public async Task <IActionResult> AdditionalAuthenticationFactor(
AdditionalAuthenticationFactorViewModel model)
{
if (ModelState.IsValid)
{
// read identity from the temporary cookie
var info = await HttpContext.AuthenticateAsync("idsrv.2FA");
var tempUser = info?.Principal;
if (tempUser == null)
{
throw new Exception("2FA error");
}
var user = GinsoftUserRepository.GetUserBySubjectId(tempUser.GetSubjectId());
// ... check code for user
if (model.Code != "123")
{
ModelState.AddModelError("code", "2FA code is invalid.");
return(View(model));
}
// login the user
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
;
// issue authentication cookie for user
await _events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId, user.Username));
await HttpContext.SignInAsync(user.SubjectId, user.Username, props);
// delete temporary cookie used for 2FA
await HttpContext.SignOutAsync("idsrv.2FA");
if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
// something went wrong, show an error
return(View(model));
}
public IActionResult AdditionalAuthenticationFactor(string returnUrl, bool rememberLogin)
{
// create VM
var vm = new AdditionalAuthenticationFactorViewModel()
{
RememberLogin = rememberLogin,
ReturnUrl = returnUrl
};
return(View(vm));
}
