public async Task <IActionResult> OnPostAsync(string button)
{
var returnUrlCookie = Request.Cookies[LoginWellKnown.LoginReturnUrlCookieName];
var returnUrl = returnUrlCookie;
if (button != "submit")
{
// the user clicked the "cancel" button
var context = await _interaction.GetAuthorizationContextAsync(ReturnUrl);
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(Input.Email);
var factors = await _multiFactorUserStore.GetFactorsAsync(user, CancellationToken.None);
var factorDictionary = new Dictionary <string, ApplicationFactor>();
foreach (var factor in factors)
{
factorDictionary.Add(factor.Challenge, factor);
}
bool challengeResponseValid = true;
foreach (var inputFactor in Input.Factors)
{
var factor = factorDictionary[inputFactor.Challenge];
challengeResponseValid = SecurePasswordHasher.Verify(inputFactor.ChallengeResponse, factor.ChallengeResponseHash);
if (!challengeResponseValid)
{
ModelState.AddModelError(string.Empty, $"{inputFactor.Challenge}: Invalid Challenge Response.");
}
}
if (challengeResponseValid)
{
foreach (var inputFactor in Input.Factors)
{
_challengeQuestionsTracker.ChallengeQuestions.Add(inputFactor.Challenge, true);
}
_challengeQuestionsTracker.Store();
// we can now signin.
await _signInManager.SignInAsync(user, false, IdentityConstants.ApplicationScheme);
Response.RemoveCookie(LoginWellKnown.LoginReturnUrlCookieName);
return(LocalRedirect(returnUrl));
}
}
return(Page());
}
