VerifyUv Method
VerifyUv(PinUvAuthTokenPermissions, String)
Performs a User Verification (UV) check on the YubiKey using the onboard biometric sensor. This method is only supported on YubiKey Bio Series devices. Uses the KeyCollector for touch prompting.
public void VerifyUv(PinUvAuthTokenPermissions permissions, string relyingPartyId = null)
Parameters
Type | Name | Description |
---|---|---|
PinUvAuthTokenPermissions | permissions | The set of operations that this auth token should be permitted to do. |
System.String | relyingPartyId | Some |
Exceptions
Type | Condition |
---|---|
System.OperationCanceledException | The user cancelled UV collection. This happens when the application returns |
Remarks
A YubiKey is manufactured with no PIN and no biometric templates set. A PIN must be set before a user can register fingerprints. After a PIN has been set, a user can enroll one or more fingers using their platform or operating system's built in registration mechanism.
Once both a PIN has been set and a fingerprint has been registered, a user can perform verification. This method initiates the biometric (or user verification) process. If the user cannot match a valid finger within the allowed number of retries, it is best practice to fall back to PIN verification.
Unlike other applications in this SDK (such as PIV and OATH), the SDK will not automatically verify PIN or UV using the KeyCollector in methods like MakeCredential(MakeCredentialParameters) due to FIDO2's complex user verification process. Your application must call this method explicitly before attempting to perform a FIDO2 operation that requires verification.
If the YubiKey was unable to verify a registered fingerprint, the SDK will automatically retry. The key
collector will be called again to notify your app that touch is required. Each time the key collector is
called, the IsRetry
member will be set to true
and the RetryCount
will be updated to
reflect the number of retries left before the YubiKey blocks further UV attempts. To cancel UV collection
operations, simply return false
in the handler for the key collector. When the retries have been
exhausted, a `SecurityException` will be thrown. This, along with user cancellation, are indicators that
your application should switch to verification with PIN.