TryVerifyUv Method
TryVerifyUv(PinUvAuthTokenPermissions, String)
Tries to Perform a User Verification (UV) check on the YubiKey using
the onboard biometric sensor. This method is only supported on
YubiKey Bio Series devices. The permissions argument must be
something other than None
.
public bool TryVerifyUv(PinUvAuthTokenPermissions permissions, string relyingPartyId = null)
Parameters
Type | Name | Description |
---|---|---|
PinUvAuthTokenPermissions | permissions | The set of operations that this auth token should be permitted to do.
This parameter cannot be |
System.String | relyingPartyId | Some |
Returns
A boolean, true
if the verification succeeds, false
if
the user cancels.
Exceptions
Type | Condition |
---|---|
System.InvalidOperationException | The YubiKey does not support onboard user-verification, or else it does support it but there are no fingerprints enrolled. |
System.Security.SecurityException | The YubiKey has blocked fingerprint verification because of too many "bad" readings. |
System.TimeoutException | The YubiKey timed out waiting for the user to supply a fingerprint. |
Fido2Exception | The permissions arg was |
Remarks
This method will call the KeyCollector to prompt the user to provide the fingerprint. If there is no KeyCollector, this method will throw an exception.
When verifying using Uv, the caller must provide a valid permission.
If the input permissions arg is None
, this method will throw
an exception.
A YubiKey is manufactured with no PIN and no biometric templates set. A PIN must be set before a user can register fingerprints. After a PIN has been set, a user can enroll one or more fingers using their platform or operating system's built in registration mechanism.
Once both a PIN has been set and a fingerprint has been registered, a user can perform verification. This method initiates the biometric (or user verification) process. If the user cannot match a valid finger within the allowed number of retries, it is best practice to fall back to PIN verification.
If the YubiKey was unable to verify a registered fingerprint, the SDK will automatically retry. The key
collector will be called again to notify your app that touch is required. Each time the key collector is
called, the IsRetry
member will be set to true
and the RetryCount
will be updated to
reflect the number of retries left before the YubiKey blocks further UV attempts. To cancel UV collection
operations, call the SignalUserCancel delegate. When the retries have been
exhausted, a SecurityException
will be thrown. This, along with user cancellation, are indicators
that your application should switch to verification with PIN.
If the user cancels the operation, this method will return
false
. If the YubiKey times out, this method will throw a
TimeoutException
.