Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fido2VerificationException is thrown at Controller.MakeCredential method.

See original GitHub issue

Acquiring solution from the latest master branch and executing this on local, the following exception was thrown at Controller.MakeCredential method. But, this is working properly on your demo site. I confirmed on the console of chrome, but error is not occurred.

Fido2NetLib.Fido2VerificationException: Exception of type 'Fido2NetLib.Fido2VerificationException' was thrown.
   at Fido2NetLib.AuthenticatorResponse.BaseVerify(String expectedOrigin, Byte[] originalChallenge, Byte[] requestTokenBindingId) in \fido2-net-lib\fido2-net-lib\AuthenticatorResponse.cs:line 64
   at Fido2NetLib.AuthenticatorAttestationResponse.VerifyAsync(CredentialCreateOptions originalOptions, String expectedOrigin, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, Byte[] requestTokenBindingId) in \fido2-net-lib\fido2-net-lib\AuthenticatorAttestationResponse.cs:line 177
   at Fido2NetLib.Fido2.MakeNewCredentialAsync(AuthenticatorAttestationRawResponse attestionResponse, CredentialCreateOptions origChallenge, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, Byte[] requestTokenBindingId) in \fido2-net-lib\fido2-net-lib\Fido2NetLib.cs:line 93
   at Fido2Demo.MyController.MakeCredential(AuthenticatorAttestationRawResponse attestationResponse) in \fido2-net-lib\Fido2Demo\Controller.cs:line 81
   at lambda_method(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

This is displayed as following on console of chrome

:4728/makeCredential:1 Failed to load resource: the server responded with a status of 500 (Internal Server Error)

I am using YubiKey as authenticator. And, the following json data is posted to Controller.MakeCredential method.

{
	"id": "wOliPOJgXxqHrne1eFboQ9BD_IgrC1Wqq5M8peNRADZXD0jhmz_lJzB5JWqyBWQxL51JBXp16NDM8lpTkdgSrQ",
	"rawId": "wOliPOJgXxqHrne1eFboQ9BD_IgrC1Wqq5M8peNRADZXD0jhmz_lJzB5JWqyBWQxL51JBXp16NDM8lpTkdgSrQ",
	"type": "public-key",
	"response": {
		"AttestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMDpYjziYF8ah653tXhW6EPQQ_yIKwtVqquTPKXjUQA2Vw9I4Zs_5ScweSVqsgVkMS-dSQV6dejQzPJaU5HYEq2lAQIDJiABIVggc3EBnpl-GGLh3i-c5Or05YwcFznBhd-YAn64BBXU7y0iWCBh_I6c4w5SB2tZ1dze_KlhyAtoG6YQP5u0j-h-Q857Xg",
		"clientDataJson": "eyJjaGFsbGVuZ2UiOiJaYmk5WkFaNk9yV2NGUW1aRGpnS3M3NmxjQzNBaGlUSEJnR3NlS2dLOTZieTUyNFdRQm5wUUlNNVdjVFRidGdwN2l5RmZyWjh6ZUdLQWVnQWVVWHk1dyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDcyOCIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ"
	}
}

Issue Analytics

State:
Created 5 years ago
Comments:11

Top GitHub Comments

1reaction

aseiglercommented, Apr 15, 2019

@daisukenishino2, this is a very nice writeup and your IdP integration is a great success story! Thanks for sharing it with us!

“Server Requirements and Transport Binding Profile”: I need to re-read this, I am not exactly sure what is not in compliance here
“MDSAccessKey”: This is the access token referenced here: https://fidoalliance.org/metadata/. It is used by the library to access production metadata. The metadata is used with certain attestation types to verify that the information in the attestation matches the corresponding characteristics for the authenticator used (determined by the aaguid in the attestedCredentialData in authData), as described in the retrieved metadata. A relying party may also use this metadata to allow or prohibit users from registering authenticators with specific characteristics. For example, a relying party may only wish to allow authenticators that support a certain type of user verification (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#user-verification-methods), the metadata provides a framework to allow this sort of scenario. The metadata for an authenticator often includes an image of the authenticator, provided by the authenticator vendor. The relying party can then display this image for the user during login or other operations.
“DevelopmentInMemoryStore”: I agree this could stand some improvement, but I am not certain what direction to go for ease of use. We are certainly open to suggestions!

@abergs, take a look at the JavaScript feedback, see if we can use it with the new demo web page

1reaction

daisukenishino2commented, Apr 15, 2019

@abergs , @aseigler

I implemented webauthn using fido2-net-lib to my Idp. And, summarized the feedback in following page. https://gist.github.com/daisukenishino2/204f16d612831421ab7451861a29c001