Add Windows Hello -sign in to your app

With Windows 10 you have option to use Biometric methods to login, but it looks like there is quite little documentation how to implement it. Another thing is that people confuse Windows Hello to authentication framework which it’s not, even you can use it with such to authenticate. So this article shows you how to implement the login functionality to your UWP app using Microsoft Passport and Windows Hello.

It’s important to understand that this will use what ever is available, it could be iris recognizion on for example on Lumia 950 or fingerprint on your Thinkpad or just pin code if the machine doesn’t have any biometric sensors. The code itself is actually very simple, and this is all you would need:

Add the required reference to app.xaml.cs

using Windows.Security.Credentials;
using Windows.Security.Cryptography;

After that we can implement the login in App.xaml.cs and you can do this in many different ways, but I have a static member variable here:

private static bool authorized = false;

Now all is left is to do the actual login, which you can copy/paste to your code (beginning of OnLaunched -method):

// Do we have capability to provide credentials from the device
if (await KeyCredentialManager.IsSupportedAsync())
{
    // Get credentials for current user and app
    KeyCredentialRetrievalResult result = await KeyCredentialManager.OpenAsync("MyAppCredentials");
    if (result.Credential != null)
    {
        KeyCredentialOperationResult signResult =
            await
                result.Credential.RequestSignAsync(CryptographicBuffer.ConvertStringToBinary("LoginAuth",
                    BinaryStringEncoding.Utf8));
        if (signResult.Status == KeyCredentialStatus.Success)
        {
            authorized = true;
        }
    }
    // No previous saved credentials found
    else
    {
        KeyCredentialRetrievalResult creationResult =
            await
                KeyCredentialManager.RequestCreateAsync("MyAppCredentials",
                    KeyCredentialCreationOption.ReplaceExisting);
        if (creationResult.Status == KeyCredentialStatus.Success)
        {
            authorized = true;
        }
    }
}

When you check IsSupportedAsync you need to handle the situation that the device is not capable to provide this service, and you have to fallback to something else, such as Facebook or Twitter authentication. OpenAsync will check it there are saved credentials per app and user, and use those if can be found with RequestSignAsync. If there were no previous credentials for the app for current user, let’s create one. That’s all there is to it, very confusing topic but it is actually surprisingly easy to use. Hope this helps you!

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *