Проверка подписи, созданной протоколом WebAuthn/Passkey на C# [дубликат] ⇐ C#

[Гость]

So I'm working around to add the new passkey technology to my .NET website. I was able to register the passkey, and save the public key to the database. However, I'm stuck with the authentication part. Google says core of the authentication is validating the signature. However I do not understand how to validate that. Here you can see my existing code, endpoint, it gets the model successfuly.

[HttpPost] public async Task VerifyWebAuthn([FromBody] WebAuthnVerifyModel model) { try { //Validate the do stuff here } catch (Exception ex) { Response.StatusCode = 500; return Json("Error"); } } And the models:

public class WebAuthnVerifyModel { public string Id { get; set; } public string RawId { get; set; } public string Type { get; set; } public ResponseData2 Response { get; set; } public string AuthenticatorAttachment { get; set; } } public class ResponseData2 { public string ClientDataJson { get; set; } public string AuthenticatorData { get; set; } public string Signature { get; set; } public string UserHandle { get; set; } } I understand that validating signature by yourself is not easy task, so I should use open source libraries for this. However there are many libraries and the libraries can be confusing. So I did not understand which library and how to integrate it in my project.


Источник: https://stackoverflow.com/questions/780 ... in-c-sharp