Activities of "RobertSCG"

Hello ,

when logged in as a tenant admin i can enable two factor authentication for user from identity management-> users tab. Happy path : When user has his own microsoft authenticator app registered everything works well and after login when 2FA is enabled user is requested to put a verification code.

Sad path ( to correct ) : When user do not have registered his own microsoft authenticator he is beeing locked in some what on the 2FA step. Because he do not have any service provider to pass through:

What I want to achieve is to force the registration form for authenticator app after user is logged in only if the particular user do not have his own microsoft authenticator registered. So I want to show this wizard :

What is more i want to have a possibility to reset authenticator setting for particular user from tenant admin level. Basically to perform such action like on the screen below but from tenant admin level for particual user :

Note : All main settings from settings-management tab are set to optional from host admin level and tenant admin level as well.

I've checked documentation in here : https://abp.io/docs/latest/modules/identity/two-factor-authentication And also I've tried to search something in support forum but didn't found anything satisfying.

  • ABP Framework version: v8.3.0
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no

Hi , thanks for response ,

to clarify : Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi,

yes the version is 8.3.0 .

The issue is on our side in the step when you will enable 2FA for user who have not registered a provider.

I will check it on empty project maybe some configuration is implemented which caused the issue. Do You have any idea what can affect this particular flow which You described ?

Thanks

Hello ,

I've check recommended solution from this issue , https://abp.io/support/questions/8185/2FA-Authenticator-App-Registering-form-after-login .

It works fine but we would like to ask about forcing an authenticator app wizard. Scenario :

  1. Login as a admin host
  2. Go to Administration - Settings - Account - Two Factor tab : Force Two factor authentication

  1. Logout

  2. Login as a tenant admin , without configured Authenticator App

  3. The result - You are logged in

checked on pure tiered project using newest abp framework 9.0.2 , with @volo/account": "~9.0.2"

Expected result : User sees the authenticator app configuration wizard , configures the app and login with 2FA.

**Notes and thoughts: **

  • such expected scenario is a standard behaviour while logging in to application on which the 2factor authentication is enabled ( in example all microsoft applications , when do not recognize user , performs an authenticator app wizard just after loggin in )

  • from admin host perspective , when I set the Two factor option to Forced, I expect every user while loggin in to have an authenticator app wizard opened - if not configured.

  • ABP Framework version: v9.0.2

  • UI Type: Blazor Server

  • Database System: EF Core (SQL Server)

  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi ,

thanks for response.

We've managed to overwrite login page , and got an access to the login process programmatically. Injection of AccountAppService was also a good hint ! Thanks for that.

Our next steps is to check whether the setting is set to Forced and if yes then redirect to the authenticator app wizard.

further questions :

  1. Is there also a possibility to give some information about how can I obtain the TwoFactor option ( Forced / Optional ) from Settings , which can be settled up by admin host account ? ( i try to use ISettingsProvider in overwritten Login.cshtml.cs , to obtain this settings but idk how it is named )

  2. Is it possible to attach to the end of the authenticator app configuration process and then for example force user to relogin after he will end the configuration process , and will have to re-authenticate within the configured authenticator app ?

Hi , thank You very much .

I saw there is a problem with downloading Abp.Account.Pro module.

I want to do this to analyze the /Pages/Account/Components/ProfileManagementGroup/TwoFactor/Default.js , and apply changes You mentioned.

Is it possible to send the source code on email : robert.sgodzaj@connexure.co ?

Hi ,

I've managed to get this code from Default.js , but it looks quite different than on the screen You showed .

Is it a correct file ?

Hi , thanks!

Hi , can I also kindly ask for a hint with overriding the 2 factor step page ( this on the screen below ) , some direction to source code would be great :

With overriding the Login.cshtml and Login.cshtml.cs page from this source : https://github.com/abpframework/abp/blob/dev/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs

I've noticed this method :

as far as i understand the process , once user has configured authenticator app , the result from this part :

contains RequiredTwoFactor property set on true and Succeeded property set on False.

Does it mean that we have to also overwrite the Two Factor Verification step ?

Yes , I've also used CLI to download the source code but since I've done custom redirection for authenticator app configruation wizard , I saw that there is a need to also overwrite the VerifySecurityCode.cshtml view in order to show the Two Factor Verification step . Am I right ?

I've done something like this :

and the TwoFactorConfigurationWizard method :

I've renamed this method from TwoFactorLoginResultAsync method .

Showing 1 to 10 of 15 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on January 15, 2025, 05:31