The goal is to verify the authenticity and integrity of the data returned by the client, ensure that the credential is bound to the expected user, and safely register a public key credential for future authentication.
The server must validate the client response following these steps:
{
"id": "base64url-encoded credential ID",
"rawId": "base64url-encoded ID bytes",
"response": {
"clientDataJSON": "base64url",
"attestationObject": "base64url"
},
"type": "public-key"
}
If the response sent by the client is valid, the event OnWebAuthnRegistrationSuccessful is called and the Credential Record can be safely stored into a database for future logins validations.
void OnWebAuthnRegistrationSuccessful(
object sender,
WebAuthnRegistration registration,
WebAuthnCredentialRecord credentialRecord,
ref bool accept)
{
// Store in a database
using (var cmd = dbConnection.CreateCommand())
{
cmd.CommandText = "INSERT INTO Credentials (Credentials) VALUES (@json)";
var param = cmd.CreateParameter();
param.ParameterName = "@json";
param.Value = credentialRecord.AsJson(); // or .AsJSON depending on naming
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
}
}
If there is any error while validating the client response, the event OnWebAuthnRegistrationError is called and you can access the reason for the error in the parameter aError.
void OnWebAuthnRegistrationError(
object sender,
WebAuthnRegistrationVerifyRequest request,
WebAuthnRegistration registration,
string error)
{
Log("#webauthn_registration_error: " + error);
}