I'm testing WebAuthn (https://webauthn.me) with the intent to implement it in a web portal. However, I need Windows users to be able to use Fingerprint sign in, not just USB Security Key.
When testing from Windows 10/Chrome (latest) I only get the option to use USB Security Key, even though the laptop has a built-in fingerprint reader that is connected to Windows Hello (I can sign into Windows with the fingerprint reader). Also PIN and Password are enabled in Windows hello.
I do not have a USB Security Key device, and have never had one setup with this computer.
However, when I test WebAuthn.me and click the Register button, I am prompted with the options "External security key or built-in sensor" and "Add a new Android phone". When I select the option "External security key or built-in sensor", Windows pops up a modal box asking me to set up my security key:
However, there is no option to use a fingerprint, PIN, or password instead.
Since the fingerprint reader and PIN/Password are integrated into Windows Hello, and actively working, why won't it let me choose any of those options instead of the physical USB Security Key? Is there a parameter in the WebAuthn request that I'm missing or possibly a registry change that needs to be made?
Note that WebAuthn.me works as expected on Android Chrome (option to use Lock Screen as the login method allows fingerprint, code, etc, to be used).
Thanks for any explanation of why Windows would hide the Fingerprint/PIN/Password options and only allow USB Security Key when Windows Hello already knows about the fingerprint reader, PIN and Password as legitimate ways to authenticate the user.
Windows Hello requires RS256 (alg: -257) to be added to the pubKeyCredParams array. Try using https://webauthn.me/debugger which enables this by default.
Related
I'm trying to download a video rom the device portal I shot with the hololens app , but the file doesn't download when I select [save].
The state is similar to the example below but I am connected via wifi and connect to the device portal from the IP address of the hololens.
Is there another way to access Hololens LocalAppData other than the Windows Device Portal?
This is a known issue, and we're working hard to address these and have root caused most of them, with fixes being prepared for a device OS update. Besides, Firefox will work for some people, but it is not a reliable workaround.
You can try to download your video via Webbrowser or via the software Microsoft Hololens.
This is from the known issue. This worked for me on Chrome.
Workaround
This workaround, which applies equally to Wi-Fi and UsbNcm, is to disable the "required" option under "SSL Connection". To do so, navigate to Device Portal, System, and select the Preferences page. In the Device Security section, locate SSL Connection, and uncheck to disable Required.
The user should then go to http://, not https:// (IP address) and features like file upload and download will work.
I'm testing smart cards using ACR122U. However, when I put a card on it, Windows will automatically send APDU commands to it.
According to the question windows 8 disable smartcard plug and play, I disabled Smart Card Plug And Play. But I can still see the PIV selection which is called Winscard Discovery.
How can I disable this in Windows 10?
You have 3 solutions
1) Edit computer policies
Launch gpedit.msc
Section Computer Configuration --> Administrative Templates --> Windows Components --> Smart Card
Disable Smartcard driver popup:
Smart Card Plug and Play service: disable
Disable smartcard timeout on ISOB' card removing
Turn on certificate propagation from smartcard: disable
2) Disable smartcard filter (only to disable popup message)
To disable or enable the smartcard filter, use "DisableSCFilterWindows7.reg" and "EnableSCFilterWindows7.reg"
3) Install a dummy card provider
The dummy card provider will let the system to know the smartcards.Thus, it will not try to identify the card, sending commands,
and will not popup error message.
Sources: Notes from an ASK driver and https://support.microsoft.com/en-us/kb/976832
I have bunch of WiFi names and passwords stored in my mobile but I want to know their passwords without making my mobile as root. Is there any way I can know that.In future, if I added any new password then can I stored them in separate file behind the scene.
I am using google nexus 4.
There is a way, if you can enable ADB (Android Debug Bridge) from the phone settings.
Just you need to do pull the file /data/misc/wifi/wpa_supplicant.conf to your pc. Contains the passwords stored.
Tutorial with the steps: https://www.quora.com/How-do-you-see-a-saved-Wi-Fi-password-on-Android-without-root-privileges
Whn I try to upload my app, I get this error in Application Uploader "Application failed codesign verification. The signature is invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate.".
If I open MonoDevelop, properties and select "iPhone bundle signing", then I see a "Provisioning profile", but if I click another topic (eg Crash report) and go back to "Provisioning profile", then it suddenly says "Unknown" and a guid.
How do I tell MonoDevelop to use the correct Provisioning profile?
I deleted some old profiles (in Organizer), but they still show in MonoDevelop.
Unfortunately the "provisioning hell" created by the Apple signature system is made even worse in MonoDevelop.
There is no provisioning manager, no way to setup and associate all the provisioning profiles and the keys to a specific monotouch app. MonoDevelop lacks a wizard to automatically create or guide the user in the creation, download or backup of the right profiles, keys and appIDs.
The best way to know if a profile or a key is wrong, expired, incompatible with an appId, or rejected, is to check all of them manually in the XCode Organizer (you can find it in the XCode "Window" menu).
Once in Organizer, you need to go to click on the LIBRARY -> Provisioning Profiles section on the left, and then click on the Refresh button to synch your profiles with apple server (if you have those on file or you are on another dev computer and you have to install only selected profiles, click on the Import button and manually select the files).
Then you need to attach your ios device and when it appears in the DEVICE->your_iPhone_or_Ipad name.. you need to drag and drop the provisioning profiles that you need from the LIBRARY->Provisioning Profile to the DEVICE->your_iPhone_or_Ipad_name->Provisioning Profiles...
Many things can go wrong anyway, especially mixing old profiles with the new profiles supporting iCloud or some other advanced app features. There is no way to know if a bundle id is valid, if the entitlements are allowed, if a profile or an appID is enabled or not to use iCloud, Notifications, IAP, etc., or if it's registered for Developer, AdHoc or Distribution, and what product id strings it's compatible with. You need to go by trials and errors. Even the simple creation of an ad Hoc version of your app enabled for a trusted remote tester is a long and perilous road. There is no users and testers profiles manager in MonoDevelop, you need to remember what goes with who every time.
If you are on a different developer machine, you also need to install the registered developer keys in the local KeyChain (I suggest to do a backup of those keys somewhere: if you lose those keys, you will be unable to update your app in the future!!).
Let us hope that Xamarin will add a profiles and keys manager soon.
#Emanuale mentions alot, but he is going the long route on a lot of these.
There is a simpler way to go about everything. Here is the cut and dry approach:
Login to the provisioning portal on the web
Create an App ID for your company as "com.yourcompanyname.*"
Create a provisioning profile for this app ID for both development and distribution
(I would also recommend to delete any profiles you don't need)
Open XCode->My Organizer, and press the refresh button in the bottom right corner (you will see all your profiles from online appear)
Deploy your app to the device from MonoDevelop (make sure your bundle ID is com.yourcompanyname.yourappname)
This is the simplest way to go about this. No need to mess with provisioning profile settings in MonoDevelop, the defaults should work.
The only gotcha is if you need to support push notifications. The com.yourcompanyname.* profile won't work, you will have to make a profile specific to each app in this case.
Great answer jonathanpeppers! Just a 2c, now XCode->My Oganizer is Preferences->Accounts
If the accepted response doesn't help, you should also ensure that your Signing Identity matches the Provisioning Profile you're using, and that it has a private key. These can be switched up if you have multiple Signing Certificates installed, and you won't be able to tell the difference from Xamarin Studio. See
https://stackoverflow.com/a/37856762/660194
I am working with a c#.net application right now where I have smartcard authentication working properly, by allowing users to pick their digital certificate and enter their pin. However I want to do away with allowing the user to pick their certificate and have one of their certificates picked for them automatically(every user has the same certificates). This would make it so that when a user tries to enter the site, they are simply presented with a pin prompt. Any ideas on how to go about doing this? All the users I work with use Internet Explorer 7 and have workstations with ActivIdentity and Tumbleweed.
Write a Java applet to do the job at client side using PKCS#11 wrapper or, if you can restrict your users to use IE, create and use an ActiveX. I have already done both. For ActiveX you have to have it digitally signed to declare it as a safe ActiveX.
It is not straight forward task but I found Java applet easier to implement. The downside is that JRE (Java Runtime Environment) should already be installed at client side and plays nice with the browser. User also has to grant permission to the applet to connect to his smart card at first run.