public async Task <ActionResult> Index(TwoFactorAuthenticationModel model) { // we're only allowed here when we have a partial sign-in var ctx = Request.GetOwinContext(); var partialSignInUser = await ctx.Environment.GetIdentityServerPartialLoginAsync(); if (partialSignInUser == null) { return(View("No partially signed-in user found.")); } if (ModelState.IsValid) { using (var twoFactorTokenService = new TwoFactorTokenService()) { if (twoFactorTokenService.VerifyTwoFactorCodeFor(partialSignInUser.GetSubjectId(), model.Code)) { // continue where we left off return(Redirect(await ctx.Environment.GetPartialLoginResumeUrlAsync())); } else { // show error return(View("This code is invalid.")); } } } return(View()); }
public async Task <ActionResult> EnableAuthenticator([FromBody] TwoFactorAuthenticationModel twoFactorAuthentication) { var user = await _userManager.FindByIdAsync(twoFactorAuthentication.UserId); if (user == null) { throw new HttpStatusErrorException(HttpStatusCode.NotFound, $"Unable to load user with ID '{twoFactorAuthentication.UserId}'."); } // Strip spaces and hypens var code = twoFactorAuthentication.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, code); if (!is2faTokenValid) { throw new HttpStatusErrorException(HttpStatusCode.BadRequest, "Verification code is invalid."); } await _userManager.SetTwoFactorEnabledAsync(user, true); _logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", twoFactorAuthentication.UserId); if (await _userManager.CountRecoveryCodesAsync(user) == 0) { var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10); return(Ok(recoveryCodes)); } return(Ok($"User with ID '{twoFactorAuthentication.UserId}' has enabled 2FA with an authenticator app and he already has recovery codes")); }
// // GET: Account/TwoFactorAuthenticate //public ActionResult TwoFactorAuthenticate(string returnUrl) //{ // return View(); //} // // POST: Account/TwoFactorAuthenticate public ActionResult TwoFactorAuthenticate(TwoFactorAuthenticationModel model, string returnUrl) { if (ModelState.IsValid && true) { return(RedirectToLocal(returnUrl)); } return(View(model)); }
// ReSharper disable once RedundantAssignment public async Task <IActionResult> TwoFactorAuthentication(TwoFactorAuthenticationModel model) { await _signInManager.ForgetTwoFactorClientAsync(); model = await _manageEndpoint.TwoFactorAuthentication(UserId); model.StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code."; return(View(model)); }
public async Task <ActionResult> Index(TwoFactorAuthenticationModel model) { var partialSignInUser = await EnsurePartialSignedUserFound(); if (!ModelState.IsValid) { return(View()); } return(await ValidateCode(model, partialSignInUser)); }
public async Task <IActionResult> TwoFactorAuthentication(TwoFactorAuthenticationModel model) { var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } await _signInManager.ForgetTwoFactorClientAsync(); StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code."; return(RedirectToAction()); }
private async Task <ActionResult> ValidateCode(TwoFactorAuthenticationModel model, ClaimsIdentity partialSignInUser) { var twoFactorTokenService = new TwoFactorTokenService(); var codeValid = twoFactorTokenService.VerifyTwoFactorCodeFor( partialSignInUser.GetSubjectId(), model.Code); if (codeValid) { return(Redirect(await GetOwinContext().Environment.GetPartialLoginResumeUrlAsync())); } return(View("This code is invalid.")); }
public async Task <IActionResult> TwoFactorAuthentication() { var user = await _userManager.GetUserAsync(User); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); } var model = new TwoFactorAuthenticationModel { HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null, Is2faEnabled = user.TwoFactorEnabled, RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user), }; return(View(model)); }
public async Task <TwoFactorAuthenticationModel> TwoFactorAuthentication(string userId) { var model = new TwoFactorAuthenticationModel(); var user = await GetUser(userId, model); if (user == null) { return(LogErrorReturnModel(model)); } model.HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null; model.Is2FaEnabled = await _userManager.GetTwoFactorEnabledAsync(user); model.RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user); return(model); }
public async Task <IActionResult> TwoFactorAuthenticationUser([FromBody] TwoFactorAuthenticationModel twoFactorAuthentication) { if (!ModelState.IsValid) { throw new HttpStatusErrorException(HttpStatusCode.BadRequest, Constants.ModelIsNotValidMessage); } var user = await _userManager.FindByIdAsync(twoFactorAuthentication.UserId); if (user == null) { throw new HttpStatusErrorException(HttpStatusCode.NotFound, $"Unable to load user with ID '{twoFactorAuthentication.UserId}'."); } if (!user.TwoFactorEnabled) { throw new HttpStatusErrorException(HttpStatusCode.BadRequest, "The current user is not using two-factor authentication."); } // Strip spaces and hypens var code = twoFactorAuthentication.Code.Replace(" ", string.Empty).Replace("-", string.Empty); var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(code, twoFactorAuthentication.IsPersistent, twoFactorAuthentication.RememberMe); if (result.Succeeded) { _logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", user.Id); return(Ok($"User with ID '{user.Id}' logged in with 2fa.")); } if (result.IsLockedOut) { _logger.LogWarning(Constants.UserIsLockedOutMessage, user.Id); throw new HttpStatusErrorException(HttpStatusCode.BadRequest, Constants.UserIsLockedOutMessage); } _logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", user.Id); throw new HttpStatusErrorException(HttpStatusCode.BadRequest, $"Invalid authenticator code entered for user with ID '{user.Id}"); }
public async Task <IActionResult> TwoFactorAuthentication() { var model = new TwoFactorAuthenticationModel(); var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } model.HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null; model.Is2faEnabled = await _userManager.GetTwoFactorEnabledAsync(user); model.IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user); model.RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user); return(View(model)); }