iOS Biometric Authentication with Xamarin Forms
In this article, I will first examine the FaceID and TouchID authentication methods and then I will talk about how to add them to our Xamarin Forms applications.
iOS Biometric Authentication
Before we move on to how to use these in practice, let’s see these technologies and how they work on iOS.
Biometric authentication in iOS consists of TouchID and FaceID. What Apple recommends to be aware of when using these APIs in Human Interface Guideline is listed below:
- The user may never have used or removed biometric authentication. Ensure that the application behaves accordingly.
- Providing a single login method to the user (FaceID) and showing the alternative option (username and password) only when necessary.
- Clearly indicate the method to the user. For example, if using FaceID, typing “Sign In with FaceID” instead of “Sign In”.
- Using terminologies suitable for the method supported by the device. For example; for devices that support FaceID, the term TouchID should not be used.
- Avoid providing adjustments for biometric authentication within your application. This causes the user to think that these system settings can also be changed from within your application.
- Avoiding using system icons in your app to define system authentication methods. Because this causes confusion and creates the perception that the user needs to login.
FaceID
iOS uses the True Depth camera system in the face recognition. With this system, the geometry of the face is drawn. The TrueDepth camera captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of your face and also captures an infrared image of your face. It then converts this data into a mathematical expression and compares it to the enrolled facial data protected by Secure Enclave (a secure processor with a hardware-based key manager isolated from the main processor to provide an extra layer of security).
FaceID is designed to work with factors such as makeup, beard, glasses, hat. It works mostly even in the dark. Of course, if you have made a more obvious change, such as cutting your long beard, it will ask you to enter PassCode before saving the face data.
TouchID
The button is made from sapphire crystal. This protects the sensor and acts as a lens to precisely focus it on your finger. On iPhone and iPad, a steel ring surrounding the button detects your finger and tells Touch ID to start reading your fingerprint.
The steel ring surrounding the Home button detects the finger and tells Touch ID to start reading the fingerprint.
The sensor receives a high-resolution image from the lower layers of the skin with a capacitive touch. Touch ID then analyzes this information and classifies the fingerprint as one of three basic types: arch, loop, or whorl. It also maps small details that the human eye cannot see, and even examines changes caused by pores and edging structures.
Touch ID can read multiple fingerprints. It creates a mathematical expression of the fingerprint. It compares with fingerprint data stored in Secure Enclave to identify any pairing or unlock the device. Only the mathematical expression of the fingerprint is stored on the device, not the picture. Touch ID gradually updates the mathematical expressions of enrolled fingerprints over time to improve pairing accuracy.
Using TouchID and FaceID in Xamarin Forms Application
The authentication mechanism with Touch ID and Face ID allows users to perform secure transactions with minimum effort. For this, we use the LocalAuthentication framework on iOS.
To use biometric verification in the iOS app, we must add the NSFaceIDUsageDescription key to Info.plist.
<key>NSFaceIDUsageDescription</key>
<string>Use Face ID/Touch ID instead of a password to access your account
</string>Let’s define the BiometricService class in our iOS application and add our methods in here.
The application must communicate with the Secure Enclave to compare the fingerprint / face registered with the fingerprint / face data read by the sensor. The LAContext class is provide us to this connection.
LAContext context = new LAContext();Before starting the authentication process, we need to check if the device has biometric support or if there is any enrolled TouchID or FaceID. We can test the validity of the authentication method by sending the LAPolicy parameter we want to check to the CanEvaluatePolicy(LAPolicy policy, out NSError error) method.
public enum LAPolicy : long
{
DeviceOwnerAuthenticationWithBiometrics = 1,
DeviceOwnerAuthentication = 2,
DeviceOwnerAuthenticationWithWatch = 3,
OwnerAuthenticationWithBiometricsOrWatch = 4
}If we test it with LAPolicy.DeviceOwnerAuthentication, the password and username method can alternatively be used. However, if we only want to use biometric authentication, then we should use LAPolicy.DeviceOwnerAuthenticationWithBiometrics.
Kontrol işlemini tamamladıktan sonra doğrulama işlemine geçebiliriz.
var result = await context.EvaluatePolicyAsync(LAPolicy.DeviceOwnerAuthentication, message);iOS:
[assembly: Dependency(typeof(BiometricService))]
namespace BiometricApp.iOS
{
public class BiometricService : IBiometricService
{
LAContext context = new LAContext();public async Task<bool> LoginWithBiometrics()
{
context.LocalizedCancelTitle = "I don't want it.";
context.LocalizedFallbackTitle = "Use password.";
NSError error = new NSError();
Tuple<bool, NSError> result = new Tuple<bool, NSError>(false, null);if (context.CanEvaluatePolicy(LAPolicy.DeviceOwnerAuthentication, out error))
{
string message = "";
switch (context.BiometryType)
{
case LABiometryType.TouchId:
message = "Put your finger on screen to be the King!";
break;
case LABiometryType.FaceId:
message = "Scan your face to be the King!";
break;
case LABiometryType.None:
message = "Your device not support you to be King!";
break;
default:
message = "We can't sure your worthiness!";
break;
}result = await context.EvaluatePolicyAsync(LAPolicy.DeviceOwnerAuthentication, message);
}if (result.Item1 && result.Item2 == null)
return true;
else
return false;
}}
}
Xamarin Forms:
public interface IBiometricService
{
Task<bool> LoginWithBiometrics();
}Calling the Dependency Service:
var result = await DependencyService.Get<IBiometricService>().
LoginWithBiometrics();Alternative to Biometric Authentication
Authentication process can fail for many reasons. For these cases, we should not forget to offer an alternative ways to the user. Some of these situations can be listed as follows:
- TouchID or FaceID may not be supported on the user’s device.
- The user may not have set the biometric data to the device or the Passcode.
- The user may cancel the process / not want to use it.
- Touch ID or Face ID may not be able to identify the user.
To review all possible situations LAError.Code.
Click here to download source code.
Resources:
