This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 56.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
I am writing C++ native application using WebAuthn.dll using WebAuthn.h for FIDO2 for an IdP.
In this application, i am using the following APIs of WebAuthn.dll
Developer Environment:
++++++++++++++++++++++
OS: Windows10
Version: 1909
VisualStudio : 2019
Windows SDK version: 10.0.18362.0
Reference header file: https://github.com/microsoft/webauthn.h
To fill the structures for the below API to "MakeCredential"
we are making a call to the following URLs with the respective payloads in Json format:
For Registration:
+++++++++++++++++
These 3 calls are post calls
1)
URL: "https://url/...."
Payload: {"username":"","password":""}
2)
URL: https://url/....
Payload: {"factorType":"webauthn","provider":"FIDO","stateToken":""}
3)
Client data for registration: {"type":"webauthn.create","challenge":"","origin":"https://url","crossOrigin":false}
URL: https://url/....
Payload: {"attestation":"", "clientData":"","stateToken":""}
This attestation data is obtained from the below call from the output parameter "PWEBAUTHN_CREDENTIAL_ATTESTATION" i.e., pbAttestationObject from the below API MakeCredential().
Step3 payload data attestation and clientData is converted to base64 fomat...
API for Registration:
+++++++++++++++++++++
HRESULT WINAPI WebAuthNAuthenticatorMakeCredential(
In HWND hWnd,
In PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation,
In PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation,
In PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams,
In PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData,
_In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions,
_Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation);
For Authentication:
+++++++++++++++++++
To fill the structures for the below API to "MakeCredential"
we are making a call to the following URLs with the respective payloads in Json format:
These 3 calls are POST calls
1)
URL : https://url/....
Payload: {"username":"","password":""}
2)
URL: https://url/....
Payload: {"stateToken":""}
3)
Client data for authentication: {"type":"webauthn.get","challenge":"","origin":"https://url","crossOrigin":false}
URL:https://url/....
Payload: {"authenticatorData":"","clientData":"","signatureData":"","stateToken":""}
Here the authenticatorData and signatureData are obtained from this "PWEBAUTHN_ASSERTION" structure which is an output parameter for GetAssertion() call from the below api.
The data is then converted to base64 format, and then sent to the Relying party server for Verification... using a post call
API for Authentication:
+++++++++++++++++++++++
HRESULT WINAPI WebAuthNAuthenticatorGetAssertion(
In HWND hWnd,
In LPCWSTR pwszRpId,
In PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData,
_In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions,
_Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion);
These two APIs talk to the TPM to makecredentials during Registration and GetAssertion durinn the Authentication process.
When i use these apis in my code i get S_OK response during the registration and Authentication, when i trap on my fingerprint reader of My PC using Windows Hello
With the attestation data received from MakeCredential API's "PWEBAUTHN_CREDENTIAL_ATTESTATION output parameter pbAttestationObject" ,
And make a call to IDp for registration with the challenge, i am able to get registered in the relying party server.
Again with the Authenticator data received from WebAuthNAuthenticatorGetAssertion()'s PWEBAUTHN_ASSERTION structure's data pbAuthenticatorData
which is an output parameter i am not able to get Authentication success from the Relying party server when i make a post call.
I get an Http error 403 forbidden......
i have also refered to this blog in the following link:
https://social.msdn.microsoft.com/Forums/en-US/16692253-327c-4247-b657-42e484d84a53/webauthndll-in-windows-10-ltsc?forum=windowssecurity
As discussed in the blog for "WebAuthn.dll in windows 10 ltsc RRS feed Archived Forums > Application Security for Windows Desktop"
I am running the application with Admin previlages....
But still i get an Http error 403 forbidden ......
Both the Registration and Authentication or two part of my code which is as a single Application.
Could any one help me out in this regards to get my authentication Success..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
According to your description, I suggest that you'd better post this issue to Application Security for Windows Desktop - Msdn forum. As they will be more professional on your issue, it's a right place you could get more help.
https://social.msdn.microsoft.com/Forums/en-US/home?forum=windowssecurity
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl