internal void GetCode()
{
var auth = new TwoStepsAuthenticator.TimeAuthenticator();
Code = auth.GetCode(this.Key);
auth.CheckCode(key, Code, "user");
}
public ActionResult DoubleAuth(string code)
{
WebsiteUser user = (WebsiteUser)Session["AuthenticatedUser"];
var auth = new TwoStepsAuthenticator.TimeAuthenticator(usedCodeManager: usedCodesManager);
if (auth.CheckCode(user.DoubleAuthKey, code, user))
{
FormsAuthentication.SetAuthCookie(user.Login, true);
return RedirectToAction("Welcome");
}
return RedirectToAction("Index");
}
public ActionResult DoubleAuth(string code)
{
WebsiteUser user = (WebsiteUser)Session["AuthenticatedUser"];
var auth = new TwoStepsAuthenticator.TimeAuthenticator(usedCodeManager: usedCodesManager);
if (auth.CheckCode(user.DoubleAuthKey, code, user))
{
FormsAuthentication.SetAuthCookie(user.Login, true);
return(RedirectToAction("Welcome"));
}
return(RedirectToAction("Index"));
}
private static string secretKey;//模拟服务端保存的密钥//应加密后存储在服务器中
//验证密钥
public static bool verifySecret(string userCode)
{
if (secretKey == null)
{
throw new NullReferenceException("当前密钥为空!");
}
else
{
var secret = secretKey;
var code = userCode;
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
return(authenticator.CheckCode(secret, code, "user特朗普"));
}
}
public ReponseApi ValidateCodeMicrosoft(DataValidateMicrosoft par)
{
ReponseApi res = new ReponseApi();
res.Codigo = 0;
res.Mensaje = "";
res.Respuesta = null;
try
{
if (string.IsNullOrEmpty(par.Cuenta))
{
res.Mensaje = "La Cuenta no puede ser nula";
}
else if (string.IsNullOrEmpty(par.Secreto))
{
res.Mensaje = "El Emisor no puede ser nulo";
}
else if (string.IsNullOrEmpty(par.Codigo))
{
res.Mensaje = "El Codigo no puede ser nulo";
}
else
{
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
bool isok = authenticator.CheckCode(par.Secreto, par.Codigo, par.Cuenta);
if (isok != true)
{
res.Mensaje = "El Código ingresado no es correcto";
}
else
{
res.Codigo = 1;
res.Mensaje = "Código Válido";
}
}
}
catch (Exception ex)
{
//Log Error
_logger.Log(LogLevel.Error, ex, ex.Message);
}
return(res);
}
public async Task <IActionResult> AdditionalAuthenticationFactor(
AdditionalAuthenticationFactorViewModel model)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (ModelState.IsValid)
{
// read identity from the temporary cookie
var result = await HttpContext.AuthenticateAsync("idsrv.mfa");
if (result?.Succeeded != true)
{
throw new Exception("MFA authentication error");
}
var subject = result.Principal.FindFirst(JwtClaimTypes.Subject)?.Value;
var user = await _localUserService.GetUserBySubjectAsync(subject);
var userSecret = await _localUserService.GetUserSecret(subject, "TOTP");
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
if (!authenticator.CheckCode(userSecret.Secret, model.Totp, user))
{
ModelState.AddModelError("totp", "TOTP is invalid.");
return(View(model));
}
await _events.RaiseAsync(
new UserLoginSuccessEvent(
user.Username,
user.Subject,
user.Username,
clientId : context?.Client.ClientId));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc =
DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
;
// delete temporary cookie used during mfa
await HttpContext.SignOutAsync("idsrv.mfa");
// issue authentication cookie with subject ID and username
var isuser = new IdentityServerUser(user.Subject)
{
DisplayName = user.Username
};
await HttpContext.SignInAsync(isuser, props);
if (context != null)
{
if (context.IsNativeClient())
{
// The client is native, so this change in how to
// return the response is for better UX for the end user.
return(this.LoadingPage("Redirect", model.ReturnUrl));
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
return(View(model));
}
internal void GetCode()
{
var auth = new TwoStepsAuthenticator.TimeAuthenticator();
Code = auth.GetCode(this.Key);
auth.CheckCode(key, Code);
}
public static bool CheckCodeSms(string secret, string token, User model, int time = 30)
{
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(null, null, time);
return(authenticator.CheckCode(secret, token, model));
}
public string VerifyCodeEnable([FromBody] JObject value = null)
{
try
{
var userModel = (User)RouteData.Values[ParseDataKeyApi.KEY_PASS_DATA_USER_MODEL];
if (userModel.IsTwoFactor == 2)
{
if (!value.ContainsKey(ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE))
{
return(HelpersApi.CreateDataError(MessageApiError.PARAM_INVALID));
}
var code = value[ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE].ToString();
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
var secretAuthToken = ActionCode.FromJson(userModel.SecretAuthToken);
if (string.IsNullOrEmpty(secretAuthToken.CustomTwofa))
{
return(HelpersApi.CreateDataError(MessageApiError.SMS_VERIFY_ERROR));
}
var isOk = authenticator.CheckCode(secretAuthToken.CustomTwofa, code, userModel);
if (!isOk)
{
return(HelpersApi.CreateDataError(MessageApiError.SMS_VERIFY_ERROR));
}
}
else if (userModel.IsTwoFactor == 0)
{
if (value.ContainsKey(ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE))
{
return(HelpersApi.CreateDataError(MessageApiError.PARAM_INVALID));
}
}
var google = new GoogleAuthen.TwoFactorAuthenticator();
var secretKey = CommonHelper.RandomString(32);
var startSetup = google.GenerateSetupCode(userModel.Email, secretKey, 300, 300);
userModel.TwoFactorSecret = secretKey;
Console.WriteLine(secretKey);
var resultUpdate = _userBusiness.UpdateProfile(userModel);
if (resultUpdate.Status == Status.STATUS_ERROR)
{
return(resultUpdate.ToJson());
}
return(new ReturnObject
{
Status = Status.STATUS_SUCCESS,
Data = startSetup.ManualEntryKey
}.ToJson());
}
catch (Exception e)
{
_logger.Error(KeyLogger.TWOFA_ENABLE_VERIFY + e);
return(HelpersApi.CreateDataError(e.Message));
}
}
/// <summary>
/// VerifyCode by type generate
/// </summary>
/// <param name="user"></param>
/// <param name="code"></param>
/// <param name="typeGenerate"></param>
/// <returns></returns>
public static bool VerifyCodeSms(ApplicationUser user, string code, string typeGenerate)
{
try
{
var secretSmsKey = SecretSmsKey.FromJson(user.ListSecretKeySms);
string secret;
switch (typeGenerate)
{
case Const.TypeGenerateChangePassword:
secret = secretSmsKey.ChangePassword;
break;
case Const.TypeGenerateChangeOldPhoneNumber:
secret = secretSmsKey.ChangePhoneOldPhone;
break;
case Const.TypeGenerateChangeNewPhoneNumber:
secret = secretSmsKey.ChangePhoneNewPhone;
break;
case Const.TypeGenerateChangeConfirmPhoneNumber:
secret = secretSmsKey.ChangePhoneConfirmPhone;
break;
case Const.TypeGenerateChangeTwoFactor:
secret = secretSmsKey.ChangeTwoFactor;
break;
case Const.TypeGenerateLockAccount:
secret = secretSmsKey.LockAccount;
break;
case Const.TypeGenerateUnlockAccount:
secret = secretSmsKey.UnlockAccount;
break;
case Const.TypeGenerateAddPhoneNumber:
secret = secretSmsKey.AddPhoneNumber;
break;
case Const.TypeGenerateAddLockScreen:
secret = secretSmsKey.AddLockScreen;
break;
case Const.TypeGenerateLogin:
secret = secretSmsKey.Login;
break;
default:
return(false);
}
if (string.IsNullOrEmpty(secret))
{
return(false);
}
var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
var isCheck = authenticator.CheckCode(secret, code, user);
return(isCheck);
}
catch (Exception e)
{
Logger.LogError("SecurityController ==>> VerifyCode: " + e.Message);
return(false);
}
}
