问题
Background:
I have been using the Identity-Sample project provided by the Microsoft team here:
I have integrated the Identity-Sample project & prerelease nuget packages into an existing project, that was previously using the latest stable version of Identity.
Problem:
When trying 2FA, inside the Account/SendCode method, there is a call to GetVerifiedUserIdAsync() , which is part of the Microsoft.AspNet.Identity.Owin.SignInManager class. (see the full code here)
GetVerifiedUserIdAsync() is returning null (i.e. it could not find a verified user, even though I have logged in with 1 factor.) I believe that it is not finding the correct cookie.
When I run the Identity-Sample app, my browser shows a _RequestVerificationToken AND TwoFactorCookie & everything works.
When I run my own app, my browser shows ONLY the _RequestVerificationToken cookie & I get null.
Question: (if the cookie is the issue)
How can I get my app to correctly set the cookie when the SignInManager.PasswordSignInAsync(...) method is called (inside Account/Login)?
回答1:
In Startup.Auth class register the cookie
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
In the Login page post action, if you use the new SigninManager.PasswordSigninAsync, it will set the intermittent cookie if 2 FA is enabled on the user and return SignInStatus.RequiresVerification. You can then use SigninManager.GetVerifiedUserAsync should return the user ID
来源:https://stackoverflow.com/questions/24578977/asp-net-identity-two-factor-not-working-cookie-issue