指紋生物識別技術Fingerprint biometrics

本文將說明如何將指紋生物識別技術新增到您的通用 Windows 平台 (UWP) 應用程式。This article explains how to add fingerprint biometrics to your Universal Windows Platform (UWP) app. 包括使用者必須同意特定動作時的指紋驗證要求,以增強 app 的安全性。Including a request for fingerprint authentication when the user must consent to a particular action increases the security of your app. 例如,您可以在授權 app 內購買之前或授與限制資源的存取權之前要求指紋驗證。For example, you could require fingerprint authentication before authorizing an in-app purchase, or access to restricted resources. 指紋驗證是使用 UserConsentVerifier 類別在 Windows 中管理。 UI 命名空間。Fingerprint authentication is managed using the UserConsentVerifier class in the Windows.Security.Credentials.UI namespace.

檢查裝置是否有指紋辨識器Check the device for a fingerprint reader

若要查明裝置是否具有指紋辨識器,請呼叫 UserConsentVerifier.CheckAvailabilityAsyncTo find out whether the device has a fingerprint reader, call UserConsentVerifier.CheckAvailabilityAsync. 即使裝置支援指紋驗證,您的 app 仍應在 [設定] 中為使用者提供啟用或停用指紋驗證的選項。Even if a device supports fingerprint authentication, your app should still provide users with an option in Settings to enable or disable it.

public async System.Threading.Tasks.Task<string> CheckFingerprintAvailability()
{
    string returnMessage = "";

    try
    {
        // Check the availability of fingerprint authentication.
        var ucvAvailability = await Windows.Security.Credentials.UI.UserConsentVerifier.CheckAvailabilityAsync();

        switch (ucvAvailability)
        {
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.Available:
                returnMessage = "Fingerprint verification is available.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DeviceBusy:
                returnMessage = "Biometric device is busy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DeviceNotPresent:
                returnMessage = "No biometric device found.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.DisabledByPolicy:
                returnMessage = "Biometric verification is disabled by policy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerifierAvailability.NotConfiguredForUser:
                returnMessage = "The user has no fingerprints registered. Please add a fingerprint to the " +
                                "fingerprint database and try again.";
                break;
            default:
                returnMessage = "Fingerprints verification is currently unavailable.";
                break;
        }
    }
    catch (Exception ex)
    {
        returnMessage = "Fingerprint authentication availability check failed: " + ex.ToString();
    }

    return returnMessage;
}

若要要求使用者同意指紋掃描,請呼叫 UserConsentVerifier.RequestVerificationAsync 方法。To request user consent from a fingerprint scan, call the UserConsentVerifier.RequestVerificationAsync method. 為了讓指紋驗證能運作,使用者必須先將指紋「簽章」加到指紋資料庫。For fingerprint authentication to work, the user must have previously added a fingerprint "signature" to the fingerprint database.

當您呼叫 UserConsentVerifier.RequestVerificationAsync 時,使用者會看到一個要求指紋掃描的強制回應對話方塊。When you call the UserConsentVerifier.RequestVerificationAsync, the user is presented with a modal dialog requesting a fingerprint scan. 您可以提供一個訊息給 UserConsentVerifier.RequestVerificationAsync 方法,使用者會在強制回應對話方塊中看見該訊息,如下列影像所示。You can supply a message to the UserConsentVerifier.RequestVerificationAsync method that will be displayed to the user as part of the modal dialog, as shown in the following image.

private async System.Threading.Tasks.Task<string> RequestConsent(string userMessage)
{
    string returnMessage;

    if (String.IsNullOrEmpty(userMessage))
    {
        userMessage = "Please provide fingerprint verification.";
    }

    try
    {
        // Request the logged on user's consent via fingerprint swipe.
        var consentResult = await Windows.Security.Credentials.UI.UserConsentVerifier.RequestVerificationAsync(userMessage);

        switch (consentResult)
        {
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified:
                returnMessage = "Fingerprint verified.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceBusy:
                returnMessage = "Biometric device is busy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DeviceNotPresent:
                returnMessage = "No biometric device found.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.DisabledByPolicy:
                returnMessage = "Biometric verification is disabled by policy.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.NotConfiguredForUser:
                returnMessage = "The user has no fingerprints registered. Please add a fingerprint to the " +
                                "fingerprint database and try again.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.RetriesExhausted:
                returnMessage = "There have been too many failed attempts. Fingerprint authentication canceled.";
                break;
            case Windows.Security.Credentials.UI.UserConsentVerificationResult.Canceled:
                returnMessage = "Fingerprint authentication canceled.";
                break;
            default:
                returnMessage = "Fingerprint authentication is currently unavailable.";
                break;
        }
    }
    catch (Exception ex)
    {
        returnMessage = "Fingerprint authentication failed: " + ex.ToString();
    }

    return returnMessage;
}