public async Task <ActionResult> Index(TwoFactorAuthenticationModel model)
{
// we're only allowed here when we have a partial sign-in
var ctx = Request.GetOwinContext();
var partialSignInUser = await ctx.Environment.GetIdentityServerPartialLoginAsync();
if (partialSignInUser == null)
{
return(View("No partially signed-in user found."));
}
if (ModelState.IsValid)
{
using (var twoFactorTokenService = new TwoFactorTokenService())
{
if (twoFactorTokenService.VerifyTwoFactorCodeFor(partialSignInUser.GetSubjectId(), model.Code))
{
// continue where we left off
return(Redirect(await ctx.Environment.GetPartialLoginResumeUrlAsync()));
}
else
{
// show error
return(View("This code is invalid."));
}
}
}
return(View());
}
private async Task <ActionResult> ValidateCode(TwoFactorAuthenticationModel model,
ClaimsIdentity partialSignInUser)
{
var twoFactorTokenService = new TwoFactorTokenService();
var codeValid = twoFactorTokenService.VerifyTwoFactorCodeFor(
partialSignInUser.GetSubjectId(), model.Code);
if (codeValid)
{
return(Redirect(await GetOwinContext().Environment.GetPartialLoginResumeUrlAsync()));
}
return(View("This code is invalid."));
}
private static void PerformTwoFactorAuthentication(PostAuthenticationContext context,
ClaimsPrincipal authenticatedUser)
{
var twoFactorTokenService = new TwoFactorTokenService();
if (twoFactorTokenService.HasVerifiedTwoFactorCode(authenticatedUser.GetSubjectId()))
{
return;
}
twoFactorTokenService.GenerateTwoFactorCodeFor(authenticatedUser.GetSubjectId());
context.AuthenticateResult =
new AuthenticateResult("~/twofactorauthentication", authenticatedUser.GetSubjectId(),
authenticatedUser.GetName(), authenticatedUser.Claims);
}
