10

Background:

I have been using the Identity-Sample project provided by the Microsoft team here:

I have integrated the Identity-Sample project & prerelease nuget packages into an existing project, that was previously using the latest stable version of Identity.

Problem:

When trying 2FA, inside the Account/SendCode method, there is a call to GetVerifiedUserIdAsync() , which is part of the Microsoft.AspNet.Identity.Owin.SignInManager class. (see the full code here)

GetVerifiedUserIdAsync() is returning null (i.e. it could not find a verified user, even though I have logged in with 1 factor.) I believe that it is not finding the correct cookie.

When I run the Identity-Sample app, my browser shows a _RequestVerificationToken AND TwoFactorCookie & everything works.

When I run my own app, my browser shows ONLY the _RequestVerificationToken cookie & I get null.

Question: (if the cookie is the issue)

How can I get my app to correctly set the cookie when the SignInManager.PasswordSignInAsync(...) method is called (inside Account/Login)?

John Saunders
  • 157,405
  • 24
  • 229
  • 388
ASX
  • 625
  • 7
  • 17
  • I'm confused. `GetVerfiedUserIdAsync()` *SHOULD* return null if you haven't verified your user (you say you have only done 1 factor), so what is the problem? – Erik Funkenbusch Jul 04 '14 at 17:53
  • thanks for taking a look -- I believe GetVerifiedUserIdAsync() should provide the userId (User.Identity.GetUserId()) when signed in with 1 factor. That's what it seems to do in the sample app provided by the Microsoft team... – ASX Jul 04 '14 at 17:57
  • so to clarify, still looking for an answer, if anyone has insights... – ASX Jul 06 '14 at 05:05

1 Answers1

17

In Startup.Auth class register the cookie

app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

In the Login page post action, if you use the new SigninManager.PasswordSigninAsync, it will set the intermittent cookie if 2 FA is enabled on the user and return SignInStatus.RequiresVerification. You can then use SigninManager.GetVerifiedUserAsync should return the user ID

Suhas Joshi
  • 1,012
  • 9
  • 11
  • 1
    1> I have called SigninManager.PasswordSigninAsync; 2> I am receiving SignInStatus.RequiresVerification. 3> But I am getting null When I am calling await SignInManager.GetVerifiedUserIdAsync(); what I am doing wrong? – Md. Tazbir Ur Rahman Bhuiyan Mar 16 '16 at 06:31
  • I have the same problem as @TazbirBhuiyan. I got it to work a few times, but it stopped. – Christian Droulers Nov 09 '16 at 21:40
  • 1
    I was having this problem and it was because I was calling SignInManager.GetVerifiedUserIdAsync() in the same request as the username/password POST which is before the cookie had been set. If you need the UserId at this point you can use _userManager.FindByEmailAsync() and pass in the username then use the response to get the Id of the User. – Jonathan Nov 23 '18 at 11:46