Recently, I worked on an application built with Xamarin Forms that needed to force the user to re-authenticate on every use for security reasons. It’s a pain to have to type out your password on a phone every single time you use an app, so the obvious choice was to allow the user to authenticate with Touch ID on iOS, fingerprint reader on Android (if available), and Windows Hello/PIN on UWP.
Thankfully, GitHub user smstuebe has taken most of the work out of this for us with their excellent Fingerprint plugin for Xamarin
To be able to re-authenticate with touch/Windows Hello, you need to store some type of token on the user’s phone to utilize once they have confirmed their identity through the fingerprint plugin. I won’t go into the mechanics of that here, other than that James Montemango’s Settings Plugin is an excellent way to store basic settings like a token.
Once we can store a token or other information needed for re-authentication, we also need to do a little bit of additional setup for Android. Fingerprint requires the following permissions in the AndroidManfest.xml:
<uses-permission android:name="android.permission.USE_FINGERPRINT" /> <uses-permission android:name="com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY" />
Also, we need to install the Current Activity Plugin (also from James Montemango), which allows the Fingerprint plugin to utilize our current Android activity. Install this from NuGet in your Android project only. Once that is done, we need to add a “MainApplication.cs” file to our Android project as well:
Two key things about this:
CrossFingerprint.SetCurrentActivityResolver(() => CrossCurrentActivity.Current.Activity);
Must be set in the OnCreate() method to register the fingerprint plugin, and the [Application] tag must also be set above the MainApplication class to generate the application element in the AndroidManifest.xml that Cross Activity Plugin uses.
Using Fingerprint Plugin
With the prerequisites set up, the code to implement the fingerprint plugin is:
CrossFingerprint.Current.AuthenticateAsync will return true or false, and we can use that to determine if we should sign in the user automatically or not.
Additionally, you can call
if (await CrossFingerprint.Current.IsAvailableAsync(true) && tokenAvailable)
// show option to use touch/win hello
The above would check if the user’s device supports touch/Windows Hello, and if there is a token stored on the device from a previous login to know whether or not we should show them this option for re-authentication.
That’s it! Below you can see a few screenshots of the results in our app ElePass: