TryDeleteCredential Method
TryDeleteCredential(string)
Remove a credential. This method uses the KeyCollector to retrieve the management key, and will retry authentication while there are retries remaining.
public bool TryDeleteCredential(string label)Parameters
| Type | Name | Description |
|---|---|---|
| string | label | The label of the credential to be deleted. The string must meet the same requirements as Label. |
Returns
True when the credential was successfully removed.
False when the KeyCollector returns false
(usually indicating user cancellation).
Exceptions
| Type | Condition |
|---|---|
| InvalidOperationException | The KeyCollector is |
| SecurityException | Authentication failed and there are no retries remaining. |
Remarks
Compared to TryDeleteCredential(ReadOnlyMemory<byte>, string, out int?) and DeleteCredential(ReadOnlyMemory<byte>, string) which only attempt authentication once, this method automatically retries authentication while there are retries remaining.
The management key is used to authenticate to the application prior to operations such as adding or removing credentials. It must be exactly 16 bytes long (see ValidManagementKeyLength). There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplication(). Supplying the correct management key before the management key is blocked will reset the retry counter to 8.
When the management key is needed, the KeyCollector is
called with Request set to
AuthenticateYubiHsmAuthManagementKey.
The KeyCollector gets the management key from the user,
saves it using SubmitValue(ReadOnlySpan<byte>),
and returns true. If the command succeeds (the credential is
removed), this method returns true.
If authentication fails and there are retries remaining, the
KeyCollector will be called again with the same Request,
but IsRetry will be true and
RetriesRemaining will be set appropriately.
When there are no retries remaining, a System.Security.SecurityException
will be thrown.
The only time this method returns false is when the
KeyCollector cancels the operation by returning false.
Cancellation usually happens when the user has clicked a "Cancel"
button.
In all situations, when this method ends, it will tell the
KeyCollector it is done by calling it with the Request
set to Release.
TryDeleteCredential(ReadOnlyMemory<byte>, string, out int?)
Remove a credential.
public bool TryDeleteCredential(ReadOnlyMemory<byte> managementKey, string label, out int? managementKeyRetries)Parameters
| Type | Name | Description |
|---|---|---|
| ReadOnlyMemory<byte> | managementKey | The secret used to authenticate to the application prior to adding or removing credentials. It must be exactly 16 bytes long (see ValidManagementKeyLength). |
| string | label | The label of the credential to be deleted. The string must meet the same requirements as Label. |
| int? | managementKeyRetries | When the command fails to authenticate the management key, this value gives the number of retries remaining. |
Returns
Exceptions
| Type | Condition |
|---|---|
| InvalidOperationException | The credential was not found. |
Remarks
There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplication(). Supplying the correct management key before the management key is blocked will reset the retry counter to 8.