ASP.NET Core 8.0 - Users Without Identity Project

v3.0.13

V4 Coming Soon!

The World Wide Web Consortium (W3C) is working on the next API specification for accessing Public Key Credentials. The W3C Working Draft, dated 27 January 2025 is published at Web Authentication: An API for accessing Public Key Credentials Level 3. The latest Editors Draft is published at Editor’s Draft, 11 July 2025.

I am updating the UWPP V4 to support these new requirements. The Attestation (registration) and Assertion (authentication) processes have been updated and commented to meet the new specification. New properties are added to the Passkey (credential) and the PasskeyChallenge (audit) records. I updated the Passkey and PasskeyChallenge UI. I added Ed25519 algorithm and Discoverable Credential support. I am working to update the Users Without Passwords Project, Users With Device 2FAProject, and Users With Comments Project to version 4.

Probably the most exciting specification is support for cross-origin authentication. I am testing the UWPP V4 at Fido.KenHaggerty.Com. Fido.KenHaggerty.Com is a modified version of the UWPP with security settings and UI to host cross-origin authentication. The published versions of Users Without Passwords Project, Users With Device 2FA Project, Users Without Identity Project, Users With Comments Project have been modified to authenicate with a pre-registered Fido.KenHaggerty.Com user.

Help Test Cross-Origin Authentication

  • Register a user on Fido.KenHaggerty.Com.
  • Use the Login Central Portal to login to this site with a Fido.KenHaggerty.Com user.
  • The first login requires a local account association, choose new local account or link to an existing local account.

The Users Without Identity Project (UWIP) is the source code for UsersWithoutIdentity. Com. The UWIP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The UWIP implements user authentication and two factor authentication like MS Identity but with a clear and modifiable design. UWIP implements two factor authentication with the (TOTP) standard and is compatible with the MS Authenticator or Google Authenticator applications. Users can self-manage passwords, email addresses, and security in Manage Account. Admins can list and manage users, email addresses, and histories.

The UWIP was initially developed back in 2020 with framework .NET Core 3.1. I upgraded the project to .NET 5.0 then to the LTS version .NET 6.0. Version 2.x of the project integrated the ASP.NET Core 6.0 - Homegrown Analytics Project and implemented multiple email addresses per user. I enabled the nullable context and mitigated all warnings and issues. See Nullable reference types. The latest version of the UWIP is published at UsersWithoutIdentity. Com.