public IActionResult Index()
{ // Create a ServiceClient to communicate with service-facing endpoint on your hub.
serviceClient = ServiceClient.CreateFromConnectionString(ServiceClientConnectionString);
var uniqueId = Guid.NewGuid().ToString();
var correlationId = Guid.NewGuid().ToString("N");
InvokeMethod("admin", uniqueId, correlationId).GetAwaiter().GetResult();
CreateTableAndAddRequest("admin", uniqueId, correlationId).GetAwaiter().GetResult();
var secondFactorModel = new SecondFactorModel()
{
PartitionKey = "admin",
RowKey = uniqueId,
CorrelationId = correlationId,
};
return(View(secondFactorModel));
}
public ActionResult SecondFactor(SecondFactorModel model, string returnUrl)
{
var user = TempData[CurrentUserTempDataKey] as MvcTFAProfile;
TempData.Keep();
if (user != null)
{
var secretKey = Base32Encoder.FromBase32String(user.SecretKey);
var currentInterval = GoogleAuthenticator.CurrentInterval;
var secondFactorMatched = false;
// The currentInterval +- 1 has been added to allow for devices which are slightly out of sync
// to connect still, this does decrease the security of the application slightly but I feel that
// the modification is an acceptable usability/security compromise.
if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval) == model.SecondFactor)
{
secondFactorMatched = true;
}
else if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval + 1) == model.SecondFactor)
{
secondFactorMatched = true;
}
else if (GoogleAuthenticator.GeneratePin(secretKey, currentInterval - 1) == model.SecondFactor)
{
secondFactorMatched = true;
}
if (secondFactorMatched)
{
var rememberMe = TempData[RememberMeTempDataKey] != null && (bool)TempData[RememberMeTempDataKey];
FormsAuthentication.SetAuthCookie(user.UserName, rememberMe);
return(RedirectToLocal(returnUrl));
}
ModelState.AddModelError("SecondFactor", "The one time password you speccified is incorrect");
}
else
{
ModelState.AddModelError("", "A problem occurred while retrieving your session");
}
return(View(model));
}
