private async void Button_Click_1(object sender, RoutedEventArgs e) { CancelAddButton.IsEnabled = false; AddKeyButton.IsEnabled = false; AddKeyButton.Content = "Processing..."; IAuthMethodInfo authMethod = new TokenAuthMethodInfo(Properties.Settings.Default.VaultToken); var vaultClientSettings = new VaultClientSettings(Properties.Settings.Default.VaultURL, authMethod); IVaultClient vaultClient = new VaultClient(vaultClientSettings); TOTPCreateKeyRequest createKeyRequest = new TOTPCreateKeyRequest { AccountName = ProductBox.Text, Algorithm = "SHA1", Period = "30", Issuer = VendorBox.Text, KeyGenerationOption = new TOTPNonVaultBasedKeyGeneration { AccountName = ProductBox.Text, Issuer = VendorBox.Text, Key = SecretBox.Text, }, }; Secret <TOTPCreateKeyResponse> createResponse = await vaultClient.V1.Secrets.TOTP.CreateKeyAsync(Guid.NewGuid().ToString(), createKeyRequest); this.DialogResult = true; this.Close(); }
public async Task <IActionResult> EnableTwoFactorAuth() { if (User.HasClaim(c => c.Type == VaultClaims.Capability && c.Value == "2fa")) { return(BadRequest()); } if (User.HasClaim(c => c.Type == VaultClaims.Capability && c.Value == "2fa-unconfirmed")) { return(RedirectToRoute("confirm-2fa")); } var vaultClient = CreateVaultUserClient(); var req = new TOTPCreateKeyRequest() { Issuer = _vaultSettings.TotpIssuer, AccountName = $"{User.Identity.Name}@{_vaultSettings.TotpIssuer}" }; var totpSecret = await vaultClient.V1.Secrets.TOTP.CreateKeyAsync(User.Identity.Name, req); TempData["TotpBarCode"] = totpSecret.Data.Barcode; // create a new identity from the old one // & refresh authentication cookie with the new claim set var identity = new ClaimsIdentity(User.Identity); identity.AddClaim(new Claim(VaultClaims.Capability, "2fa-unconfirmed")); var authProperties = new AuthenticationProperties(); await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity), authProperties); return(RedirectToRoute("confirm-2fa")); }