Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Identity Two Factor not working - Cookie Issue?

Background:

I have been using the Identity-Sample project provided by the Microsoft team here:

I have integrated the Identity-Sample project & prerelease nuget packages into an existing project, that was previously using the latest stable version of Identity.

Problem:

When trying 2FA, inside the Account/SendCode method, there is a call to GetVerifiedUserIdAsync() , which is part of the Microsoft.AspNet.Identity.Owin.SignInManager class. (see the full code here)

GetVerifiedUserIdAsync() is returning null (i.e. it could not find a verified user, even though I have logged in with 1 factor.) I believe that it is not finding the correct cookie.

When I run the Identity-Sample app, my browser shows a _RequestVerificationToken AND TwoFactorCookie & everything works.

When I run my own app, my browser shows ONLY the _RequestVerificationToken cookie & I get null.

Question: (if the cookie is the issue)

How can I get my app to correctly set the cookie when the SignInManager.PasswordSignInAsync(...) method is called (inside Account/Login)?

like image 530
ASX Avatar asked Jul 04 '14 17:07

ASX


1 Answers

In Startup.Auth class register the cookie

app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

In the Login page post action, if you use the new SigninManager.PasswordSigninAsync, it will set the intermittent cookie if 2 FA is enabled on the user and return SignInStatus.RequiresVerification. You can then use SigninManager.GetVerifiedUserAsync should return the user ID

like image 184
Suhas Joshi Avatar answered Oct 27 '22 16:10

Suhas Joshi