public ActionResult VerifyFactor()
{
var isMfaRequiredFlow = (bool)Session["isMfaRequiredFlow"];
if (isMfaRequiredFlow)
{
// Assuming Phone: Send code to phone
var verifyFactorOptions = new VerifySmsFactorOptions
{
StateToken = Session["stateToken"].ToString(),
FactorId = Session["factorId"].ToString(),
};
_oktaAuthenticationClient.VerifyFactorAsync(verifyFactorOptions).ConfigureAwait(false);
}
var viewModel = new VerifyFactorViewModel
{
IsMfaRequiredFlow = isMfaRequiredFlow,
};
return(View(viewModel));
}
public async Task <ActionResult> VerifyFactorAsync(VerifyFactorViewModel model)
{
if (!ModelState.IsValid)
{
return(View("VerifyFactor", model));
}
if (model.IsMfaRequiredFlow)
{
// Valid for both SMS and/or email
var verifyFactorOptions = new VerifyTotpFactorOptions
{
StateToken = Session["stateToken"].ToString(),
FactorId = Session["factorId"].ToString(),
PassCode = model.Code,
};
try
{
var authnResponse = await _oktaAuthenticationClient.VerifyFactorAsync(verifyFactorOptions)
.ConfigureAwait(false);
if (authnResponse.AuthenticationStatus == AuthenticationStatus.Success)
{
var username = authnResponse.Embedded
.GetProperty <Resource>("user")
.GetProperty <Resource>("profile")
.GetProperty <string>("login");
var identity = new ClaimsIdentity(
new[] { new Claim(ClaimTypes.Name, username) },
DefaultAuthenticationTypes.ApplicationCookie);
_authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = (bool)Session["rememberMe"]
}, identity);
return(RedirectToAction("Index", "Home"));
}
throw new NotImplementedException($"Unhandled Authentication Status {authnResponse.AuthenticationStatus}");
}
catch (Exception exception)
{
ModelState.AddModelError(string.Empty, exception.Message);
return(View("VerifyFactor", model));
}
}
else
{
var acitvateFactorOptions = new ActivateFactorOptions
{
PassCode = model.Code,
StateToken = Session["stateToken"].ToString(),
FactorId = Session["factorId"].ToString(),
};
try
{
var authnResponse =
await _oktaAuthenticationClient.ActivateFactorAsync(acitvateFactorOptions).ConfigureAwait(false);
if (authnResponse.AuthenticationStatus == AuthenticationStatus.MfaEnroll)
{
// check for skip
if (authnResponse.Links["skip"] != null)
{
authnResponse = await _oktaAuthenticationClient.SkipTransactionStateAsync(
new TransactionStateOptions
{
StateToken = Session["stateToken"].ToString(),
}).ConfigureAwait(false);
}
}
if (authnResponse.AuthenticationStatus == AuthenticationStatus.Success)
{
var username = authnResponse.Embedded
.GetProperty <Resource>("user")
.GetProperty <Resource>("profile")
.GetProperty <string>("login");
var identity = new ClaimsIdentity(
new[] { new Claim(ClaimTypes.Name, username) },
DefaultAuthenticationTypes.ApplicationCookie);
_authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = (bool)Session["rememberMe"]
}, identity);
return(RedirectToAction("Index", "Home"));
}
throw new NotImplementedException($"Unhandled Authentication Status {authnResponse.AuthenticationStatus}");
}
catch (Exception exception)
{
ModelState.AddModelError(string.Empty, exception.Message);
return(View("VerifyFactor", model));
}
}
}
