public ActionResult VerifyAuthenticatorCode(string code) { User user = UserHelper.GetUser(db, User.Identity.Name); if (user != null) { if (user.SecuritySettings.TwoFactorEnabled) { string key = user.SecuritySettings.TwoFactorKey; TimeAuthenticator ta = new TimeAuthenticator(usedCodeManager: usedCodesManager); bool isValid = ta.CheckCode(key, code, user); if (isValid) { return Json(new { result = true }); } return Json(new { error = "Invalid Authentication Code" }); } return Json(new { error = "User does not have Two Factor Authentication enabled" }); } return Json(new { error = "User does not exist" }); }
public ActionResult ConfirmAuthenticatorCode(string code, string returnUrl, bool rememberMe, bool rememberDevice, string deviceName) { User user = (User)Session["AuthenticatedUser"]; if (user != null) { if (user.SecuritySettings.TwoFactorEnabled) { string key = user.SecuritySettings.TwoFactorKey; TimeAuthenticator ta = new TimeAuthenticator(usedCodeManager: usedCodesManager); bool isValid = ta.CheckCode(key, code, user); if (isValid) { // the code was valid, let's log them in! HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, rememberMe, Request.Url.Host.GetDomain(), Request.IsLocal); Response.Cookies.Add(authcookie); if (user.SecuritySettings.AllowTrustedDevices && rememberDevice) { // They want to remember the device, and have allow trusted devices on HttpCookie trustedDeviceCookie = UserHelper.CreateTrustedDeviceCookie(user.Username, Request.Url.Host.GetDomain(), Request.IsLocal); Response.Cookies.Add(trustedDeviceCookie); TrustedDevice device = new TrustedDevice(); device.UserId = user.UserId; device.Name = (string.IsNullOrEmpty(deviceName)) ? "Unknown" : deviceName; device.DateSeen = DateTime.Now; device.Token = trustedDeviceCookie.Value; // Add the token db.TrustedDevices.Add(device); db.SaveChanges(); } if (string.IsNullOrEmpty(returnUrl)) returnUrl = Request.UrlReferrer.AbsoluteUri.ToString(); return Json(new { result = returnUrl }); } return Json(new { error = "Invalid Authentication Code" }); } return Json(new { error = "User does not have Two Factor Authentication enabled" }); } return Json(new { error = "User does not exist" }); }