UserConsentVerifier Class

Definition

Checks for availability of a verification device (such as a Microsoft Passport PIN, Windows Hello biometric, or fingerprint reader), and performs a verification.

public ref class UserConsentVerifier abstract sealed
/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
/// [Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
class UserConsentVerifier final
[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
[Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
public static class UserConsentVerifier
Public Class UserConsentVerifier
Inheritance
Object Platform::Object IInspectable UserConsentVerifier
Attributes

Windows requirements

Device family
Windows 10 (introduced in 10.0.10240.0)
API contract
Windows.Foundation.UniversalApiContract (introduced in v1.0)

Examples

Desktop apps using C#

For a desktop app, instead of calling the UserConsentVerifier.RequestVerificationAsync method, you'll need to:

private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
    string returnMessage;

    // Retrieve the window handle of the current WinUI 3 window.
    var hwnd = WinRT.Interop.WindowNative.GetWindowHandle(this);

    // Use the interop interface to request the logged on user's consent via device authentication
    var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifierInterop.RequestVerificationForWindowAsync(hwnd, userMessage);

    switch (consentResult)
    {
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
            returnMessage = "User verified.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
            returnMessage = "Authentication device is busy.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
            returnMessage = "No authentication device found.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
            returnMessage = "Authentication device verification is disabled by policy.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
            returnMessage = "Please go to Account Settings to set up PIN or other advanced authentication.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
            returnMessage = "There have been too many failed attempts. Device authentication canceled.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
            returnMessage = "Device authentication canceled.";
            break;
        default:
            returnMessage = "Authentication device is currently unavailable.";
            break;
    }

    return returnMessage;
}

Universal Windows Platform (UWP) apps using C#

This code example is for a Universal Windows Platform (UWP) app. It shows a request for fingerprint verification followed by returning a message that describes the result. The code calls the UserConsentVerifier.RequestVerificationAsync method, which is appropriate for UWP apps.

private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
    string returnMessage;

    // Request the logged on user's consent via authentication device.
    var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifier.RequestVerificationAsync(userMessage);

    switch (consentResult)
    {
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
            returnMessage = "User verified.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
            returnMessage = "Authentication device is busy.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
            returnMessage = "No authentication device found.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
            returnMessage = "Authentication device verification is disabled by policy.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
            returnMessage = "Please go to Account Settings to set up PIN or other advanced authentication.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
            returnMessage = "There have been too many failed attempts. Device authentication canceled.";
            break;
        case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
            returnMessage = "Device authentication canceled.";
            break;
        default:
            returnMessage = "Authentication device is currently unavailable.";
            break;
    }
    return returnMessage;
}

Desktop apps using C++/WinRT

For a desktop app, instead of calling the UserConsentVerifier.RequestVerificationAsync method, you'll need to:

  • First obtain the handle to the window that will request the verification. See Retrieve a window handle (HWND) for details on how to do this for the Windows UI Library (WinUI) 3.
  • Obtain the activation factory for the Windows.Security.Credentials.UI.UserConsentVerifier object.
  • Call the RequestVerificationForWindowAsync method of the IUserConsentVerifierInterop interop interface.
winrt::Windows::Foundation::IAsyncOperation<winrt::hstring> MainWindow::RequestConsent(winrt::hstring userMessage)
{
    auto lifetime = get_strong();

    winrt::hstring returnMessage;

    // Retrieve the window handle of the current WinUI 3 window.
    HWND hwnd;
    winrt::check_hresult(m_inner->as<::IWindowNative>()->get_WindowHandle(&hwnd));

    // Use the interop interface to request the logged on user's consent via device authentication
    auto interop = winrt::get_activation_factory<winrt::Windows::Security::Credentials::UI::UserConsentVerifier, ::IUserConsentVerifierInterop>();
    auto consentResult =
        co_await winrt::capture<winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult>>(
            interop, &::IUserConsentVerifierInterop::RequestVerificationForWindowAsync, hwnd, reinterpret_cast<HSTRING>(winrt::get_abi(userMessage))));

    switch (consentResult)
    {
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::Verified:
            returnMessage = L"User verified.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DeviceBusy:
            returnMessage = L"Authentication device is busy.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DeviceNotPresent:
            returnMessage = L"No authentication device found.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::DisabledByPolicy:
            returnMessage = L"Authentication device verification is disabled by policy.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::NotConfiguredForUser:
            returnMessage = L"Please go to Account Settings to set up PIN or other advanced authentication.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::RetriesExhausted:
            returnMessage = L"There have been too many failed attempts. Device authentication canceled.";
            break;
        case winrt::Windows::Security::Credentials::UI::UserConsentVerificationResult::Canceled:
            returnMessage = L"Device authentication canceled.";
            break;
        default:
            returnMessage = L"Authentication device is currently unavailable.";
            break;
    }

    co_return returnMessage;
}

Remarks

You can use UserConsentVerifier to enhance the security of your app by including a request for verification whenever the user is required to consent to a particular action. For example, you can require fingerprint authentication before authorizing an in-app purchase or access to restricted resources. You can use UserConsentVerifier to determine whether fingerprint authentication is supported for the current computer by using the CheckAvailabilityAsync method, and then request user consent from a fingerprint scan by using the RequestVerificationAsync method.

Methods

CheckAvailabilityAsync()

Checks to see whether an authentication device, such as a Microsoft Passport PIN, Windows Hello, or fingerprint reader, is available.

RequestVerificationAsync(String)

Performs a verification using an authentication device such as Microsoft Passport PIN, Windows Hello, or a fingerprint reader. This API is for Universal Windows Platform (UWP) apps. The alternative API to use for a desktop app is described in Examples in UserConsentVerifier class.

Applies to

See also