TryVerifyUv Method

TryVerifyUv(PinUvAuthTokenPermissions, String)

Tries to Perform a User Verification (UV) check on the YubiKey using the onboard biometric sensor. This method is only supported on YubiKey Bio Series devices. The permissions argument must be something other than None.

public bool TryVerifyUv(PinUvAuthTokenPermissions permissions, string relyingPartyId = null)

Parameters

Type	Name	Description
PinUvAuthTokenPermissions	permissions	The set of operations that this auth token should be permitted to do. This parameter cannot be `None` for UvVerification.
System.String	relyingPartyId	Some `permissions` require the qualification of a relying party ID. This parameter should only be specified when a permission requires it, otherwise it should be left null. See PinUvAuthTokenPermissions for more details on which permissions require the RP ID and for which it is optional.

Returns

System.Boolean

A boolean, true if the verification succeeds, false if the user cancels.

Exceptions

Type	Condition
System.InvalidOperationException	The YubiKey does not support onboard user-verification, or else it does support it but there are no fingerprints enrolled.
System.Security.SecurityException	The YubiKey has blocked fingerprint verification because of too many "bad" readings.
System.TimeoutException	The YubiKey timed out waiting for the user to supply a fingerprint.
Fido2Exception	The permissions arg was `None` or the YubiKey was not able to complete the process for some reason described in the exception's message.

Remarks

This method will call the KeyCollector to prompt the user to provide the fingerprint. If there is no KeyCollector, this method will throw an exception.

When verifying using Uv, the caller must provide a valid permission. If the input permissions arg is None, this method will throw an exception.

A YubiKey is manufactured with no PIN and no biometric templates set. A PIN must be set before a user can register fingerprints. After a PIN has been set, a user can enroll one or more fingers using their platform or operating system's built in registration mechanism.

Once both a PIN has been set and a fingerprint has been registered, a user can perform verification. This method initiates the biometric (or user verification) process. If the user cannot match a valid finger within the allowed number of retries, it is best practice to fall back to PIN verification.

If the YubiKey was unable to verify a registered fingerprint, the SDK will automatically retry. The key collector will be called again to notify your app that touch is required. Each time the key collector is called, the IsRetry member will be set to true and the RetryCount will be updated to reflect the number of retries left before the YubiKey blocks further UV attempts. To cancel UV collection operations, call the SignalUserCancel delegate. When the retries have been exhausted, a SecurityException will be thrown. This, along with user cancellation, are indicators that your application should switch to verification with PIN.

If the user cancels the operation, this method will return false. If the YubiKey times out, this method will throw a TimeoutException.