public async Task <ActionResult> VerifyUser(ChallengeQandAViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var user = await UserManager.FindByEmailAsync(model.UserId); var qId = user.UserQuestions.Where(m => m.Q_ID.Equals(model.Q_ID)).FirstOrDefault(); if (model.Answer.Equals(qId.Answer, StringComparison.OrdinalIgnoreCase)) { model.Code = await UserManager.GeneratePasswordResetTokenAsync(user.Id); return(RedirectToAction("ResetPassword", "Account", new { code = model.Code, email = model.UserId })); } else { user.SecQandAFailCount += 1; await UserManager.UpdateAsync(user); if (user.SecQandAFailCount >= UserManager.MaxFailedAccessAttemptsBeforeLockout) { UserManager.SetLockoutEndDate(user.Id, DateTimeOffset.UtcNow.Add(UserManager.DefaultAccountLockoutTimeSpan)); user.SecQandAFailCount = 0; await UserManager.UpdateAsync(user); ViewBag.DefaultAccountLockoutTimeSpan = UserManager.DefaultAccountLockoutTimeSpan.TotalMinutes; return(View("Lockout")); } return(RedirectToAction("VerifyUser", new { userId = model.UserId, code = model.Code })); } }
public async Task <ActionResult> VerifyUser(string userId, string code) { var user = await UserManager.FindByEmailAsync(userId); if (user != null && UserManager.IsLockedOut(user.Id)) { ViewBag.DefaultAccountLockoutTimeSpan = UserManager.DefaultAccountLockoutTimeSpan.TotalMinutes; return(View("Lockout")); } else if (user != null && UserManager.VerifyUserToken(user.Id, "CanAnswerSecQuestions", code)) { var questionVM = new ChallengeQandAViewModel(); var r = new Random(); var num = r.Next(user.UserQuestions.Count); var userQandA = user.UserQuestions.ToList()[num]; questionVM.Question = userQandA.SecurityQuestion.Questions; questionVM.Q_ID = userQandA.SecurityQuestion.ID; questionVM.Code = code; questionVM.UserId = userId; return(View(questionVM)); } return(View("InvalidToken")); }