Reached wits end with this.
I'm trying to automate the process of two factor authentication in Asp.Net identity so that we don't challenge users for a security code every time.
Currently, the code looks like this:
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
// other cases
case SignInStatus.RequiresVerification:
int challengeFrequency = Convert.ToInt16(ConfigurationManager.AppSettings["ChallengeFrequency"]);
Random rnd = new Random();
if (rnd.Next(1, challengeFrequency + 1) == 1)
{
return RedirectToAction("SendCode", new { returnUrl = returnUrl });
}
else
{
var token = await UserManager.GenerateTwoFactorTokenAsync(user.Id, "Phone Code");
await SignInManager.HasBeenVerifiedAsync();
await SignInManager.TwoFactorSignInAsync("Phone Code", token, false, false);
return RedirectToLocal(returnUrl);
}
}Which is - as far as I can see - the same sequence of function calls used in the process of sending a user an SMS call.
In my code the token is generated, but then the call to
SignInManager.HasBeenVerifiedAsync()seems to behave erratically. Sometimes it returns true and the user is signed in as desired. Other times it returns false and the sign-in fails. Occasionally it returns null and the sign-in fails.
Documentation on this method seems extremely sparse. Can anyone please help with this? I cannot find a way into this problem at all.