Absolutely! My initial intent with this project was to get on-premises Active Directory integration and an ADFS MFA adapter so that users could register organizationally approved FIDO2 authenticators to their AD user accounts and then use those authenticators to log on through ADFS to federated applications and/or other applications behind ADFS in a one-shot manner for true, secure passwordless login experience.

If you look at https://github.com/abergs/fido2-net-lib/blob/ActiveDirectory/fido2-net-lib/ActiveDirectoryStore.cs, there is the start of an implementation of this. It starts with a small schema addition to support adding a FIDO2 authenticator object as a child object, very similar to how ActiveSync devices work. When registering an authenticator on the sample app, the authenticator is associated to the user object so that the next time that authenticator object is found during a logon, the server knows who the associated user is and can process the logon accordingly.

I have tested the sample to work that far, but the concept could allow for token pre-registration by administrators, user self-service add/remove of authenticators, and other help desk workflow scenarios, including things like authenticator inventory lifecycle, or allowing removal of lost/stolen authenticators or removing all authenticators of a certain type (by AAGUID for instance) if that type of authenticator has been found to be compromised or otherwise been made obsolete, or notifying or forcing users to update firmware or such.

Good starting example, questions

1. Is this example related to Windows Hello or Windows Hello for Business?
2. Why do I have to enter a name and domain instead of picking up my credentials logged in now?
3. Does this authorization take into account any restrictions on my account, just like logging in with password (account disabled, account expired, when user attempts to login outside logon hours or not granted permission to login to the computer etc) does?
4. Do you plan to further develop this project and why is it not included in the master branch?