public IActionResult AdditionalAuthenticationFactor(string returnUrl, bool rememberLogin)
{
var vm = new AdditionalAuthenticationFactorViewModel
{
ReturnUrl = returnUrl,
RememberLogin = rememberLogin
};
return(View(vm));
}
public async Task <IActionResult> AdditionalAuthenticationFactor(AdditionalAuthenticationFactorViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var info = await HttpContext.AuthenticateAsync(IdsrvFaSchemeName);
var tempUser = info?.Principal;
if (tempUser == null)
{
throw new Exception(IdsrvFaSchemeName);
}
if (model.Code != "123")
{
ModelState.AddModelError("2FA code", "2FA code is invalid");
return(View(model));
}
var user = _userRepository.GetUserBySubjectId(tempUser.GetSubjectId());
// login the user
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
// raise event to log the user login event
await _events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId.ToString(), user.Username));
// issue authentication cookie with subject ID and username
await HttpContext.SignInAsync(user.SubjectId.ToString(), user.Username, props);
// delete temporary cookie used for 2FA
await HttpContext.SignOutAsync(IdsrvFaSchemeName);
// make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page
if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
