public IActionResult AdditionalAuthenticationFactor(string returnUrl, bool rememberLogin) { // Created VM var vm = new AdditionalAuthenticationFactorViewModel() { RememberLogin = rememberLogin, ReturnUrl = returnUrl }; return(View(vm)); }
public async Task <IActionResult> AdditionalAuthenticationFactor( AdditionalAuthenticationFactorViewModel model) { if (ModelState.IsValid) { // read identity from the temporary cookie var info = await HttpContext.AuthenticateAsync("idsrv.2FA"); var tempUser = info?.Principal; if (tempUser == null) { throw new Exception("2FA error"); } var user = _IIDPUserRepository.GetUserBySubjectId(tempUser.GetSubjectId()); // ..... check the code to authenticate the user /// (We need real check in production) that's 123 for demo if (model.Code != "123") { ModelState.AddModelError("code", "2FA code is invalid"); return(View(model)); } // login the user AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); await _events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId, user.Username, clientId : context?.ClientId)); await HttpContext.SignInAsync(user.SubjectId, user.Username, props); // clear the temporary cookie After signin await HttpContext.SignOutAsync("idsrv.2FA"); if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } } return(View(model)); }