public async Task <IActionResult> LoginWithPushValidator([FromBody] GetAuthenticationResultModel model)
        {
            var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();

            if (user == null)
            {
                throw new ApplicationException($"Unable to load two-factor authentication user.");
            }

            var result = PushValidator.SDK.Web.ValidateResponse(_pushValidatorSettings.Value.SecretKey,
                                                                model,
                                                                _pushValidatorSettings.Value.ServerIPs,
                                                                _pushValidatorSettings.Value.ServerFingerprints,
                                                                _pushValidatorSettings.Value.ServerURIs);

            if (!result)
            {
                return(BadRequest());
            }

            if (!model.Result)
            {
                // User responded to the push notification with a deny
                return(Unauthorized());
            }

            // TODO: Perform check for server URI and server certficate fingerprint comparison
            // Success so finish signing in user
            var signinResult = await _signInManager.TwoFactorSignInAsync("PUSHVALIDATOR", string.Empty, false, false);

            return(Json(signinResult.Succeeded));
        }
Exemple #2
0
        /// <summary>
        /// Validates an authentication result returned from the PushValidator service
        /// </summary>
        /// <param name="secretKey">Secret key used to calculate the HMAC</param>
        /// <param name="result">The authentication result to be verified</param>
        /// <param name="serverIPs">Application expected host IPs</param>
        /// <param name="serverCertificateFingerprints">Application expected certificate fingerprints</param>
        /// <param name="serverURIs">Application expected URIs</param>
        /// <returns></returns>
        public static bool ValidateResponse(string secretKey,
                                            GetAuthenticationResultModel result,
                                            IEnumerable <string> serverIPs,
                                            IEnumerable <string> serverCertificateFingerprints,
                                            IEnumerable <string> serverURIs)
        {
            var calculatedSignature    = result.CalculateSignature(secretKey);
            var signatureBytes         = Convert.FromBase64String(result.Signature);
            var verifySignature        = signatureBytes.SequenceEqual(calculatedSignature);
            var serverIPMatch          = serverIPs.Contains(result.ServerIP);
            var serverFingerprintMatch = serverCertificateFingerprints.Contains(result.CertificateFingerprint);
            var serverDomain           = new Uri(result.ServerURI);
            var serverURIMatch         = serverURIs.Contains(serverDomain.Host);

            return(verifySignature &&
                   serverIPMatch &&
                   serverURIMatch &&
                   serverFingerprintMatch);
        }
        public async Task <IActionResult> CheckAuthentication(Guid transactionId)
        {
            var result = _dbContext.AuthenticationResults
                         .FirstOrDefault(x => x.TransactionId == transactionId);

            if (result == null)
            {
                return(NotFound());
            }

            var transaction = await _dbContext.Transactions.FindAsync(result.TransactionId);

            if (transaction == null)
            {
                return(NotFound());
            }

            var application = await _dbContext.Applications.FindAsync(transaction.ApplicationId);

            if (application == null)
            {
                return(NotFound());
            }

            var model = new GetAuthenticationResultModel
            {
                ActualClientIP         = result.ActualClientIP,
                CertificateFingerprint = result.CertificateFingerprint,
                ClientIPMatch          = result.ClientIPMatch,
                Result        = result.Result,
                ServerIP      = result.ServerIP,
                ServerURI     = result.ServerURI,
                TransactionId = result.TransactionId
            };

            model.Signature = Convert.ToBase64String(model.CalculateSignature(application.Key));

            return(Json(model));
        }