示例#1
0
            //根据密钥获取验证码
            public static string getCodeFromSecret(string secret)
            {
                secretKey = secret;
                var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();

                return(authenticator.GetCode(secretKey));
            }
 public ViewModel()
 {
     var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
     this.Key = TwoStepsAuthenticator.Authenticator.GenerateKey();
     timer = new DispatcherTimer(TimeSpan.FromSeconds(1), DispatcherPriority.Normal, timerCallback, App.Current.Dispatcher);
     timer.Start();
 }
示例#3
0
        public ViewModel()
        {
            var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();

            this.Key = TwoStepsAuthenticator.Authenticator.GenerateKey();
            timer    = new DispatcherTimer(TimeSpan.FromSeconds(1), DispatcherPriority.Normal, timerCallback, App.Current.Dispatcher);
            timer.Start();
        }
示例#4
0
        internal void GetCode()
        {
            var auth = new TwoStepsAuthenticator.TimeAuthenticator();

            Code = auth.GetCode(this.Key);

            auth.CheckCode(key, Code, "user");
        }
示例#5
0
        public static string SendCodeSms(string secret, int time = 30)
        {
            var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(null, null, time);
            var code          = authenticator.GetCode(secret);

            Console.WriteLine(code);
            Console.WriteLine(secret);
            return(code);
        }
示例#6
0
            private static string secretKey;//模拟客户端保存的密钥//应加密后存储在客户端中

            //获取验证码
            public static string getCodeFromSecret()
            {
                if (secretKey == null)
                {
                    throw new NullReferenceException("当前密钥为空!");
                }
                else
                {
                    var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                    return(authenticator.GetCode(secretKey));
                }
            }
        public ActionResult DoubleAuth(string code)
        {
            WebsiteUser user = (WebsiteUser)Session["AuthenticatedUser"];
            var auth = new TwoStepsAuthenticator.TimeAuthenticator(usedCodeManager: usedCodesManager);
            if (auth.CheckCode(user.DoubleAuthKey, code, user))
            {
                FormsAuthentication.SetAuthCookie(user.Login, true);
                return RedirectToAction("Welcome");
            }

            return RedirectToAction("Index");
        }
示例#8
0
        public ActionResult DoubleAuth(string code)
        {
            WebsiteUser user = (WebsiteUser)Session["AuthenticatedUser"];
            var         auth = new TwoStepsAuthenticator.TimeAuthenticator(usedCodeManager: usedCodesManager);

            if (auth.CheckCode(user.DoubleAuthKey, code, user))
            {
                FormsAuthentication.SetAuthCookie(user.Login, true);
                return(RedirectToAction("Welcome"));
            }

            return(RedirectToAction("Index"));
        }
示例#9
0
            private static string secretKey;//模拟服务端保存的密钥//应加密后存储在服务器中

            //验证密钥
            public static bool verifySecret(string userCode)
            {
                if (secretKey == null)
                {
                    throw new NullReferenceException("当前密钥为空!");
                }
                else
                {
                    var secret        = secretKey;
                    var code          = userCode;
                    var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                    return(authenticator.CheckCode(secret, code, "user特朗普"));
                }
            }
示例#10
0
        public ReponseApi ValidateCodeMicrosoft(DataValidateMicrosoft par)
        {
            ReponseApi res = new ReponseApi();

            res.Codigo    = 0;
            res.Mensaje   = "";
            res.Respuesta = null;

            try
            {
                if (string.IsNullOrEmpty(par.Cuenta))
                {
                    res.Mensaje = "La Cuenta no puede ser nula";
                }
                else if (string.IsNullOrEmpty(par.Secreto))
                {
                    res.Mensaje = "El Emisor no puede ser nulo";
                }
                else if (string.IsNullOrEmpty(par.Codigo))
                {
                    res.Mensaje = "El Codigo no puede ser nulo";
                }
                else
                {
                    var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();

                    bool isok = authenticator.CheckCode(par.Secreto, par.Codigo, par.Cuenta);

                    if (isok != true)
                    {
                        res.Mensaje = "El Código ingresado no es correcto";
                    }
                    else
                    {
                        res.Codigo  = 1;
                        res.Mensaje = "Código Válido";
                    }
                }
            }
            catch (Exception ex)
            {
                //Log Error
                _logger.Log(LogLevel.Error, ex, ex.Message);
            }

            return(res);
        }
        public async Task <IActionResult> AdditionalAuthenticationFactor(
            AdditionalAuthenticationFactorViewModel model)
        {
            // check if we are in the context of an authorization request
            var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);

            if (ModelState.IsValid)
            {
                // read identity from the temporary cookie
                var result = await HttpContext.AuthenticateAsync("idsrv.mfa");

                if (result?.Succeeded != true)
                {
                    throw new Exception("MFA authentication error");
                }

                var subject = result.Principal.FindFirst(JwtClaimTypes.Subject)?.Value;

                var user = await _localUserService.GetUserBySubjectAsync(subject);

                var userSecret = await _localUserService.GetUserSecret(subject, "TOTP");

                var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                if (!authenticator.CheckCode(userSecret.Secret, model.Totp, user))
                {
                    ModelState.AddModelError("totp", "TOTP is invalid.");
                    return(View(model));
                }

                await _events.RaiseAsync(
                    new UserLoginSuccessEvent(
                        user.Username,
                        user.Subject,
                        user.Username,
                        clientId : context?.Client.ClientId));

                // only set explicit expiration here if user chooses "remember me".
                // otherwise we rely upon expiration configured in cookie middleware.
                AuthenticationProperties props = null;
                if (AccountOptions.AllowRememberLogin && model.RememberLogin)
                {
                    props = new AuthenticationProperties
                    {
                        IsPersistent = true,
                        ExpiresUtc   =
                            DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
                    };
                }
                ;

                // delete temporary cookie used during mfa
                await HttpContext.SignOutAsync("idsrv.mfa");

                // issue authentication cookie with subject ID and username
                var isuser = new IdentityServerUser(user.Subject)
                {
                    DisplayName = user.Username
                };

                await HttpContext.SignInAsync(isuser, props);

                if (context != null)
                {
                    if (context.IsNativeClient())
                    {
                        // The client is native, so this change in how to
                        // return the response is for better UX for the end user.
                        return(this.LoadingPage("Redirect", model.ReturnUrl));
                    }

                    // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
                    return(Redirect(model.ReturnUrl));
                }

                // request for a local page
                if (Url.IsLocalUrl(model.ReturnUrl))
                {
                    return(Redirect(model.ReturnUrl));
                }
                else if (string.IsNullOrEmpty(model.ReturnUrl))
                {
                    return(Redirect("~/"));
                }
                else
                {
                    // user might have clicked on a malicious link - should be logged
                    throw new Exception("invalid return URL");
                }
            }

            return(View(model));
        }
        public static async Task <string> GenerateCode(UserManager <ApplicationUser> userManager, ApplicationUser user,
                                                       string typeGenerate)
        {
            try
            {
                var secret = TwoStepsAuthenticator.Authenticator.GenerateKey();
                Console.WriteLine(secret);
                var oldJsonSecretKey = user.ListSecretKeySms;
                var secretSmsKey     = new SecretSmsKey();
                if (!string.IsNullOrEmpty(oldJsonSecretKey))
                {
                    secretSmsKey = SecretSmsKey.FromJson(user.ListSecretKeySms);
                }

                switch (typeGenerate)
                {
                case Const.TypeGenerateChangePassword:
                    secretSmsKey.ChangePassword = secret;
                    break;

                case Const.TypeGenerateChangeOldPhoneNumber:
                    secretSmsKey.ChangePhoneOldPhone = secret;
                    break;

                case Const.TypeGenerateChangeNewPhoneNumber:
                    secretSmsKey.ChangePhoneNewPhone = secret;
                    break;

                case Const.TypeGenerateChangeConfirmPhoneNumber:
                    secretSmsKey.ChangePhoneConfirmPhone = secret;
                    break;

                case Const.TypeGenerateChangeTwoFactor:
                    secretSmsKey.ChangeTwoFactor = secret;
                    break;

                case Const.TypeGenerateLockAccount:
                    secretSmsKey.LockAccount = secret;
                    break;

                case Const.TypeGenerateUnlockAccount:
                    secretSmsKey.UnlockAccount = secret;
                    break;

                case Const.TypeGenerateAddPhoneNumber:
                    secretSmsKey.AddPhoneNumber = secret;
                    break;

                case Const.TypeGenerateAddLockScreen:
                    secretSmsKey.AddLockScreen = secret;
                    break;

                case Const.TypeGenerateLogin:
                    secretSmsKey.Login = secret;
                    break;

                default:
                    return(null);
                }

                var newJsonListSecretSms = SecretSmsKey.ToJson(secretSmsKey);
                user.ListSecretKeySms = newJsonListSecretSms;
                await userManager.UpdateAsync(user);

                var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                var code          = authenticator.GetCode(secret);
                var message       = "Vakaxa security code is: " + code;
                Console.WriteLine(message);
                return(message);
            }
            catch (Exception e)
            {
                Logger.LogError("SecurityController ==>> GenerateCode: " + e.Message);
                return(null);
            }
        }
        internal void GetCode()
        {
            var auth = new TwoStepsAuthenticator.TimeAuthenticator();
            Code = auth.GetCode(this.Key);

            auth.CheckCode(key, Code);
        }
示例#14
0
        public static bool CheckCodeSms(string secret, string token, User model, int time = 30)
        {
            var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(null, null, time);

            return(authenticator.CheckCode(secret, token, model));
        }
示例#15
0
        public string VerifyCodeEnable([FromBody] JObject value = null)
        {
            try
            {
                var userModel = (User)RouteData.Values[ParseDataKeyApi.KEY_PASS_DATA_USER_MODEL];

                if (userModel.IsTwoFactor == 2)
                {
                    if (!value.ContainsKey(ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE))
                    {
                        return(HelpersApi.CreateDataError(MessageApiError.PARAM_INVALID));
                    }

                    var code          = value[ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE].ToString();
                    var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();

                    var secretAuthToken = ActionCode.FromJson(userModel.SecretAuthToken);

                    if (string.IsNullOrEmpty(secretAuthToken.CustomTwofa))
                    {
                        return(HelpersApi.CreateDataError(MessageApiError.SMS_VERIFY_ERROR));
                    }

                    var isOk = authenticator.CheckCode(secretAuthToken.CustomTwofa, code, userModel);

                    if (!isOk)
                    {
                        return(HelpersApi.CreateDataError(MessageApiError.SMS_VERIFY_ERROR));
                    }
                }
                else if (userModel.IsTwoFactor == 0)
                {
                    if (value.ContainsKey(ParseDataKeyApi.KEY_TWO_FA_VERIFY_CODE_ENABLE_CODE))
                    {
                        return(HelpersApi.CreateDataError(MessageApiError.PARAM_INVALID));
                    }
                }


                var google = new GoogleAuthen.TwoFactorAuthenticator();

                var secretKey = CommonHelper.RandomString(32);

                var startSetup = google.GenerateSetupCode(userModel.Email, secretKey, 300, 300);

                userModel.TwoFactorSecret = secretKey;
                Console.WriteLine(secretKey);
                var resultUpdate = _userBusiness.UpdateProfile(userModel);

                if (resultUpdate.Status == Status.STATUS_ERROR)
                {
                    return(resultUpdate.ToJson());
                }

                return(new ReturnObject
                {
                    Status = Status.STATUS_SUCCESS,
                    Data = startSetup.ManualEntryKey
                }.ToJson());
            }
            catch (Exception e)
            {
                _logger.Error(KeyLogger.TWOFA_ENABLE_VERIFY + e);
                return(HelpersApi.CreateDataError(e.Message));
            }
        }
        /// <summary>
        /// VerifyCode by type generate
        /// </summary>
        /// <param name="user"></param>
        /// <param name="code"></param>
        /// <param name="typeGenerate"></param>
        /// <returns></returns>
        public static bool VerifyCodeSms(ApplicationUser user, string code, string typeGenerate)
        {
            try
            {
                var    secretSmsKey = SecretSmsKey.FromJson(user.ListSecretKeySms);
                string secret;
                switch (typeGenerate)
                {
                case Const.TypeGenerateChangePassword:
                    secret = secretSmsKey.ChangePassword;
                    break;

                case Const.TypeGenerateChangeOldPhoneNumber:
                    secret = secretSmsKey.ChangePhoneOldPhone;
                    break;

                case Const.TypeGenerateChangeNewPhoneNumber:
                    secret = secretSmsKey.ChangePhoneNewPhone;
                    break;

                case Const.TypeGenerateChangeConfirmPhoneNumber:
                    secret = secretSmsKey.ChangePhoneConfirmPhone;
                    break;

                case Const.TypeGenerateChangeTwoFactor:
                    secret = secretSmsKey.ChangeTwoFactor;
                    break;

                case Const.TypeGenerateLockAccount:
                    secret = secretSmsKey.LockAccount;
                    break;

                case Const.TypeGenerateUnlockAccount:
                    secret = secretSmsKey.UnlockAccount;
                    break;

                case Const.TypeGenerateAddPhoneNumber:
                    secret = secretSmsKey.AddPhoneNumber;
                    break;

                case Const.TypeGenerateAddLockScreen:
                    secret = secretSmsKey.AddLockScreen;
                    break;

                case Const.TypeGenerateLogin:
                    secret = secretSmsKey.Login;
                    break;

                default:
                    return(false);
                }

                if (string.IsNullOrEmpty(secret))
                {
                    return(false);
                }

                var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                var isCheck       = authenticator.CheckCode(secret, code, user);
                return(isCheck);
            }
            catch (Exception e)
            {
                Logger.LogError("SecurityController ==>> VerifyCode: " + e.Message);
                return(false);
            }
        }
示例#17
0
        public async Task <string> Totp(LoginModel loginModel)
        {
            var result = await _userManager.FindAsync(loginModel.UserName, loginModel.Password);

            var code = new TwoStepsAuthenticator.TimeAuthenticator();
        }
        public async Task <IActionResult> Login(LoginInputModel model, string button)
        {
            // check if we are in the context of an authorization request
            var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);

            // the user clicked the "cancel" button
            if (button != "login")
            {
                if (context != null)
                {
                    // if the user cancels, send a result back into IdentityServer as if they
                    // denied the consent (even if this client does not require consent).
                    // this will send back an access denied OIDC error response to the client.
                    await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);

                    // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
                    if (await _clientStore.IsPkceClientAsync(context.ClientId))
                    {
                        // if the client is PKCE then we assume it's native, so this change in how to
                        // return the response is for better UX for the end user.
                        return(View("Redirect", new RedirectViewModel {
                            RedirectUrl = model.ReturnUrl
                        }));
                    }

                    return(Redirect(model.ReturnUrl));
                }
                else
                {
                    // since we don't have a valid context, then we just go back to the home page
                    return(Redirect("~/"));
                }
            }

            if (ModelState.IsValid)
            {
                // validate username/password against in-memory store
                if (await _localUserService.ValidateCredentialsAsync(
                        model.Username, model.Password))
                {
                    var user = await _localUserService.GetUserByUserNameAsync(model.Username);

                    // issue temporary authentication ticket
                    var temporaryIdentity = new ClaimsIdentity();
                    temporaryIdentity.AddClaim(new Claim(JwtClaimTypes.Subject, user.Subject));

                    await HttpContext.SignInAsync("idsrv.mfa", new ClaimsPrincipal(temporaryIdentity));

                    // if there's no TOTP secret registered for this user, send an OTP via
                    // mail as backup
                    if (!(await _localUserService.UserHasRegisteredTotpSecret(user.Subject)))
                    {
                        // generate OTP
                        var authenticator = new TwoStepsAuthenticator.TimeAuthenticator();
                        var totp          = authenticator.GetCode(_totpSecret);

                        // send OTP by mail (fake this by writing it to the debug output window)
                        Debug.WriteLine($"OTP: {totp}");
                    }

                    var redirectToAdditionalFactorUrl =
                        Url.Action("AdditionalAuthenticationFactor",
                                   new
                    {
                        returnUrl     = model.ReturnUrl,
                        rememberLogin = model.RememberLogin
                    });

                    return(Redirect(redirectToAdditionalFactorUrl));
                }

                await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials", clientId : context?.ClientId));

                ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage);
            }

            // something went wrong, show form with error
            var vm = await BuildLoginViewModelAsync(model);

            return(View(vm));
        }