private string GetEmailAddressFromExternalLoginResult(AuthenticateExternalLoginResult result, out string errorReason) { try { var userInformation = result.Authenticator?.GetIdentityInformation(result.ExternalIdentity); errorReason = null; return(userInformation.Email); } catch (ArgumentException ex) { errorReason = ex.Message; return(null); } }
internal bool ShouldEnforceMultiFactorAuthentication(AuthenticateExternalLoginResult result) { if (result?.Authenticator == null || result.Authentication == null) { return(false); } // Enforce multi-factor authentication only if: // 1. The authenticator supports multi-factor authentication, otherwise no use. // 2. The user has enabled multi-factor authentication for their account. // 3. The user authenticated with the personal microsoft account. AAD 2FA policy is controlled by the tenant admins. // 4. The user did not use the multi-factor authentication for the session, obviously. return(result.Authenticator.SupportsMultiFactorAuthentication() && result.Authentication.User.EnableMultiFactorAuthentication && !result.LoginDetails.WasMultiFactorAuthenticated && result.Authentication.CredentialUsed.IsExternal() && (CredentialTypes.IsMicrosoftAccount(result.Authentication.CredentialUsed.Type))); }