FIDO2 & WebAuthn Proof of Concept
This implementation is currently undergoing a rewrite, moving away from a proof of concept towards more of a reference implementation for the core WebAuthn validation process. This is useful for demos, training, and understanding the basics of WebAuthn. This was initially implemented over a weekend, so there are plenty of hard-coded values hanging about from the initial hack.
This is a proof of concept implementation of a WebAuthn (FIDO2) relying party in ASP.NET Core.
A WebAuthn relying party is a web server that invokes the WebAuthn API for FIDO authentication.
This is a reference implementation that only includes the basic functionality required to handle the core registration and authentication process. It is designed to get you up and running with WebAuthn and FIDO2 as quickly as possible, without the need for custom controllers/APIs or the management of temporary data and license keys.
To get started with this implementation, download the codebase and run the sample. Step through the code and get a feel for how WebAuthn works. If there is demand, I will upload the library to nuget; however, I currently have no plans to do so.
Current rewrite limitations:
This implementation does not include the full enterprise features required for FIDO2 certification such as:
These are no-fun to implement, and, in my opinion, aren't the main selling points of FIDO/WebAuthn.
For enterprise-level features, consider open source or commercial alternatives.