require `mfa` claim only when user has `TwoFactorEnabled`
Hi,
I have setup multifactor in my dotnet core MVC API, I have it saving the tokens and validating on your mfa code on login. when you login and enter your code, I set a
mfa claim, which I then check in an AuthorizationHandler.
The thought was that with this AuthorizationHandler it will stop someone bypassing the mfa code-entry part of the 2-step login.
However in my AuthorizationHandler I only want to validate the token if the mfa claim is there when the user has TwoFactorEnabled set on their user. I can't find an easy way to access the user information.
A user without TwoFactorEnabled should still be able to access things
Can anyone think of a solution to this?1 Reply
Do I just set another claim that is for normal login users, and use that? maybe?