The project implements Bootstrap Native v3 with a jQuery option. The Message Modal requires jQuery
or Bootstrap Native.
Access to the research project source code may be purchased on KenHaggerty.Com at
Manage > Assets.
I will publish the FIDO Utilities Project at
until I publish the Users Without Passwords Project.
I enjoy writing these articles. It often enhances and clarifies my coding. The research
project is a result of a lot of refactoring and hopefully provides logical segues for the articles.
Thank you for supporting my efforts.
I updated the free FIDO Utilities Project to support Bootstrap Native v3. See:
I had developed message-modal.js with dependency on jQuery or Bootstrap Native v2. Bootstrap Native
V3.0.0 was released about 10 days ago and v3.0.5 about 5 days ago. See:
GitHub: thednp/ bootstrap.native/ releases
The FIDO Utilities Project v1.0.5 implements Bootstrap Native v3.0.5 with a jQuery option. The
_Layout.cshtml is updated with Bootstrap, Bootstrap Native and jQuery CDN links with integrity metadata.
I implemented libman.json to ease the task of updating client-side libraries. See:
ASP.NET Core 2.2 - Manage Client-Side Libraries
I updated message-modal.js to v1.0.2 with support for Bootstrap Native v3.
While testing and debugging the new versions, I found the Microsoft. AspNetCore. Mvc. Razor.
RuntimeCompilation NuGet package extremely helpful. I have had issues with runtime compilation in the past,
but I implemented it in this project with new guidance from MS Docs with no issues. See:
Razor file compilation in ASP.NET Core
I am developing a research project and article series named Users Without Passwords about
FIDO (Fast IDentification Online) UAF (Universal Authentication Framework),
also known as
The registration and login processes involve communication between the server, client-js, authenticator,
and user. The server provides a unique code called a challenge to the client. The client transforms the challenge
to a UInt8Array expected by the authenticator. The client requests the user's login name. The challenge and
username are used to register or verify a public key with the authenticator. The client sends the response from
the authenticator to the server. The response includes the challenge which is decoded from the UInt8Array to
verify a match to the server's original code. If the challenge is verified the response is decoded and verified.
If the response is verified, it is stored, and action is implemented like create or login the user.
The FIDO processes involve a lot of things that can go wrong and I would like to know when it does. A notice of
something going right is also nice. By far, my most popular article is
ASP.NET Core 2.2 - SMTP EmailSender Implementation.
I have added a SendAdminEmail function by adding an AdminEmail setting and injecting IHttpContextAccessor.
This allows access to the current HttpContext properties like UserAgent, Anonymized IP, Path and QueryString inside
the service. See the ASP.NET Core 3.1 - SMTP EmailSender article.
I developed an email settings verifier which allows you to test email settings and displays the current settings
from appsettings. json and appsettings. development. json.
The first oops message in the Users Without Passwords Project was a Bootstrap-jQuery modal with no
dismiss button, a link to start over, a 'static' backdrop and keyboard=false. I liked it enough to develop a
success message to present before automatically navigating to the goal. I liked that enough to develop a
global message modal by adding the html for a modal to _Layout. cshtml and a
showMessageModal() function to site.js. I liked that enough to develop a message-modal.js
which dynamically creates the html. Variables reference the created modal components which allow the
message modal to co-exists with other modals. It can be loaded in _Layout. cshtml for global
access or used locally by loading from the page. The showMessageModal() function has
defaults and parameters. See the ASP.NET Core 3.1 - Message Modal article.
The project includes a Modal Message Generator which dynamically creates the minimal signature for the
showMessageModal function with examples.
Most but not all browsers support Credentials and PublicKeyCredential which are required by FIDO processes.
You can detect support for Credentials and PublicKeyCredential. I developed a getWebAuthnError() function in
site.js which also notifies the lack of https on hosts other than localhost. This function returns an error or empty
string. If an error is detected, you can disable buttons for FIDO functions or inform and redirect the user with the
The server must persist the challenge code between the initial request and the callback. I use the Cookie
TempDataProvider in this project for the proof of concept. I am using the Application Session State in the
Users Without Passwords Project. See
Session and state management in ASP.NET Core
The challenge must be properly encoded and decoded to survive the round trip from the server to the client-js
and back. I use a new guid for the unique code which needs to be ASCII encoded to work well
MDN - Base64
I simulate an authenticator by converting the challenge from the server to a UInt8Array before posting the serialized
challenge array to the callback. The callback decodes the posted challenge and compares it to the original code
we stored in TempData. See the ASP.NET Core 3.1 - Round Trip Challenge article.
The project includes a Challenge demo which implements the Cookie TempDataProvider and UInt8Array conversion.
I developed an Ajax Postback Control which updates the heading of a control from a list of controls on a page.
It allows users to rename authenticators in the Users Without Passwords Project and I include a demonstration
in the FIDO Utilities Project.
The project includes a Spinner Generator which uses a svg image in a partial view to display a waiting or
loading state. You can configure the size speed and color of the Spinner control.
With fresh encryption experience I decided to implement a cipher for database connection strings in
appsettings.json. The result is an Advanced Encryption Standard (AES) cipher which I added to the
I started my FIDO research over 8 months ago when I purchased a Security Key NFC by Yubico. My laptop has
a fingerprint scanner which is supported by Windows 10 Hello. Windows 10 Hello is certified as a FIDO2
authenticator for passwordless sign-in on the web. Windows 10 Hello also supports a PIN and face recognition
with a compatible IR camera. See the ASP.NET Core 3.1 - FIDO2 Authentecators article.
The FIDO processes are often complex with a lot of moving parts. I decided to create this project to describe some
of the fundamentals for a successful process. I will refer to this series from the Users Without Passwords Project
series which can now focus on users and authenticators.
I updated the article links and added screenshots of the project utilities.
I updated the article links and added mobile screenshot.
I added the AES Cipher article link and screenshot and updated screenshots.
I updated the article to announce support for Bootstrap Native v3.
I enjoy writing these articles. It often enhances and clarifies my coding. I create research projects
to analyze and compose the articles before I publish them. The projects are the result of
a lot of refactoring and are provided with a MIT license. Registered users can download the
projects from Manage > Assets.