GetTwoFactorAuthenticationUserAsync(); #9
Comments
|
This should work, I'll have a look Greetings Damien |
|
Hello Damien, I forgot to mention that I made some changes in the code make the solution work in a subfolder (which was quite a trial and error effort). Could there be a relation? |
|
I'm afraid my diagnosis was incorrect: it does work on localhost in both dev and release modes, but it fails when published. I publish in self-contained win-x64, running out-of-process. Any clue? Nico |
|
This should work as well, the app.setting for the domain needs to mathc with your deployment Greetings Damien |
|
It does match, Damien, or it would not work at all. I have serverDomain and origin matching the deployment. That is to say, both without the folder name I deployed into, which is the same as I do for localhost. I believe serverName can be anything, and I did not touch timestampDriftTolerance (the server time is correct) or MDSAccessKey. |
|
It looks like something is going wrong in the AuthenticationHandler. Can't figure it out yet. It is just not stable - it works at times, and then suddenly it doesn't. |
|
Hi Damien, let's close this issue - it is not in your code. At times I get an error from navigator.credentials.get, about the operation not being allowed. In Edge, a reference is shown to https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client. |
|
@nicowitteman Could you post a comment when you find a solution? Would be interesting Greetings Damien |
|
Hi Damien, I have new insights: in the cases SignInManager returns null and therefore the login fails, the preceding /mfassertionOptions POST had not included the Identity.TwoFactorUserId cookie, even though the browser shows it as being present. This happens mostly using the Firefox browser, but also Chrome and Edge fail occasionally. Safari on my iPhone on the other hand always works as expected. Does this behaviour ring a bell? |
|
@nicowitteman Have not experienced this, thanks for the feedback. |
|
I think I got it, finally: since I deployed my solution in a folder, and the Identity.TwoFactorUserId-cookie is stored with the path=folder, no cookie was found when the url wasn't all lowercase. This, and case-sensitivity of cookies! So it worked when I went to /fido2mfa/login, but it didn't when I went to /Fido2MFA/login. Now I force all url's to lowercase in web.config, the cookie is created with the lowercase pathname and no cookie confusion is possbile anymore. |
|
great you got it working, congrats. Thanks for the feedback as well. Greetings Damien |
await _signInManager.GetTwoFactorAuthenticationUserAsync() always returns null in release version, while it does function in development mode. I do see a cookie named Identity.TwoFactorUserId being set after the first step of logging in.
My environment is .NET 5.0
The text was updated successfully, but these errors were encountered: