DEV Community

Mark0
Mark0

Posted on

How We Added WebAuthn to a Browser-Based RDP Client

This article details the technical journey of building the first non-Windows RDP client to support WebAuthn redirection within the Prisma Browser. The development team encountered significant hurdles, including incomplete protocol specifications for [MS-RDPEWA] and limitations in standard browser APIs that prevented passing raw hashesโ€”a requirement for compatibility with older Windows servers that do not send full JSON data.

To overcome these challenges, the team utilized AI-assisted reverse engineering on Microsoft's mstsc.exe and webauthn.dll. They discovered a private, undocumented DVC plugin path that handles raw hash requests differently than the public API. The final solution involved creating a custom Chromium extension API and a TypeScript protocol layer, enabling full FIDO2 support across various platforms and server versions, predating similar support in other open-source clients.


Read Full Article

Top comments (0)