byte[], UserVerificationRequirement, AuthenticatorAttachment, int, IReadOnlyList<PublicKeyCredentialDescriptor>, AuthenticationExtensionsClientInputs, CredentialLargeBlobOperation, byte[], bool, HybridStorageLinkedData, WindowHandle)
Produces an assertion signature representing an assertion by the authenticator that the user has consented to a specific transaction, such as logging in or completing a purchase.
public AuthenticatorAssertionResponse AuthenticatorGetAssertion(string rpId, byte[] challenge, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> allowCredentials = null, AuthenticationExtensionsClientInputs extensions = null, CredentialLargeBlobOperation largeBlobOperation = CredentialLargeBlobOperation.None, byte[] largeBlob = null, bool browserInPrivateMode = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default)rpId string
challenge byte[]
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
timeoutMilliseconds int
allowCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
extensions AuthenticationExtensionsClientInputs
largeBlobOperation CredentialLargeBlobOperation
largeBlob byte[]
browserInPrivateMode bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
AuthenticatorAssertionResponse
AuthenticatorGetAssertion(string, CollectedClientData, UserVerificationRequirement, AuthenticatorAttachment, int, IReadOnlyList<PublicKeyCredentialDescriptor>, AuthenticationExtensionsClientInputs, CredentialLargeBlobOperation, byte[], bool, HybridStorageLinkedData, WindowHandle)
Produces an assertion signature representing an assertion by the authenticator that the user has consented to a specific transaction, such as logging in or completing a purchase.
public AuthenticatorAssertionResponse AuthenticatorGetAssertion(string rpId, CollectedClientData clientData, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> allowCredentials = null, AuthenticationExtensionsClientInputs extensions = null, CredentialLargeBlobOperation largeBlobOperation = CredentialLargeBlobOperation.None, byte[] largeBlob = null, bool browserInPrivateMode = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default)rpId string
clientData CollectedClientData
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
timeoutMilliseconds int
allowCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
extensions AuthenticationExtensionsClientInputs
largeBlobOperation CredentialLargeBlobOperation
largeBlob byte[]
browserInPrivateMode bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
AuthenticatorAssertionResponse
AuthenticatorGetAssertionAsync(string, byte[], UserVerificationRequirement, AuthenticatorAttachment, int, IReadOnlyList<PublicKeyCredentialDescriptor>, AuthenticationExtensionsClientInputs, CredentialLargeBlobOperation, byte[], bool, HybridStorageLinkedData, WindowHandle, CancellationToken)
Produces an assertion signature representing an assertion by the authenticator that the user has consented to a specific transaction, such as logging in or completing a purchase.
public Task<AuthenticatorAssertionResponse> AuthenticatorGetAssertionAsync(string rpId, byte[] challenge, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> allowCredentials = null, AuthenticationExtensionsClientInputs extensions = null, CredentialLargeBlobOperation largeBlobOperation = CredentialLargeBlobOperation.None, byte[] largeBlob = null, bool browserInPrivateMode = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default, CancellationToken cancellationToken = default)rpId string
challenge byte[]
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
timeoutMilliseconds int
allowCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
extensions AuthenticationExtensionsClientInputs
largeBlobOperation CredentialLargeBlobOperation
largeBlob byte[]
browserInPrivateMode bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
cancellationToken CancellationToken
Task<AuthenticatorAssertionResponse>
AuthenticatorGetAssertionAsync(string, CollectedClientData, UserVerificationRequirement, AuthenticatorAttachment, int, IReadOnlyList<PublicKeyCredentialDescriptor>, AuthenticationExtensionsClientInputs, CredentialLargeBlobOperation, byte[], bool, HybridStorageLinkedData, WindowHandle, CancellationToken)
Produces an assertion signature representing an assertion by the authenticator that the user has consented to a specific transaction, such as logging in or completing a purchase.
public Task<AuthenticatorAssertionResponse> AuthenticatorGetAssertionAsync(string rpId, CollectedClientData clientData, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> allowCredentials = null, AuthenticationExtensionsClientInputs extenstions = null, CredentialLargeBlobOperation largeBlobOperation = CredentialLargeBlobOperation.None, byte[] largeBlob = null, bool browserInPrivateMode = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default, CancellationToken cancellationToken = default)rpId string
clientData CollectedClientData
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
timeoutMilliseconds int
allowCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
extenstions AuthenticationExtensionsClientInputs
largeBlobOperation CredentialLargeBlobOperation
largeBlob byte[]
browserInPrivateMode bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
cancellationToken CancellationToken
Task<AuthenticatorAssertionResponse>
Creates a public key credential source bound to a managing authenticator and returns the credential public key associated with its credential private key.
public PublicKeyCredential AuthenticatorMakeCredential(PublicKeyCredentialCreationOptions options)options PublicKeyCredentialCreationOptions
AuthenticatorMakeCredential(RelyingPartyInformation, UserInformation, byte[], UserVerificationRequirement, AuthenticatorAttachment, bool, Algorithm[], AttestationConveyancePreference, int, IReadOnlyList<PublicKeyCredentialDescriptor>, EnterpriseAttestationType, AuthenticationExtensionsClientInputs, LargeBlobSupport, bool, bool, bool, HybridStorageLinkedData, WindowHandle)
Creates a public key credential source bound to a managing authenticator and returns the credential public key associated with its credential private key.
public PublicKeyCredential AuthenticatorMakeCredential(RelyingPartyInformation rpEntity, UserInformation userEntity, byte[] challenge, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, bool requireResidentKey = false, Algorithm[] pubKeyCredParams = null, AttestationConveyancePreference attestationConveyancePreference = AttestationConveyancePreference.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials = null, EnterpriseAttestationType enterpriseAttestation = EnterpriseAttestationType.None, AuthenticationExtensionsClientInputs extensions = null, LargeBlobSupport largeBlobSupport = LargeBlobSupport.None, bool preferResidentKey = false, bool browserInPrivateMode = false, bool enablePseudoRandomFunction = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default)rpEntity RelyingPartyInformation
userEntity UserInformation
challenge byte[]
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
requireResidentKey bool
pubKeyCredParams Algorithm[]
attestationConveyancePreference AttestationConveyancePreference
timeoutMilliseconds int
excludeCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
enterpriseAttestation EnterpriseAttestationType
extensions AuthenticationExtensionsClientInputs
largeBlobSupport LargeBlobSupport
preferResidentKey bool
browserInPrivateMode bool
enablePseudoRandomFunction bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
AuthenticatorMakeCredential(RelyingPartyInformation, UserInformation, CollectedClientData, UserVerificationRequirement, AuthenticatorAttachment, bool, Algorithm[], AttestationConveyancePreference, int, IReadOnlyList<PublicKeyCredentialDescriptor>, EnterpriseAttestationType, AuthenticationExtensionsClientInputs, LargeBlobSupport, bool, bool, bool, HybridStorageLinkedData, WindowHandle)
Creates a public key credential source bound to a managing authenticator and returns the credential public key associated with its credential private key.
public PublicKeyCredential AuthenticatorMakeCredential(RelyingPartyInformation rpEntity, UserInformation userEntity, CollectedClientData clientData, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, bool requireResidentKey = false, Algorithm[] pubKeyCredParams = null, AttestationConveyancePreference attestationConveyancePreference = AttestationConveyancePreference.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials = null, EnterpriseAttestationType enterpriseAttestation = EnterpriseAttestationType.None, AuthenticationExtensionsClientInputs extensions = null, LargeBlobSupport largeBlobSupport = LargeBlobSupport.None, bool preferResidentKey = false, bool browserInPrivateMode = false, bool enablePseudoRandomFunction = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default)rpEntity RelyingPartyInformation
userEntity UserInformation
clientData CollectedClientData
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
requireResidentKey bool
pubKeyCredParams Algorithm[]
attestationConveyancePreference AttestationConveyancePreference
timeoutMilliseconds int
excludeCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
enterpriseAttestation EnterpriseAttestationType
extensions AuthenticationExtensionsClientInputs
largeBlobSupport LargeBlobSupport
preferResidentKey bool
browserInPrivateMode bool
enablePseudoRandomFunction bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
AuthenticatorMakeCredentialAsync(RelyingPartyInformation, UserInformation, byte[], UserVerificationRequirement, AuthenticatorAttachment, bool, Algorithm[], AttestationConveyancePreference, int, AuthenticationExtensionsClientInputs, IReadOnlyList<PublicKeyCredentialDescriptor>, EnterpriseAttestationType, LargeBlobSupport, bool, bool, bool, HybridStorageLinkedData, WindowHandle, CancellationToken)
Creates a public key credential source bound to a managing authenticator and returns the credential public key associated with its credential private key.
public Task<PublicKeyCredential> AuthenticatorMakeCredentialAsync(RelyingPartyInformation rpEntity, UserInformation userEntity, byte[] challenge, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, bool requireResidentKey = false, Algorithm[] pubKeyCredParams = null, AttestationConveyancePreference attestationConveyancePreference = AttestationConveyancePreference.Any, int timeoutMilliseconds = 60000, AuthenticationExtensionsClientInputs extensions = null, IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials = null, EnterpriseAttestationType enterpriseAttestation = EnterpriseAttestationType.None, LargeBlobSupport largeBlobSupport = LargeBlobSupport.None, bool preferResidentKey = false, bool browserInPrivateMode = false, bool enablePseudoRandomFunction = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default, CancellationToken cancellationToken = default)rpEntity RelyingPartyInformation
userEntity UserInformation
challenge byte[]
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
requireResidentKey bool
pubKeyCredParams Algorithm[]
attestationConveyancePreference AttestationConveyancePreference
timeoutMilliseconds int
extensions AuthenticationExtensionsClientInputs
excludeCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
enterpriseAttestation EnterpriseAttestationType
largeBlobSupport LargeBlobSupport
preferResidentKey bool
browserInPrivateMode bool
enablePseudoRandomFunction bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
cancellationToken CancellationToken
AuthenticatorMakeCredentialAsync(RelyingPartyInformation, UserInformation, CollectedClientData, UserVerificationRequirement, AuthenticatorAttachment, bool, Algorithm[], AttestationConveyancePreference, int, IReadOnlyList<PublicKeyCredentialDescriptor>, EnterpriseAttestationType, AuthenticationExtensionsClientInputs, LargeBlobSupport, bool, bool, bool, HybridStorageLinkedData, WindowHandle, CancellationToken)
Creates a public key credential source bound to a managing authenticator and returns the credential public key associated with its credential private key.
public Task<PublicKeyCredential> AuthenticatorMakeCredentialAsync(RelyingPartyInformation rpEntity, UserInformation userEntity, CollectedClientData clientData, UserVerificationRequirement userVerificationRequirement, AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.Any, bool requireResidentKey = false, Algorithm[] pubKeyCredParams = null, AttestationConveyancePreference attestationConveyancePreference = AttestationConveyancePreference.Any, int timeoutMilliseconds = 60000, IReadOnlyList<PublicKeyCredentialDescriptor> excludeCredentials = null, EnterpriseAttestationType enterpriseAttestation = EnterpriseAttestationType.None, AuthenticationExtensionsClientInputs extensions = null, LargeBlobSupport largeBlobSupport = LargeBlobSupport.None, bool preferResidentKey = false, bool browserInPrivateMode = false, bool enablePseudoRandomFunction = false, HybridStorageLinkedData linkedDevice = null, WindowHandle windowHandle = default, CancellationToken cancellationToken = default)rpEntity RelyingPartyInformation
userEntity UserInformation
clientData CollectedClientData
userVerificationRequirement UserVerificationRequirement
authenticatorAttachment AuthenticatorAttachment
requireResidentKey bool
pubKeyCredParams Algorithm[]
attestationConveyancePreference AttestationConveyancePreference
timeoutMilliseconds int
excludeCredentials IReadOnlyList<PublicKeyCredentialDescriptor>
enterpriseAttestation EnterpriseAttestationType
extensions AuthenticationExtensionsClientInputs
largeBlobSupport LargeBlobSupport
preferResidentKey bool
browserInPrivateMode bool
enablePseudoRandomFunction bool
linkedDevice HybridStorageLinkedData
windowHandle WindowHandle
cancellationToken CancellationToken
Cancels the WebAuthn operation currently in progress.
public void CancelCurrentOperation()When this operation is invoked by the client in an authenticator session, it has the effect of terminating any AuthenticatorMakeCredential or AuthenticatorGetAssertion operation currently in progress in that authenticator session. The authenticator stops prompting for, or accepting, any user input related to authorizing the canceled operation. The client ignores any further responses from the authenticator for the canceled operation.
Removes a Public Key Credential Source stored on a Virtual Authenticator.
public static void DeletePlatformCredential(byte[] credentialId)credentialId byte[]
The ID of the credential to be removed.
Gets the list of stored credentials.
public static IList<CredentialDetails> GetPlatformCredentialList(string rpId = null, bool browserInPrivateMode = false)rpId string
Optional Id of the relying party that is making the request.
browserInPrivateMode bool
Indicates whether the browser is in private mode.