/// <summary>
/// Illustrate recovery using a not-normal-"consumer mode" recovery agent.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">Alias of member to recover</param>
/// <returns>recovered member</returns>
public TppMember RecoverWithComplexRule(
Tokenio.Tpp.TokenClient tokenClient,
Alias alias)
{
// complexRecovery begin snippet to include in docs
string memberId = tokenClient.GetMemberIdBlocking(alias);
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
Key newKey = cryptoEngine.GenerateKey(Key.Types.Level.Privileged);
string verificationId = tokenClient.BeginRecoveryBlocking(alias);
MemberRecoveryOperation.Types.Authorization authorization = tokenClient.CreateRecoveryAuthorizationBlocking(
memberId,
newKey);
// ask recovery agent to verify that I really am this member
Signature agentSignature = getRecoveryAgentSignature(authorization);
// We have all the signed authorizations we need.
// (In this example, "all" is just one.)
MemberRecoveryOperation mro = new MemberRecoveryOperation
{
Authorization = authorization,
AgentSignature = agentSignature
};
TppMember recoveredMember = tokenClient.CompleteRecoveryBlocking(
memberId,
(new[] { mro }).ToList(),
newKey,
cryptoEngine);
// after recovery, aliases aren't verified
// In the real world, we'd prompt the user to enter the code emailed to them.
// Since our test member uses an auto-verify email address, any string will work,
// so we use "1thru6".
recoveredMember.VerifyAliasBlocking(verificationId, "1thru6");
// complexRecovery done snippet to include in docs
return(recoveredMember);
}
/// <summary>
/// Recover previously-created member, assuming they were
/// configured with a "normal consumer" recovery rule.
/// </summary>
/// <param name="tokenClient">SDK client</param>
/// <param name="alias">alias of member to recoverWithDefaultRule</param>
/// <returns>recovered member</returns>
public TppMember RecoverWithDefaultRule(Tokenio.Tpp.TokenClient tokenClient, Alias alias)
{
string verificationId = tokenClient.BeginRecoveryBlocking(alias);
// recoverWithDefault begin snippet to include in docs
string memberId = tokenClient.GetMemberIdBlocking(alias);
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
// In the real world, we'd prompt the user to enter the code emailed to them.
// Since our test member uses an auto-verify email address, any string will work,
// so we use "1thru6".
TppMember recoveredMember = tokenClient.CompleteRecoveryWithDefaultRuleBlocking(
memberId,
verificationId,
"1thru6",
cryptoEngine);
// We can use the same verification code to re-claim this alias.
recoveredMember.VerifyAliasBlocking(verificationId, "1thru6");
// recoverWithDefault done snippet to include in docs
return(recoveredMember);
}
