Add Passkey support for passwordless authentication

[Copilot]

Implements WebAuthn/Passkey support using ASP.NET Core 10's built-in Identity passkey functionality, allowing users to authenticate using biometrics, security keys, or device PINs.

Backend

• Identity Configuration: Enable SchemaVersion3 in IdentityExtension.cs for passkey support
• Database: Add AspNetUserPasskeys table via EF Core migration with proper entity configuration
• API Endpoints in AccountController.cs:
  • POST /api/account/passkeyattestationoptions - WebAuthn creation options
  • POST /api/account/passkeyattestation - Complete registration
  • POST /api/account/passkeyassertionoptions - WebAuthn request options
  • POST /api/account/passkeyassertion - Complete authentication
  • GET /api/account/passkeys - List passkeys
  • DELETE /api/account/deletepasskey/{credentialId} - Remove passkey
• Localization: EN/ZH-CN strings for passkey messages

Frontend

• API Client: TypeScript types and methods for passkey endpoints
• WebAuthn Utils: Shared base64url encoding/decoding in utils/WebAuthn.ts
• PasskeyManager Component: Modal for listing, adding, and deleting passkeys
• Login Page: "Login with Passkey" button with browser capability detection
• Profile Page: "Manage Passkeys" button for passkey management
• Localization: EN/ZH-CN strings for passkey UI

Usage

// Login with passkey
const options = await api.account.accountPasskeyAssertionOptions({ userName: 'user' })
const credential = await navigator.credentials.get({ publicKey: options })
await api.account.accountPasskeyAssertion({ credentialJson: JSON.stringify(credential) })

[!WARNING]

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• learn.microsoft.com
  • Triggering command: /usr/bin/curl curl -sL REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Passkey support</issue_title> <issue_description>### Before submitting / 提交之前

• [x] I have searched for similar feature requests and found none. / 我已搜索类似的功能请求，但没有找到。

Describe the feature / 描述功能

TL; DR

Feature category / 功能分类

• [x] Frontend / 前端需求
• [x] Backend / 后端需求
• [x] Database / 数据库变更
• [ ] Configuration / 用户配置项
• [x] API / API接口
• [x] Security / 安全相关
• [ ] Performance / 性能优化
• [ ] UI/UX / 用户界面/体验
• [ ] Other / 其他

Why do you need this feature? / 为什么需要这个功能？

ASP.NET Core 10 has released with built-in Passkey support. This should be implemented and considered to be the feature for the next major update, so that users can login with Passkey as an alternative method to password.

Possible implementation / 可能的实现方式

Using the built-in functionality of ASP.NET Core 10 to implement Passkey support. It is supposed to be doable without using any additional 3rd party libraries. </issue_description>

<agent_instructions>Check the latest document of ASP.NET Core 10 first. You should be able to implement it without using any other 3rd party libraries. Implement both the frontend and the backend. </agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes GZTimeWalker/GZCTF#531

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.