// borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Core/src/SignInManager.cs
// copy is required in order to use custom auth types
private async Task DoTwoFactorSignInAsync(TUser user, TwoFactorAuthenticationInfo twoFactorInfo, bool isPersistent, bool rememberClient)
{
// When token is verified correctly, clear the access failed count used for lockout
await ResetLockout(user);
var claims = new List <Claim>
{
new Claim("amr", "mfa")
};
// Cleanup external cookie
if (twoFactorInfo.LoginProvider != null)
{
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, twoFactorInfo.LoginProvider));
await Context.SignOutAsync(ExternalAuthenticationType);
}
// Cleanup two factor user id cookie
await Context.SignOutAsync(TwoFactorAuthenticationType);
if (rememberClient)
{
await RememberTwoFactorClientAsync(user);
}
await SignInWithClaimsAsync(user, isPersistent, claims);
}
private async Task <JwtSignInResult> DoTwoFactorSignInAsync(TUser user, TwoFactorAuthenticationInfo twoFactorInfo, bool rememberClient)
{
// When token is verified correctly, clear the access failed count used for lockout
await ResetLockout(user);
var claims = new List <Claim>();
claims.Add(new Claim("amr", "mfa"));
// Cleanup external cookie
if (twoFactorInfo.LoginProvider != null)
{
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, twoFactorInfo.LoginProvider));
//await Context.SignOutAsync(IdentityConstants.ExternalScheme);
}
// todo: review + no need
// Cleanup two factor user id cookie
//await Context.SignOutAsync(IdentityConstants.TwoFactorUserIdScheme);
string rememberTwoFactor = null;
if (rememberClient)
{
rememberTwoFactor = await RememberTwoFactorClientAsync(user);
}
var tokens = await SignInWithClaimsAsync(user, claims);
return(JwtSignInResult.Success(tokens));
}
/// <summary>
/// Extension method for authenticate.
/// </summary>
/// <param name="context">The <see cref="T:Microsoft.AspNetCore.Http.HttpContext" /> context.</param>
/// <returns>The <see cref="TwoFactorAuthenticationInfo" />.</returns>
public static async Task <TwoFactorAuthenticationInfo> AuthenticateAsync(this HttpContext context)
{
return(await Task.Run(() =>
{
var tempDataProvider = (ITempDataProvider)context.RequestServices.GetService(typeof(ITempDataProvider));
var twoFactorInfo = new TwoFactorAuthenticationInfo
{
UserId = (string)tempDataProvider.LoadTempData(context)[TwoFactorAuthKey]
};
return twoFactorInfo;
}));
}
private ClaimsIdentity CreateIdentity(TwoFactorAuthenticationInfo info)
{
if (info == null)
{
return(null);
}
var identity = new ClaimsIdentity(Options.Cookies.TwoFactorUserIdCookieAuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.Name, info.UserId));
if (info.LoginProvider != null)
{
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, info.LoginProvider));
}
return(identity);
}
private async Task DoTwoFactorSignInAsync(TUser user, TwoFactorAuthenticationInfo twoFactorInfo, bool isPersistent, bool rememberClient)
{
// When token is verified correctly, clear the access failed count used for lockout
await ResetLockout(user);
// Cleanup external cookie
if (twoFactorInfo.LoginProvider != null)
{
await Context.SignOutAsync(IdentityConstants.ExternalScheme);
}
// Cleanup two factor user id cookie
await Context.SignOutAsync(IdentityConstants.TwoFactorUserIdScheme);
if (rememberClient)
{
await RememberTwoFactorClientAsync(user);
}
await SignInAsync(user, isPersistent, twoFactorInfo.LoginProvider);
}
private async Task DoTwoFactorSignInAsync(User user, TwoFactorAuthenticationInfo twoFactorInfo, bool isPersistent, bool rememberClient)
{
// 当令牌被正确验证时,清除用于锁定的访问失败计数。
await ResetLockout(user);
// Cleanup external cookie
if (twoFactorInfo.LoginProvider != null)
{
await Context.SignOutAsync(IdentityConstants.ExternalScheme);
}
// Cleanup two factor user id cookie
await Context.SignOutAsync(IdentityConstants.TwoFactorUserIdScheme);
if (rememberClient)
{
await RememberTwoFactorClientAsync(user);
}
await SignInAsync(user, isPersistent, twoFactorInfo.LoginProvider);
}
