指纹生物识别Fingerprint biometrics

本文介绍了如何将指纹生物识别添加到通用 Windows 平台 (UWP) 应用中。This article explains how to add fingerprint biometrics to your Universal Windows Platform (UWP) app. 在用户必须同意特定操作时将指纹身份验证请求囊括在内,将提升应用的安全性。Including a request for fingerprint authentication when the user must consent to a particular action increases the security of your app. 例如,可在授权应用内购买或对受限资源的访问权限之前要求指纹身份验证。For example, you could require fingerprint authentication before authorizing an in-app purchase, or access to restricted resources. 使用 UserConsentVerifier 命名空间中的UserConsentVerifier类管理指纹身份验证。Fingerprint authentication is managed using the UserConsentVerifier class in the Windows.Security.Credentials.UI namespace.

检查设备以寻找指纹读取器Check the device for a fingerprint reader

若要查找设备是否安装了指纹读取器,请调用 UserConsentVerifier.CheckAvailabilityAsyncTo find out whether the device has a fingerprint reader, call UserConsentVerifier.CheckAvailabilityAsync. 即使设备支持指纹身份验证,应用仍应当在“设置”中向用户提供相应选项,以便启用或禁用指纹身份验证。Even if a device supports fingerprint authentication, your app should still provide users with an option in Settings to enable or disable it.

public async System.Threading.Tasks.Task<string> CheckFingerprintAvailability()
{
    string returnMessage = "";

    try
    {
        // Check the availability of fingerprint authentication.
        var ucvAvailability = await Windows.Security.Credentials.UI.UserConsentVerifier.CheckAvailabilityAsync();

        switch (ucvAvailability)
        {
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.Available:
                returnMessage = "Fingerprint verification is available.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DeviceBusy:
                returnMessage = "Biometric device is busy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DeviceNotPresent:
                returnMessage = "No biometric device found.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DisabledByPolicy:
                returnMessage = "Biometric verification is disabled by policy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.NotConfiguredForUser:
                returnMessage = "The user has no fingerprints registered. Please add a fingerprint to the " +
                                "fingerprint database and try again.";
                break;
            default:
                returnMessage = "Fingerprints verification is currently unavailable.";
                break;
        }
    }
    catch (Exception ex)
    {
        returnMessage = "Fingerprint authentication availability check failed: " + ex.ToString();
    }

    return returnMessage;
}

若要请求来自指纹扫描的用户同意,请调用 UserConsentVerifier.RequestVerificationAsync 方法。To request user consent from a fingerprint scan, call the UserConsentVerifier.RequestVerificationAsync method. 要使指纹身份验证起效,用户必须预先将指纹“签名”添加到指纹数据库中。For fingerprint authentication to work, the user must have previously added a fingerprint "signature" to the fingerprint database.

当你调用 UserConsentVerifier.RequestVerificationAsync 时,将向用户呈现一个请求指纹扫描的模式对话框。When you call the UserConsentVerifier.RequestVerificationAsync, the user is presented with a modal dialog requesting a fingerprint scan. 你可以向 UserConsentVerifier.RequestVerificationAsync 方法提供一条消息,此消息将作为模式对话框的一部分显示给用户,如下图所示。You can supply a message to the UserConsentVerifier.RequestVerificationAsync method that will be displayed to the user as part of the modal dialog, as shown in the following image.

private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
    string returnMessage;

    if (String.IsNullOrEmpty(userMessage))
    {
        userMessage = "Please provide fingerprint verification.";
    }

    try
    {
        // Request the logged on user's consent via fingerprint swipe.
        var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifier.RequestVerificationAsync(userMessage);

        switch (consentResult)
        {
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
                returnMessage = "Fingerprint verified.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
                returnMessage = "Biometric device is busy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
                returnMessage = "No biometric device found.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
                returnMessage = "Biometric verification is disabled by policy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
                returnMessage = "The user has no fingerprints registered. Please add a fingerprint to the " +
                                "fingerprint database and try again.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
                returnMessage = "There have been too many failed attempts. Fingerprint authentication canceled.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
                returnMessage = "Fingerprint authentication canceled.";
                break;
            default:
                returnMessage = "Fingerprint authentication is currently unavailable.";
                break;
        }
    }
    catch (Exception ex)
    {
        returnMessage = "Fingerprint authentication failed: " + ex.ToString();
    }

    return returnMessage;
}