FIDO2 / WebAuthn - WebView

Install NuGet Packages

Before starting, add our NuGet source and install the SDK packages.

Initialize the Hardware Security SDK

To use the SDK’s functionality in your app, you need to initialize the SecurityKeyManager first. This is the central class of the SDK, which dispatches incoming NFC and USB connections. Perform this initialization in the onCreate method of your Application subclass. This ensures Security Keys are reliably dispatched by your app while in the foreground.

We start by creating a new class which extends Application as follows:

[Application]
public class HwsecurityApplication : Application
{
    public HwsecurityApplication(IntPtr handle, JniHandleOwnership ownerShip) : base(handle, ownerShip)
    {
    }

    public override void OnCreate()
    {
        base.OnCreate();

        SecurityKeyManager securityKeyManager = SecurityKeyManager.Instance;
        SecurityKeyManagerConfig config = new SecurityKeyManagerConfig.Builder()
            .SetEnableDebugLogging(true)
            .Build();

        securityKeyManager.Init(this, config);
    }
}

WebView Integration

JavaScript calls to navigator.credentials are delegated to the Hardware Security SDK. This is implemented by injecting a short JavaScript file into the currently loaded page. It intercepts API calls and delegates them to our FIDO2 implementation in Java. The WebViewWebauthnBridge does this automatically. Don’t forget to enable JavaScript in your WebView and delegate shouldInterceptRequest() and onPageStarted() calls to the WebViewWebauthnBridge as shown in the following:

internal class HwsecurityWebViewClient : WebViewClient
{
    WebViewWebauthnBridge _webViewWebauthnBridge;

    public HwsecurityWebViewClient(WebViewWebauthnBridge webViewWebauthnBridge) : base()
    {
        _webViewWebauthnBridge = webViewWebauthnBridge;
    }

    public override WebResourceResponse ShouldInterceptRequest(WebView view, IWebResourceRequest request)
    {
        _webViewWebauthnBridge.DelegateShouldInterceptRequest(view, request);
        return base.ShouldInterceptRequest(view, request);
    }

    public override void OnPageStarted(WebView view, string url, Bitmap favicon)
    {
        base.OnPageStarted(view, url, favicon);
        _webViewWebauthnBridge.DelegateOnPageStarted(view, url, favicon);
    }
}


protected override void OnCreate(Bundle savedInstanceState)
{
    base.OnCreate(savedInstanceState);
    Xamarin.Essentials.Platform.Init(this, savedInstanceState);
    SetContentView(Resource.Layout.activity_main);

    WebView webView = FindViewById<WebView>(Resource.Id.webview);
    webView.Settings.JavaScriptEnabled = true;

    WebViewWebauthnBridge webViewWebauthnBridge = WebViewWebauthnBridge.CreateInstanceForWebView(this, webView);
    webView.SetWebViewClient(new HwsecurityWebViewClient(webViewWebauthnBridge));

    webView.LoadUrl("https://webauthn.hwsecurity.dev");
}

Congratulations!

That’s all! If you have any questions, don’t hesitate to contact us: