public async Task <ActionResult> SendCode(CodeViewModel codeViewModel) { if (codeViewModel == null) { throw new ArgumentNullException(nameof(codeViewModel)); } await SetUser(); if (!ModelState.IsValid) { await TranslateView(DefaultLanguage); return(View(codeViewModel)); } // 1. Check user is authenticated var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, SimpleIdentityServer.Host.Constants.TwoFactorCookieName); if (authenticatedUser == null || authenticatedUser.Identity == null || !authenticatedUser.Identity.IsAuthenticated) { throw new IdentityServerException( SimpleIdentityServer.Core.Errors.ErrorCodes.UnhandledExceptionCode, SimpleIdentityServer.Core.Errors.ErrorDescriptions.TwoFactorAuthenticationCannotBePerformed); } // 2. Validate the code if (!await _authenticateActions.ValidateCode(codeViewModel.Code)) { await TranslateView(DefaultLanguage); ModelState.AddModelError("Code", "confirmation code is not valid"); _simpleIdentityServerEventSource.ConfirmationCodeNotValid(codeViewModel.Code); return(View(codeViewModel)); } // 3. Remove the code if (!await _authenticateActions.RemoveCode(codeViewModel.Code)) { await TranslateView(DefaultLanguage); ModelState.AddModelError("Code", "an error occured while trying to remove the code"); return(View(codeViewModel)); } // 4. Authenticate the resource owner await _authenticationService.SignOutAsync(HttpContext, SimpleIdentityServer.Host.Constants.TwoFactorCookieName, new Microsoft.AspNetCore.Authentication.AuthenticationProperties()); await SetLocalCookie(authenticatedUser.Claims, Guid.NewGuid().ToString()); return(RedirectToAction("Index", "User")); }