I am implementing 2FA for users in Umbraco 8 backoffice and I have the most of it working. But I got stuck at a point where I need user data but I cannot figure out how to get it.
I need to know which user is logging in after he/she/it has entered the credentials and lands on the 2FA custom login page but before submitting a code on that page.
The additional login 2FA page is shown via
public string GetTwoFactorView(IOwinContext owinContext, UmbracoContext umbracoContext, string username) =>
PackageConstants.PathToMfaHtmlTemplate;
and in the controller I got access to the services:
userService
authResource
Unfortunately, both services doesn't seem to have the user data yet I need. It seems the user data is available after calling executing the verify2FACode:
authResource.verify2FACode(providerName, quoted($scope.code)).then(
data => {
userService.setAuthenticationSuccessful(data);
//Normally, this should be $scope.submit(true);
//But this isn't working in umbraco 8, probably a bug?.
//For more info, check https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator/issues/1
$scope.$parent.vm.onLogin();
},
() => $scope.pinCodeMessage = pinCodInvalidMessage
);
The data in setAuthenticationSuccessful(data) seems to have the user info so this info is too late.
Is there another service I could inject that actually got the information I need?
Also, I need this information for some API calls I want to make. I figured out that a cookie is set after the login step 1, named
.AspNet.UmbracoTwoFactorCookie
And I can read the content of the cookie of course with
var mfaCookie = Request.Headers.GetCookies(".AspNet.UmbracoTwoFactorCookie").FirstOrDefault()
.Cookies.FirstOrDefault(cookie => cookie.Name == ".AspNet.UmbracoTwoFactorCookie").Value;
But this contains an encrypted OWIN string and I haven't succeeded yet in decrypting the string. Many decryptors I found uses the MachineKey decrypting but when I try to use those, it always ends up in the error:
Error occurred during a cryptographic operation.
Even when I put a machinekey in my web.config, I still get this error.
Is there a way to get the user data (even when login is not successful yet because the user needs to enter a PIN-code) in the backend instead of retrieving it in the frontend perhaps?
PS: I also opened a topic on stackoverflow as I am that eager to solve this issue.
I figured it out. By coincidence, while investigating a possible different solution for the problem I have, I stumbled on the AuthenticatorController of Umbraco (hooray for open source) and I saw this piece of code:
Thanks for sharing this it has been really helpful in getting over a hurdle I was stuck on like you.
In your API controller were you inheriting from UmbracoAuthorizedApiController or UmbracoApiController? My current problem is that I am using UmbracoAuthorizedApiController but understandably I get a 401 unauthorised error. I could make the verification endpoint public to get around this but it's not sitting right with me and I'm thinking I may need to come up with my authorisation attribute that makes use of the SignInManager in your example to at least check for the presence of the user id first.
If there is anything specifically unclear for you then feel free to ask a more detailed question with code examples or errors and perhaps I can help you out.
Thanks for getting back to me. I am trying this on Umbraco 9. I am following some of the code snippets from your question and articles you sent me but I see that OWIN does not exist anymore in .NET 5 and I am trying to figure out how to trigger and display custom view after signon.
How do I get user info during login, after the actual login but before calling SetAuthenticationSuccessful
I am implementing 2FA for users in Umbraco 8 backoffice and I have the most of it working. But I got stuck at a point where I need user data but I cannot figure out how to get it.
I need to know which user is logging in after he/she/it has entered the credentials and lands on the 2FA custom login page but before submitting a code on that page.
The additional login 2FA page is shown via
This template has an angularjs controller:
and in the controller I got access to the services:
Unfortunately, both services doesn't seem to have the user data yet I need. It seems the user data is available after calling executing the verify2FACode:
The data in setAuthenticationSuccessful(data) seems to have the user info so this info is too late.
Is there another service I could inject that actually got the information I need?
Also, I need this information for some API calls I want to make. I figured out that a cookie is set after the login step 1, named
And I can read the content of the cookie of course with
But this contains an encrypted OWIN string and I haven't succeeded yet in decrypting the string. Many decryptors I found uses the MachineKey decrypting but when I try to use those, it always ends up in the error:
Even when I put a machinekey in my web.config, I still get this error.
Is there a way to get the user data (even when login is not successful yet because the user needs to enter a PIN-code) in the backend instead of retrieving it in the frontend perhaps?
PS: I also opened a topic on stackoverflow as I am that eager to solve this issue.
I figured it out. By coincidence, while investigating a possible different solution for the problem I have, I stumbled on the AuthenticatorController of Umbraco (hooray for open source) and I saw this piece of code:
Fortunately, I am able to use this code too in my controller and this line of code gave me what I need.
Thanks for sharing this it has been really helpful in getting over a hurdle I was stuck on like you.
In your API controller were you inheriting from
UmbracoAuthorizedApiController
orUmbracoApiController
? My current problem is that I am usingUmbracoAuthorizedApiController
but understandably I get a 401 unauthorised error. I could make the verification endpoint public to get around this but it's not sitting right with me and I'm thinking I may need to come up with my authorisation attribute that makes use of the SignInManager in your example to at least check for the presence of the user id first.Can you please guide me through what steps you took to create the the 2FA ?
Most of the 2FA steps in my process I got from this article:
https://this.isfluent.com/blog/2019/two-factor-authentication-for-umbraco-part-1
end the follow up part 2:
https://this.isfluent.com/blog/2019/two-factor-authentication-for-umbraco-part-2
If there is anything specifically unclear for you then feel free to ask a more detailed question with code examples or errors and perhaps I can help you out.
Thanks for getting back to me. I am trying this on Umbraco 9. I am following some of the code snippets from your question and articles you sent me but I see that OWIN does not exist anymore in .NET 5 and I am trying to figure out how to trigger and display custom view after signon.
ah y I haven't tried to build the 2FA in Umbraco 9 yet so currently I cannot help you with that.
is working on a reply...