Getting user consent before executing sensitive code

  • Gérald Barré

Before executing sensitive actions, such as purchasing something or showing sensitive data, you need to get user consent. Also, you need to ensure the actual user is the one who is executing the action. Windows provides an API to get user consent before executing sensitive actions.

First, you need indicate the project targets Windows by setting the TargetFramework property in the .csproj file:

csproj (MSBuild project file)
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net6.0-windows10.0.17763.0</TargetFramework>
  </PropertyGroup>
</Project>

Then, you can use the Windows specific API to get consent:

C#
async Task<bool> ConsentAsync(string reason)
{
    var availability = await Windows.Security.Credentials.UI.UserConsentVerifier.CheckAvailabilityAsync();
    if (availability == Windows.Security.Credentials.UI.UserConsentVerifierAvailability.Available)
    {
        var result = await Windows.Security.Credentials.UI.UserConsentVerifier.RequestVerificationAsync(reason);
        return result == Windows.Security.Credentials.UI.UserConsentVerificationResult.Verified;
    }

    return false;
}

You can use the ConsentAsync method before executing an action:

C#
if (await ConsentAsync("Confirm your identity before purhasing this awesome product"))
{
    Console.WriteLine("Purchase an awesome product");
}
else
{
    Console.WriteLine("Cannot purchase an awesome product");
}

#Additional resources

Do you have a question or a suggestion about this post? Contact me!

Follow me:
Enjoy this blog?Buy Me A Coffee💖 Sponsor on GitHub