Add passkey sample app + E2E tests

dotnet · MackinnonBuck · Jun 25, 2025 · May 27, 2025 · May 27, 2025 · May 27, 2025
commit ee5e0076657c6633715534ac9a266031ae46d561
diff --git a/AspNetCore.slnx b/AspNetCore.slnx
@@ -393,6 +393,7 @@
     <Project Path="src/Identity/samples/IdentitySample.DefaultUI/IdentitySample.DefaultUI.csproj" />
     <Project Path="src/Identity/samples/IdentitySample.Mvc/IdentitySample.Mvc.csproj" />
     <Project Path="src/Identity/samples/IdentitySample.PasskeyConformance/IdentitySample.PasskeyConformance.csproj" />
+    <Project Path="src/Identity/samples/IdentitySample.PasskeyUI/IdentitySample.PasskeyUI.csproj" />
   </Folder>
   <Folder Name="/src/Identity/Specification.Tests/" Id="f8dfe8a4-1d8c-9e84-e870-8ba24ebd08ff">
     <Project Path="src/Identity/Specification.Tests/src/Microsoft.AspNetCore.Identity.Specification.Tests.csproj" />

@@ -133,14 +133,14 @@
   </ItemGroup>
 
   <!-- When building and running locally, manually resolve the just-built frameworks. On Helix, let the SDK resolve the packs itself (they're laid out on top of the .NET SDK in the work items) -->
-  <PropertyGroup Condition="$(UpdateAspNetCoreKnownFramework) and '$(HELIX_CORRELATION_PAYLOAD)' == ''">
+  <PropertyGroup Condition="'$(UpdateAspNetCoreKnownFramework)' == 'true' AND '$(HELIX_CORRELATION_PAYLOAD)' == ''">
     <!-- Allow additional targeting and runtime packs to be downloaded only if required by a test. -->
     <EnableTargetingPackDownload Condition="'$(TestRequiresTargetingPackDownload)' != 'true'">false</EnableTargetingPackDownload>
     <EnableRuntimePackDownload Condition="'$(TestRequiresRuntimePackDownload)' != 'true'">false</EnableRuntimePackDownload>
     <GenerateErrorForMissingTargetingPacks>false</GenerateErrorForMissingTargetingPacks>
   </PropertyGroup>
 
-  <Target Name="ResolveLiveBuiltAspnetCoreKnownFramework" Condition="$(UpdateAspNetCoreKnownFramework) and '$(HELIX_CORRELATION_PAYLOAD)' == ''" AfterTargets="ResolveFrameworkReferences">
+  <Target Name="ResolveLiveBuiltAspnetCoreKnownFramework" Condition="'$(UpdateAspNetCoreKnownFramework)' == 'true' AND '$(HELIX_CORRELATION_PAYLOAD)' == ''" BeforeTargets="ProcessFrameworkReferences">
     <Error Text="Requested Microsoft.AspNetCore.App v${MicrosoftAspNetCoreAppRefVersion} ref pack does not exist."
         Condition="!Exists('$(TargetingPackLayoutRoot)packs\Microsoft.AspNetCore.App.Ref\${MicrosoftAspNetCoreAppRefVersion}\data\FrameworkList.xml') " />
     <ItemGroup>

diff --git a/src/Identity/Extensions.Core/src/UserManager.cs b/src/Identity/Extensions.Core/src/UserManager.cs
@@ -2229,7 +2229,7 @@ public virtual async Task<PasskeyCreationOptions> GeneratePasskeyCreationOptions
         var challenge = GetRandomChallenge(Options.Passkey.ChallengeSize);
         var options = new PublicKeyCredentialCreationOptions(rpEntity, userEntity, BufferSource.FromBytes(challenge))
         {
-            Timeout = (uint)Options.Passkey.Timeout.Milliseconds,
+            Timeout = (uint)Options.Passkey.Timeout.TotalMilliseconds,
             ExcludeCredentials = excludeCredentials,
             PubKeyCredParams = PublicKeyCredentialParameters.AllSupportedParameters,
             AuthenticatorSelection = creationArgs.AuthenticatorSelection,
@@ -2279,7 +2279,7 @@ public virtual async Task<PasskeyRequestOptions> GeneratePasskeyRequestOptionsAs
         var options = new PublicKeyCredentialRequestOptions(BufferSource.FromBytes(challenge))
         {
             RpId = requestContext.Domain,
-            Timeout = (uint)Options.Passkey.Timeout.Milliseconds,
+            Timeout = (uint)Options.Passkey.Timeout.TotalMilliseconds,
             AllowCredentials = allowCredentials,
         };
         if (requestArgs is not null)

diff --git a/src/Identity/Identity.slnf b/src/Identity/Identity.slnf
@@ -42,6 +42,7 @@
       "src\\Identity\\samples\\IdentitySample.DefaultUI\\IdentitySample.DefaultUI.csproj",
       "src\\Identity\\samples\\IdentitySample.Mvc\\IdentitySample.Mvc.csproj",
       "src\\Identity\\samples\\IdentitySample.PasskeyConformance\\IdentitySample.PasskeyConformance.csproj",
+      "src\\Identity\\samples\\IdentitySample.PasskeyUI\\IdentitySample.PasskeyUI.csproj",
       "src\\Identity\\test\\Identity.FunctionalTests\\Microsoft.AspNetCore.Identity.FunctionalTests.csproj",
       "src\\Identity\\test\\Identity.Test\\Microsoft.AspNetCore.Identity.Test.csproj",
       "src\\Identity\\test\\InMemory.Test\\Microsoft.AspNetCore.Identity.InMemory.Test.csproj",

diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/App.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/App.razor
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <base href="/" />
+    <link rel="stylesheet" href="@Assets["app.css"]" />
+    <ImportMap />
+    <HeadOutlet />
+</head>
+
+<body>
+    <Routes />
+    <script src="@Assets["_framework/blazor.web.js"]"></script>
+    <script src="@Assets["app.js"]"></script>
+</body>
+
+</html>
+
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Authenticated.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Authenticated.razor
@@ -0,0 +1,18 @@
+@page "/authenticated"
+
+@using Microsoft.AspNetCore.Authorization
+
+@attribute [Authorize]
+
+<PageTitle>Authenticated</PageTitle>
+
+<h1>You are authenticated!</h1>
+
+<AuthorizeView>
+    <p>Hello, @context.User.Identity?.Name!</p>
+</AuthorizeView>
+
+<form id="logout-form" action="account/logout" method="post">
+    <AntiforgeryToken />
+    <button type="submit">Log out</button>
+</form>
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Home.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Home.razor
@@ -0,0 +1,131 @@
+@page "/"
+
+@using Microsoft.AspNetCore.Authentication
+@using Microsoft.AspNetCore.Identity
+@using Microsoft.AspNetCore.Identity.Test
+
+@inject NavigationManager NavigationManager
+@inject SignInManager<PocoUser> SignInManager
+@inject UserManager<PocoUser> UserManager
+@inject IUserPasskeyStore<PocoUser> PasskeyStore
+
+<h1>Welcome!</h1>
+
+<h3>Log in or register here</h3>
+
+<form id="auth-form" method="post" @formname="auth" @onsubmit="OnSubmitAsync">
+    <AntiforgeryToken />
+    <input type="text" id="input-username" name="Username" placeholder="username" autocomplete="username webauthn"/>
+    <hr />
+    <input type="hidden" id="input-credential" name="CredentialJson" />
+    <input type="hidden" id="input-action" name="Action" />
+    <button type="submit" id="input-register">Register</button>
+    <button type="submit" id="input-authenticate">Authenticate</button>
+</form>
+
+<p id="status-message">@statusMessage</p>
+
+@code {
+    private string? statusMessage;
+
+    [CascadingParameter]
+    private HttpContext HttpContext { get; set; } = default!;
+
+    [SupplyParameterFromForm]
+    private string? Username { get; set; }
+
+    [SupplyParameterFromForm]
+    private string? CredentialJson { get; set; }
+
+    [SupplyParameterFromForm]
+    private string? Action { get; set; }
+
+    private Task OnSubmitAsync()
+        => Action switch
+        {
+            "register" => RegisterAsync(),
+            "authenticate" => AuthenticateAsync(),
+            var x => throw new InvalidOperationException($"Unknown action '{x}'"),
+        };
+
+    private async Task RegisterAsync()
+    {
+        if (string.IsNullOrWhiteSpace(Username))
+        {
+            statusMessage = "Error: A username is required for registration.";
+            return;
+        }
+
+        if (string.IsNullOrWhiteSpace(CredentialJson))
+        {
+            statusMessage = "Error: No credential was submitted by the browser.";
+            return;
+        }
+
+        var options = await SignInManager.RetrievePasskeyCreationOptionsAsync();
+        if (options is null)
+        {
+            statusMessage = "Error: There are no original passkey options present.";
+            return;
+        }
+
+        var attestationResult = await UserManager.PerformPasskeyAttestationAsync(CredentialJson, options);
+        if (!attestationResult.Succeeded)
+        {
+            statusMessage = $"Error: Could not validate credential: {attestationResult.Failure.Message}";
+            return;
+        }
+
+        // Create the user if they don't exist yet.
+        var userEntity = options.UserEntity;
+        var user = await UserManager.FindByIdAsync(userEntity.Id);
+        if (user is null)
+        {
+            user = new PocoUser(userName: userEntity.Name)
+            {
+                Id = userEntity.Id,
+            };
+            var createUserResult = await UserManager.CreateAsync(user);
+            if (!createUserResult.Succeeded)
+            {
+                statusMessage = "Error: Could not create a new user.";
+                return;
+            }
+        }
+
+        await PasskeyStore.SetPasskeyAsync(user, attestationResult.Passkey, CancellationToken.None);
+        var updateResult = await UserManager.UpdateAsync(user);
+        if (!updateResult.Succeeded)
+        {
+            statusMessage = "Error: Could not update the user with the new passkey.";
+            return;
+        }
+
+        statusMessage = "Registration successful! You can now authenticate with your passkey.";
+    }
+
+    private async Task AuthenticateAsync()
+    {
+        if (string.IsNullOrWhiteSpace(CredentialJson))
+        {
+            statusMessage = "Error: No credential was submitted by the browser.";
+            return;
+        }
+
+        var options = await SignInManager.RetrievePasskeyRequestOptionsAsync();
+        if (options is null)
+        {
+            statusMessage = "Error: There are no original passkey options present.";
+            return;
+        }
+
+        var signInResult = await SignInManager.PasskeySignInAsync(CredentialJson, options);
+        if (!signInResult.Succeeded)
+        {
+            statusMessage = "Error: Could not sign in with the provided credential.";
+            return;
+        }
+
+        NavigationManager.NavigateTo("authenticated", forceLoad: true);
+    }
+}
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/NotFound.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/NotFound.razor
@@ -0,0 +1,3 @@
+@page "/not-found"
+
+<h3>Not Found</h3>
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/RedirectToHome.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/RedirectToHome.razor
@@ -0,0 +1,8 @@
+@inject NavigationManager NavigationManager
+
+@code {
+    protected override void OnInitialized()
+    {
+        NavigationManager.NavigateTo("/");
+    }
+}
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/Routes.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/Routes.razor
@@ -0,0 +1,12 @@
+@inject NavigationManager NavigationManager
+
+<Router AppAssembly="typeof(Program).Assembly" NotFoundPage="typeof(Pages.NotFound)">
+    <Found Context="routeData">
+        <AuthorizeRouteView RouteData="routeData">
+            <NotAuthorized>
+                <RedirectToHome />
+            </NotAuthorized>
+        </AuthorizeRouteView>
+        <FocusOnNavigate RouteData="routeData" Selector="h1" />
+    </Found>
+</Router>
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/_Imports.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/_Imports.razor
@@ -0,0 +1,9 @@
+@using System.Net.Http
+@using System.Net.Http.Json
+@using Microsoft.AspNetCore.Components.Authorization
+@using Microsoft.AspNetCore.Components.Forms
+@using Microsoft.AspNetCore.Components.Routing
+@using Microsoft.AspNetCore.Components.Web
+@using static Microsoft.AspNetCore.Components.Web.RenderMode
+@using Microsoft.AspNetCore.Components.Web.Virtualization
+@using Microsoft.JSInterop
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/IdentitySample.PasskeyUI.csproj b/src/Identity/samples/IdentitySample.PasskeyUI/IdentitySample.PasskeyUI.csproj
@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <Description>Passkey conformance testing for ASP.NET Core Identity</Description>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+    <IsShippingPackage>false</IsShippingPackage>
+    <Nullable>enable</Nullable>
+    <NoWarn>$(TS6385);$(NoWarn)</NoWarn>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore" />
+    <Reference Include="Microsoft.AspNetCore.Components.Endpoints" />
+    <Reference Include="Microsoft.AspNetCore.Identity" />
+    <Reference Include="Microsoft.AspNetCore.HttpsPolicy" />
+    <Reference Include="Microsoft.AspNetCore.Identity" />
+    <Reference Include="Microsoft.AspNetCore.Mvc" />
+    <Reference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" />
+    <Reference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" />
+    <Reference Include="Microsoft.EntityFrameworkCore.Sqlite" />
+    <Reference Include="Microsoft.EntityFrameworkCore.Tools" />
+    <Reference Include="Microsoft.AspNetCore.HttpsPolicy" />
+    <Reference Include="Microsoft.AspNetCore.StaticFiles" />
+    <Reference Include="Microsoft.AspNetCore.StaticAssets" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Compile Include="$(IdentityTestSharedSourceRoot)PocoModel\**\*.cs" LinkBase="Shared" />
+  </ItemGroup>
+
+  <!-- Workaround to add Blazor framework static assets without requiring a package reference -->
+  <PropertyGroup>
+    <UseBlazorFrameworkDebugAssets>true</UseBlazorFrameworkDebugAssets>
+    <BlazorFrameworkStaticWebAssetRoot Condition="'$(Configuration)' == 'Debug'">$(RepoRoot)src\Components\Web.JS\dist\Debug</BlazorFrameworkStaticWebAssetRoot>
+    <BlazorFrameworkStaticWebAssetRoot Condition="'$(Configuration)' == 'Release'">$(RepoRoot)src\Components\Web.JS\dist\Release</BlazorFrameworkStaticWebAssetRoot>
+  </PropertyGroup>
+
+  <Import Project="$(RepoRoot)\src\Assets\build\Microsoft.AspNetCore.App.Internal.Assets.targets" />
+
+</Project>