C
C#2y ago
Simo

require `mfa` claim only when user has `TwoFactorEnabled`

Hi, I have setup multifactor in my dotnet core MVC API, I have it saving the tokens and validating on your mfa code on login. when you login and enter your code, I set a mfa claim, which I then check in an AuthorizationHandler. The thought was that with this AuthorizationHandler it will stop someone bypassing the mfa code-entry part of the 2-step login. However in my AuthorizationHandler I only want to validate the token if the mfa claim is there when the user has TwoFactorEnabled set on their user. I can't find an easy way to access the user information. A user without TwoFactorEnabled should still be able to access things Can anyone think of a solution to this?
1 Reply
Simo
Simo2y ago
Do I just set another claim that is for normal login users, and use that? maybe?
Want results from more Discord servers?
Add your server
More Posts
Does new {} create a new object that needs to be garbage collected? [Answered]``` catch(Exception ex) { return StatusCode(500, new { Message= ex.MessagWhat does null! do in EF CORE? [Answered]Hi, I've used scaffold db to generate models from existing table and I noticed this interesting pattProject wont runExecutable in debug won´t run when moving project folder to another locationRecursively compressing image as webp```cs long len = image.Length; using var readStream = image.OpenRead