public async Task <IActionResult> VerifyAuthenticatorCode(VerifyAuthenticatorCodeViewModel model) { if (!ModelState.IsValid) { return(View(model)); } // The following code protects for brute force attacks against the two factor codes. // If a user enters incorrect codes for a specified amount of time then the user account // will be locked out for a specified amount of time. var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(model.Code, model.RememberMe, model.RememberBrowser); if (result.Succeeded) { return(RedirectToLocal(model.ReturnUrl)); } if (result.IsLockedOut) { _logger.LogWarning(7, "User account locked out."); return(View("Lockout")); } else { ModelState.AddModelError(string.Empty, "Invalid code."); return(View(model)); } }
public async Task <IActionResult> VerifyAuthenticatorCode(VerifyAuthenticatorCodeViewModel model) { if (!this.ModelState.IsValid) { return(this.View(model)); } // The following code protects for brute force attacks against the two factor codes. // If a user enters incorrect codes for a specified amount of time then the user account // will be locked out for a specified amount of time. var result = await this.signInManager.TwoFactorAuthenticatorSignInAsync(model.Code, model.RememberMe, model.RememberBrowser); if (result.Succeeded) { var user = await this.signInManager.GetTwoFactorAuthenticationUserAsync(); var userProfile = await this.accountManager.ProfileGet(user.Email); userProfile.UserToken = Guid.NewGuid().ToString(); userProfile.UserSessionId = this.HttpContext.Session.Id; SecurityCacheManager.SetUserProfile(userProfile, userProfile.UserSessionId); return(this.RedirectToLocal(model.ReturnUrl)); } if (result.IsLockedOut) { return(this.View("Lockout")); } else { this.ModelState.AddModelError(string.Empty, "Invalid code."); return(this.View(model)); } }