ASP.NET Core 8.0 - Users With Device 2FA Project
v4.0.0
Modified Users With Device 2FA Project
Probably the most exciting specification of the Web Authentication: An API for accessing Public Key Credentials Level 3 is support for cross-origin authentication. I am testing cross-origin authentication with a modified version of the UWPP with security settings and UI to host cross-origin authentication at Fido.KenHaggerty.Com. The published versions of Users Without Passwords Project, Users With Device 2FA Project, Users Without Identity Project, Users With Comments Project, and KenHaggerty .Com have been modified to authenicate with a pre-registered Fido.KenHaggerty.Com user.
Help Test Cross-Origin Authentication
- Register a user on Fido.KenHaggerty.Com.
- Use the Login Central Portal to login to this site with a Fido.KenHaggerty.Com user.
- The first login requires a local account association, choose new local account or link to an existing local account.
The Users With Device 2FA Project (UWD2FAP) is the source code for UsersWithPasswords. Com. The UWD2FAP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The UWD2FAP is a combination of the Users Without Identity Project and the Users Without Passwords Project. The project implements WebAuthn, also known as FIDO2, instead of authenticator apps for two-factor authentication (2FA). After a user registers, they can enable 2FA with Windows Hello, Apple Face ID and Touch ID, Android Lock Screen, or a FIDO2 security key.
The UWD2FA was initially developed back in 2021 with framework .NET 6.0. I enabled the nullable context and mitigated all warnings and issues. See Nullable reference types. Version 2.x of the project integrates the ASP.NET Core 6.0 - Homegrown Analytics Project and implements multiple email addresses per user. The World Wide Web Consortium (W3C) is working on the next API specification for accessing Public Key Credentials. The W3C Working Draft, dated 27 January 2025 is published at Web Authentication: An API for accessing Public Key Credentials Level 3. The latest Editors Draft is published at Editor’s Draft, 13 August 2025. The UWD2FA V4 supports these new requirements. The Attestation (registration) and Assertion (authentication) processes have been updated and commented to meet the new specification. New properties are added to the Passkey (credential) and the PasskeyChallenge (audit) records. I updated the Passkey and PasskeyChallenge UI. I added Ed25519 algorithm support. The latest version of the UWD2FA is published at UsersWithPasswords .Com.