Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

IdentityServer V3/MembershipReboot TwoFactor Auth #792

Closed
dpapada opened this issue Jan 21, 2015 · 4 comments
Closed

IdentityServer V3/MembershipReboot TwoFactor Auth #792

dpapada opened this issue Jan 21, 2015 · 4 comments
Assignees
Labels

Comments

@dpapada
Copy link

dpapada commented Jan 21, 2015

Setup:
Currently, I have a working version of IdentityServer v3 ( using the RC version) and I have integrated, IdentityManager, MembershipReboot (Default Implementation) as the "UserService", and I also have a custom "ViewService" that currently only overrides the Login Task. And with that I am able to achieve a local login and external login flow with a configured Identity Provider.
In MembershipReboot I also have created two custom event handlers for sending email and sms for a given account.

I have also implemented some Account Management Features like Password Reset, Email Confirmation, etc. The way I accomplished this was I have the OWIN hosted IdentityServer inside an MVC project and I have extended MembershipReboot's UserAccountService using the CustomUser configuration and Autofac IOC container used by webAPI endpoints that allow me to use some custom web pages to interact with MembershipReboot.

Issue:
Using the above API, I successfully am able to configure users in MemebershipReboot for TwoFactor Authentication, supplying the TwoFactorMode.Mobile and MobilePhoneNumber, However, I am confused on how to tell IdentityServer to use TwoFactor Auth for a given user account request?

Right now, with TwoFactorAuthMode set to Mobile and TwoFactor enabled for a given local user account, My identityServer authenticates the user in successfully and proceeds to the protected resource.

Questions:

First off, I have found some articles discussing the flow of how TwoFactor should work:
Refer here: #134

That being said, is this feature available in version 3(RC)?

If that answer is yes, if I could get some guidance as to how I would wire up/configure that functionality.

I noticed the "AuthenicationMethods" available in the Constants.cs source file, but I don't see where that may apply?
public static class AuthenticationMethods
{
public const string Certificate = "certificate";
public const string Password = "password";
public const string TwoFactorAuthentication = "2fa";
public const string External = "external";
}

Is there a option that requires being set on my IdentityServer "Client" to "trigger" the two Factor Authentication? Or maybe an option to set in the IdentityServerOptions?

I will continue my research but any input would be very helpful.

Thank you for your time.

@brockallen
Copy link
Member

IdentityServer doesn't know how to do 2fa. We do allow you to control the login workflow with a custom user service. This is what you'd implement to add 2fa to your deployment of IdSvr.

https://thinktecture.github.io/Thinktecture.IdentityServer.v3.Documentation/docs/advanced/userService.html

@brockallen brockallen self-assigned this Jan 21, 2015
@dpapada
Copy link
Author

dpapada commented Jan 21, 2015

Hi Brock,

Okay, that makes sense, We currently are not using a custom user service, but now that you point it out, I see how the Partial login (with redirect) can prove useful in this scenario.

I see if I can work this out, since I have already done the CustomView service, i should be able to do something similar here.

Thanks for the response.

@brockallen
Copy link
Member

No prob. And in a sense, you are using a custom user service -- that's the MembershipReboot user service. It can be derived from and has several virtuals to override so you can control the behavior. HTH.

@dpapada
Copy link
Author

dpapada commented Jan 21, 2015

Yes, that is what I was referring too, when I said we have done it already for the CustomView service, specifically the Login method.

I was looking into the different virtual methods that hang off MembershipRebootUserService to see what I need to do.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants