Access Error when trying to create FIDO2 Connection

[igalfsg]

Hi @GregDomzalski,

I was trying to add the newly added FIDO2 Support to create attestation and I am getting the following access Error when trying to connect:

System.UnauthorizedAccessException: 'Access is denied. (0x80070005 (E_ACCESSDENIED))'
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode)
   at Yubico.PlatformInterop.HidDDevice.OpenHandleWithAccess(DESIRED_ACCESS desiredAccess)
   at Yubico.PlatformInterop.HidDDevice..ctor(String devicePath)
   at Yubico.Core.Devices.Hid.WindowsHidIOReportConnection..ctor(String path)
   at Yubico.Core.Devices.Hid.WindowsHidDevice.ConnectToIOReports()
   at Yubico.YubiKey.FidoConnection..ctor(IHidDevice hidDevice)
   at Yubico.YubiKey.YubiKeyDevice.TryConnect(YubiKeyApplication application, IYubiKeyConnection& connection)
   at Yubico.YubiKey.YubiKeyDevice.Connect(YubiKeyApplication yubikeyApplication)
   at Yubico.YubiKey.Fido2.Fido2Session..ctor(IYubiKeyDevice yubiKeyDevice)
   at LibTester.Services.FidoKeyService.CreateFIDO2Credential(String serialNumber, FidoChallengeResponse challengeResponse)

I have tried the using (var connection = new Fido2Session(yubiKey)) as well as: IYubiKeyConnection connection = yubiKey.Connect(YubiKeyApplication.Fido2);

Is there something extra I have to do to connect to the Yubikey for FIDO2?

[GregDomzalski]

Hey Igal 😄

Are you running the process elevated? Windows requires that a process connecting to a HID FIDO device must be running with elevated privileges.

[igalfsg]

awkward didn't realize I opened my non admin VS instance now it works.. Closing this but hope it helps someone else :)

[GregDomzalski]

We could probably improve the exception message. I'll add that to our backlog.

[igalfsg]

yeah that would be great, for all the exceptions in the FIDO2 library. They are too broad for us end users to quickly figure out. (For example I was having a problem with my KeyCollector and the error was just request got cancelled)