ASP.NET Core 8.0 - Users With Device 2FA Project

v4.0.0

Users With Device 2FA Project V4 Coming Soon!

The World Wide Web Consortium (W3C) is working on the next API specification for accessing Public Key Credentials. The W3C Working Draft, dated 27 January 2025 is published at Web Authentication: An API for accessing Public Key Credentials Level 3 . The latest Editors Draft is published at Editor’s Draft, 11 July 2025 .

I am updating the UWPP V4 to support these new requirements. The Attestation (registration) and Assertion (authentication) processes have been updated and commented to meet the new specification. New properties are added to the Passkey (credential) and the PasskeyChallenge (audit) records. I updated the Passkey and PasskeyChallenge UI. I added Ed25519 algorithm and Discoverable Credential support. I am working to update the Users Without Passwords Project, Users With Device 2FAProject, and Users With Comments Project to version 4.

Probably the most exciting specification is support for cross-origin authentication. I am testing the UWPP V4 at Fido.KenHaggerty.Com. Fido.KenHaggerty.Com is a modified version of the UWPP with security settings and UI to host cross-origin authentication. The published versions of Users Without Passwords Project, Users With Device 2FA Project, Users Without Identity Project, Users With Comments Project have been modified to authenicate with a pre-registered Fido.KenHaggerty.Com user.

Help Test Cross-Origin Authentication

  • Register a user on Fido.KenHaggerty.Com.
  • Use the Login Central Portal to login to this site with a Fido.KenHaggerty.Com user.
  • The first login requires a local account association, choose new local account or link to an existing local account.

The Users With Device 2FA Project (UWD2FAP) is the source code for UsersWithPasswords. Com. The UWD2FAP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The UWD2FAP is a combination of the Users Without Identity Project and the Users Without Passwords Project. The project implements WebAuthn, also known as FIDO2, instead of authenticator apps for two-factor authentication (2FA). After a user registers, they can enable 2FA with Windows Hello, Apple Face ID and Touch ID, Android Lock Screen, or a FIDO2 security key.

The UWD2FA was initially developed back in 2021 with framework .NET 6.0. I enabled the nullable context and mitigated all warnings and issues. See Nullable reference types. Version 2.x of the project integrates the ASP.NET Core 6.0 - Homegrown Analytics Project and implements multiple email addresses per user. The latest version of the UWD2FAP is published at UsersWithPasswords. Com.