Add Windows Hello -sign in to your app

With Windows 10 you have option to use Biometric methods to login, but it looks like there is quite little documentation how to implement it. Another thing is that people confuse Windows Hello to authentication framework which it’s not, even you can use it with such to authenticate. So this article shows you how to implement the login functionality to your UWP app using Microsoft Passport and Windows Hello.

It’s important to understand that this will use what ever is available, it could be iris recognizion on for example on Lumia 950 or fingerprint on your Thinkpad or just pin code if the machine doesn’t have any biometric sensors. The code itself is actually very simple, and this is all you would need:

Add the required reference to app.xaml.cs

using Windows.Security.Credentials;
using Windows.Security.Cryptography;

After that we can implement the login in App.xaml.cs and you can do this in many different ways, but I have a static member variable here:

private static bool authorized = false;

Now all is left is to do the actual login, which you can copy/paste to your code (beginning of OnLaunched -method):

// Do we have capability to provide credentials from the device
if (await KeyCredentialManager.IsSupportedAsync())
{
    // Get credentials for current user and app
    KeyCredentialRetrievalResult result = await KeyCredentialManager.OpenAsync("MyAppCredentials");
    if (result.Credential != null)
    {
        KeyCredentialOperationResult signResult =
            await
                result.Credential.RequestSignAsync(CryptographicBuffer.ConvertStringToBinary("LoginAuth",
                    BinaryStringEncoding.Utf8));
        if (signResult.Status == KeyCredentialStatus.Success)
        {
            authorized = true;
        }
    }
    // No previous saved credentials found
    else
    {
        KeyCredentialRetrievalResult creationResult =
            await
                KeyCredentialManager.RequestCreateAsync("MyAppCredentials",
                    KeyCredentialCreationOption.ReplaceExisting);
        if (creationResult.Status == KeyCredentialStatus.Success)
        {
            authorized = true;
        }
    }
}

When you check IsSupportedAsync you need to handle the situation that the device is not capable to provide this service, and you have to fallback to something else, such as Facebook or Twitter authentication. OpenAsync will check it there are saved credentials per app and user, and use those if can be found with RequestSignAsync. If there were no previous credentials for the app for current user, let’s create one. That’s all there is to it, very confusing topic but it is actually surprisingly easy to use. Hope this helps you!

About Jani Nevalainen

Windows developer who’s been working on Microsoft Platforms since 1996. Windows Phone dev MVP 2013, Windows Development Platform MVP 2014. Currently working as Technical Evangelist for Microsoft Finland Developer Experience team.

This entry was posted in Universal Apps. Bookmark the permalink.

5 Responses to Add Windows Hello -sign in to your app

  1. Mohit says:

    Hii,

    I have two queries:
    1. KeyCredentialManager.OpenAsync(“MyAppCredentials”) : What needs to be passed in OpenAsync method. That is , What is “MyAppCredentials” indicate here.

    2. RequestSignAsync(CryptographicBuffer.ConvertStringToBinary(“LoginAuth”,
    BinaryStringEncoding.Utf8)) : What does “LoginAuth” indicates here?

    • MyAppCredentials is just a name of the key credential for the app which you want to open, you can give whatever name you want for it. LoginAuth is just a name of the key as well, which can be whatever you want.

  2. Mike Hunt says:

    Terrible article – no proper info, no questions answered, just half baked. Where do we put the main piece of code you listed? In one of the app.xaml.cs methods? If so, which one? Yet another article by you with not enough information – why do you bother?

    • Sorry you feel that way, but thank you for your feedback anyway. I’ll try to be more specific in details, I know I get frustrated when I try to implement a new feature and don’t get all the info. For your specific question, I put my code into beginning of OnLaunched -method in App class.

      • Dan Smoot says:

        @Mike Hunt, why don’t you go write a better article? Or at least adopt a civilized tone when commenting on an article that someone else wrote (for free) to try to help other people? I don’t know you, but from your comment you sound like an entitled jerk.

        Jani, there is relatively little documentation of this out there right now, and I have no doubt that your post helped put some people on right track. Thanks for posting it, and kudos to you for resisting the urge to feed the trolls.

Leave a Reply

Your email address will not be published. Required fields are marked *