UserConsentVerifier Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Checks for availability of a verification device (such as a Microsoft Passport PIN, Windows Hello biometric, or fingerprint reader), and performs a verification.
public ref class UserConsentVerifier abstract sealed/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
/// [Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
class UserConsentVerifier final[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
[Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
public static class UserConsentVerifierPublic Class UserConsentVerifier- Inheritance
- Attributes
Windows requirements
| Device family |
Windows 10 (introduced in 10.0.10240.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced in v1.0)
|
Examples
Desktop apps using C#
For a desktop app, instead of calling the UserConsentVerifier.RequestVerificationAsync method, you'll need to:
- First Retrieve a window handle (HWND). That topic contains code examples for Windows UI Library (WinUI) 3, Windows Presentation Foundation (WPF), and Windows Forms (WinForms). Plug that code into the code listing below.
- Then call the RequestVerificationForWindowAsync method of the Windows.Security.Credentials.UI.UserConsentVerifierInterop C# interop class. For more info about the C# interop classes, see Call interop APIs from a .NET app. Also see Display WinRT UI objects that depend on CoreWindow.
private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
string returnMessage;
// Retrieve the window handle of the current WinUI 3 window.
var hwnd = WinRT.Interop.WindowNative.GetWindowHandle(this);
// Use the interop interface to request the logged on user's consent via device authentication
var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifierInterop.RequestVerificationForWindowAsync(hwnd, userMessage);
switch (consentResult)
{
case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
returnMessage = "User verified.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
returnMessage = "Authentication device is busy.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
returnMessage = "No authentication device found.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
returnMessage = "Authentication device verification is disabled by policy.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
returnMessage = "Please go to Account Settings to set up PIN or other advanced authentication.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
returnMessage = "There have been too many failed attempts. Device authentication canceled.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
returnMessage = "Device authentication canceled.";
break;
default:
returnMessage = "Authentication device is currently unavailable.";
break;
}
return returnMessage;
}
Universal Windows Platform (UWP) apps using C#
This code example is for a Universal Windows Platform (UWP) app. It shows a request for fingerprint verification followed by returning a message that describes the result. The code calls the UserConsentVerifier.RequestVerificationAsync method, which is appropriate for UWP apps.
private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
string returnMessage;
// Request the logged on user's consent via authentication device.
var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifier.RequestVerificationAsync(userMessage);
switch (consentResult)
{
case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
returnMessage = "User verified.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
returnMessage = "Authentication device is busy.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
returnMessage = "No authentication device found.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
returnMessage = "Authentication device verification is disabled by policy.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
returnMessage = "Please go to Account Settings to set up PIN or other advanced authentication.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
returnMessage = "There have been too many failed attempts. Device authentication canceled.";
break;
case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
returnMessage = "Device authentication canceled.";
break;
default:
returnMessage = "Authentication device is currently unavailable.";
break;
}
return returnMessage;
}
Desktop apps using C++/WinRT
For a desktop app, instead of calling the UserConsentVerifier.RequestVerificationAsync method, you'll need to:
- First obtain the handle to the window that will request the verification. See Retrieve a window handle (HWND) for details on how to do this for the Windows UI Library (WinUI) 3.
- Obtain the activation factory for the Windows.Security.Credentials.UI.UserConsentVerifier object.
- Call the RequestVerificationForWindowAsync method of the IUserConsentVerifierInterop interop interface.
winrt::Windows::Foundation::IAsyncOperation<winrt::hstring> MainWindow::RequestConsent(winrt::hstring userMessage)
{
auto lifetime = get_strong();
winrt::hstring returnMessage;
// Retrieve the window handle of the current WinUI 3 window.
HWND hwnd;
winrt::check_hresult(m_inner->as<::IWindowNative>()->get_WindowHandle(&hwnd));
// Use the interop interface to request the logged on user's consent via device authentication
auto interop = winrt::get_activation_factory<winrt::Windows::Security::Credentials::UI::UserConsentVerifier, ::IUserConsentVerifierInterop>();
auto consentResult =
co_await winrt::capture<winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult>>(
interop, &::IUserConsentVerifierInterop::RequestVerificationForWindowAsync, hwnd, reinterpret_cast<HSTRING>(winrt::get_abi(userMessage))));
switch (consentResult)
{
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::Verified:
returnMessage = L"User verified.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DeviceBusy:
returnMessage = L"Authentication device is busy.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DeviceNotPresent:
returnMessage = L"No authentication device found.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DisabledByPolicy:
returnMessage = L"Authentication device verification is disabled by policy.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::NotConfiguredForUser:
returnMessage = L"Please go to Account Settings to set up PIN or other advanced authentication.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::RetriesExhausted:
returnMessage = L"There have been too many failed attempts. Device authentication canceled.";
break;
case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::Canceled:
returnMessage = L"Device authentication canceled.";
break;
default:
returnMessage = L"Authentication device is currently unavailable.";
break;
}
co_return returnMessage;
}
Remarks
You can use UserConsentVerifier to enhance the security of your app by including a request for verification whenever the user is required to consent to a particular action. For example, you can require fingerprint authentication before authorizing an in-app purchase or access to restricted resources. You can use UserConsentVerifier to determine whether fingerprint authentication is supported for the current computer by using the CheckAvailabilityAsync method, and then request user consent from a fingerprint scan by using the RequestVerificationAsync method.
Methods
| CheckAvailabilityAsync() |
Checks to see whether an authentication device, such as a Microsoft Passport PIN, Windows Hello, or fingerprint reader, is available. |
| RequestVerificationAsync(String) |
Performs a verification using an authentication device such as Microsoft Passport PIN, Windows Hello, or a fingerprint reader. This API is for Universal Windows Platform (UWP) apps. The alternative API to use for a desktop app is described in Examples in UserConsentVerifier class. |