CODEWITHSUNDEEP
c#asp.netasp.net-mvcasp.net-identitytwo-factor-authentication
Bernardt
Bernardt

Reputation: 65

ASP.Net MVC - Two Step Authentication

Good Morning

In MVC there is a method in the manage controller being used. to generate a token.

  var code = await UserManager.GenerateChangePhoneNumberTokenAsync(User.Identity.GetUserId(), model.Number);

Does anyone know where this generated token is saved. In the basic MVC example they use it to add a phone number and needs to be verified with the token being sms`d to the cellphone number supplied, this code is used to generate that token. But no where is that token being saved, there is no column in the db and is not being passed to the view in a hidden field. But the strange part is when you enter the code and submit it, it will do a comparison in the post method using the following

    public async Task<ActionResult> VerifyPhoneNumber(string phoneNumber)
    {
       var code = await UserManager.GenerateChangePhoneNumberTokenAsync(User.Identity.GetUserId(), phoneNumber);
       // Send an SMS through the SMS provider to verify the phone number
       return phoneNumber == null ? View("Error") : View(new VerifyPhoneNumberViewModel { PhoneNumber = phoneNumber });
    }

I cannot figure out where the GenerateChangePhoneNumberTokenAsync method will find the generated token to compare with the token being passed in with the model. Do anyone of you have an idea of where this could be found.

Kind Regards

Upvotes: 0

Views: 1811

Answers (1)

thegreatgiver
thegreatgiver

Reputation: 186

The code is not stored in the database. The code generation and verification are handled internally by ASP.NET Identity. There's a corresponding action method in the "ManageController" that handles the phone number and code verification. Here is the code

    public async Task<ActionResult> VerifyPhoneNumber(VerifyPhoneNumberViewModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }
        var result = await UserManager.ChangePhoneNumberAsync(User.Identity.GetUserId(), model.PhoneNumber, model.Code);
        if (result.Succeeded)
        {
            var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
            if (user != null)
            {
                await SignInAsync(user, isPersistent: false);
            }
            return RedirectToAction("Index", new { Message = ManageMessageId.AddPhoneSuccess });
        }
        // If we got this far, something failed, redisplay form
        ModelState.AddModelError("", "Failed to verify phone");
        return View(model);
    }

Notice the line that does the verification using the UserId, PhoneNumber and Code.

var result = await UserManager.ChangePhoneNumberAsync(User.Identity.GetUserId(), model.PhoneNumber, model.Code);

Cheers.

Upvotes: 1

Related Questions