C#•2mo ago

✅ .NET Identity can't require 2FA

on registration i set up 2fa and require it to log in:

await userManager.SetTwoFactorEnabledAsync(user, true);

 // get the newly defined key
string? key = await userManager.GetAuthenticatorKeyAsync(user);

// make sure we get the key.
if (string.IsNullOrEmpty(key)) {
    await userManager.ResetAuthenticatorKeyAsync(user);
    key = await userManager.GetAuthenticatorKeyAsync(user);

    if (string.IsNullOrEmpty(key)) {
        throw new NotSupportedException("The user manager must produce an authenticator key.");
    }
}

// Return the shared key and indicate successful registration
return TypedResults.Ok(new RegistrationResponse(key));

await userManager.SetTwoFactorEnabledAsync(user, true);

 // get the newly defined key
string? key = await userManager.GetAuthenticatorKeyAsync(user);

// make sure we get the key.
if (string.IsNullOrEmpty(key)) {
    await userManager.ResetAuthenticatorKeyAsync(user);
    key = await userManager.GetAuthenticatorKeyAsync(user);

    if (string.IsNullOrEmpty(key)) {
        throw new NotSupportedException("The user manager must produce an authenticator key.");
    }
}

// Return the shared key and indicate successful registration
return TypedResults.Ok(new RegistrationResponse(key));

however when i go to login:

 var result = await signInManager.PasswordSignInAsync(login.Email, login.Password, isPersistent, lockoutOnFailure: true);
                
if (result.RequiresTwoFactor) {
    if (!string.IsNullOrEmpty(login.TwoFactorCode))
    {
...

 var result = await signInManager.PasswordSignInAsync(login.Email, login.Password, isPersistent, lockoutOnFailure: true);
                
if (result.RequiresTwoFactor) {
    if (!string.IsNullOrEmpty(login.TwoFactorCode))
    {
...

the initial sign in fails (as expected) and result.RequiresTwoFactor is false. what am i doing wrong?

3 Replies

hutonahill•2mo ago

ok, this gets even stranger. i checked if 2FA was enabled rigth before sign in and it is enabled. do i jus tnot understand how signInManager.PasswordSignInAsync works?

hutonahill•2mo ago

found the docs for the signinresult: https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.signinresult?view=aspnetcore-8.0

SignInResult Class (Microsoft.AspNetCore.Identity)

Represents the result of a sign-in operation.

hutonahill•2mo ago

seems to imply that it works lik i think it does

 
RequiresTwoFactor     

Returns a flag indication whether the user attempting to sign-in requires two factor authentication.

 
RequiresTwoFactor     

Returns a flag indication whether the user attempting to sign-in requires two factor authentication.

i wish PasswordSignInAsync mentioned wether this flag means that the sign in was sucessful. ok. tested replaceing the value with true looks like theres a problem with my ability to sign in period.

Gaming

Programming

✅ .NET Identity can't require 2FA