question

StuartSchechter-0572 avatar image
0 Votes"
StuartSchechter-0572 asked ·

Recommended API for accessing HID USB Interface for FIDO device

I'm writing a console and GUI app that needs to communicate with a FIDO security key over the HID protocol (usage page: 0xf1d0, usageId: HID_USAGE_PAGE_GENERIC==0x0001).

According to https://docs.microsoft.com/en-us/previous-versions/windows/apps/dn263140(v=win.10),

The Windows.Devices.HumanInterfaceDevice API supports most HID devices. However, it blocks the top-level application collection represented by the following usage pages, to prevent conflict with other Windows APIs and OS behavior:

I was hoping that I could use the UWP interfaces so long as I ran as root, but that doesn't seem to work.

I can't use the built-in FIDO support because I am using a special vendor-specific feature.

So, if I can't use that, but need to build an app that will allow HID communication even if it requires a UAC escalation, which interface should I use and how do I ensure the UAC escalation happens if one is needed? Is it possible to do so in c# so that I'm at least using a type-safe language?

dotnet-csharp
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@DanielZhang-MSFT

I don't see how either of those threads relate to my question, as it looks like they are both written for people who are writing code that would not be blocked for accessing devices with HID_USAGE_PAGE_GENERIC and who do not have security concerns with running third-party code.

Seeing as Microsoft is blocking access to these HID devices over UWP, I am asking if there is any supported approach to do for applications running as administrator. My choice appears to include using Win32 (increasing the chance of security vulnerabilities by introducing type unsafe code), using third party code built on top of Win32 APIs (again, a new chance for vulnerabilities), or identify a Microsoft-supported way to access these devices from within c# code running as administrator if necessary.

If the intent of the UWP team is that it should be possible to override the block running as administrator, I would need documentation on how to do so as all attempts have failed.

0 Votes 0 ·
DanielZhang-MSFT avatar image DanielZhang-MSFT StuartSchechter-0572 ·

Hi @StuartSchechter-0572,
Regarding this problem, I have already given feedback here. Hope to get more professional answers.
Thank you for your understanding.
Best Regards,
Daniel Zhang


0 Votes 0 ·

0 Answers