Getting the Verifiable Credentials .NET sample 3 working (Part 1)

If you haven’t read the first article, have a read here.

Setup the basic VC stuff as per that article.

The Github sample is here.

There are three .NET samples there. The above link refers to the first sample.

This post is about the third sample.

There are two parts to the sample.

• Part 1 is about getting the website working. This includes the VC API’s for issue and verify.
• Part 2 is about setting up the custom policies to use those API’s.

The ngrok command to get this working is:

ngrok http https://localhost:5001

The key to getting this sample working are the rules and display files (gist here) and the appsettings.json file.

Note the type in the rules file:

"type": [
      "B2CVerifiedAccount"
 ]

The appsettings are:

{
  "Logging": {
    "LogLevel": {
      "Default": "Trace",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "AppSettings": {
    "ApiEndpoint": "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/",
    "Authority": "https://login.microsoftonline.com/{0}",
    "scope": "3db474b9-6a0c-4840-96ac-1fceb342124f/.default",
    "TenantId": "00d...c79",
    "ClientId": "6d4...838",
    "ClientSecret": "hnL...bR0",
    "ApiKey": "B2C_1A_VCRestApiKey",
    "CookieKey": "state",
    "CookieExpiresInSeconds": 7200,
    "CacheExpiresInSeconds": 300,
    "client_name": "DotNet B2C+VC sample",
    "Purpose": "To prove your identity",
    "VerifierAuthority": "did:ion:EiC...ZyJ9fQ",
    "IssuerAuthority": "did:ion:EiC...ZyJ9fQ",
    "CredentialType": "B2CVerifiedAccount",    
    "DidManifest": "https://verifiedid.did.msidentity.com/v1.0/tenants/00d...c79/verifiableCredentials/contracts/4e0...bb/manifest",
    "IssuancePinCodeLength": 0,    
    "B2C1ARestApiKey": ""

  }
}

Note how the “CredentialType” in the appsettings matches the value in the rules file. This is how you control what VC are acceptable.

Using the rules and display files, create a new custom credential in the Azure AD Verified ID tab by copy/pasting the files.

Call the credential something like “B2C Verified Credential”.

It should look like:

If you click on the “4 claims” link, you see:

that match the claims in the rules file.

Copy the “Manifest URL” and paste it in “DidManifest” in the settings.

Run the sample and navigate to the ngrok link in the browser.

e.g. for:

Forwarding https://ecb3-122-60-191-57.ngrok-free.app -> https://localhost:5001 

Use:

https://ecb3–122–60-191-57.ngrok-free.app

You should see:

Click “Issue Credential”.

This sample is actually designed to work with a B2C custom policy which we will use in part 2.

However, you have to get this sample working first as it underlies the custom policy one.

Hence, you need to enter the above attributes (which can be any value) as these would normally be derived from the custom policy sign up / sign in process.

Click “Issue Credential”.

Scan the QR code with the Authenticator app.

Click “Add”.

The verified ID should be accepted.

If we look at the details of the VC:

we can see the attributes match those that we typed in above.

Navigate back to:

https://ecb3-122-60-191-57.ngrok-free.app/

Click “Verify Credential”.

Click “Prove Credential”.

Scan the QR code with the Authenticator app.

Click “Share”.

The request will be approved.

If you have more than one VC that matches the criteria, you will be asked to select one.

At this point, you know the sample works so you can move onto part 2.

All good!