MultiFactorProvider
Members
Namespace: ASPSecurityKit.AuthProviders
Assembly: ASPSecurityKit.dll
Summary
Implements IMultiFactorProvider and performs multi-factor step of the security pipeline.
Remarks
Out of the box it supports various options to determine whether multi-factor is enabled and provides you multiple ways to override the same at the application, user or per-request level. To learn more, visit https://ASPSecurityKit.net/docs/the-security-pipeline/#multi-factor-authentication
Constructors
#ctor(authSessionProvider,userService,failureHandler,securityContext,securitySettings)
Summary
Initializes a new instance of the MultiFactorProvider class.
Parameters
| Name | Type | Description |
|---|---|---|
| authSessionProvider | ASPSecurityKit.IAuthSessionProvider | The auth session provider. |
| userService | ASPSecurityKit.IUserService | The user service. |
| failureHandler | ASPSecurityKit.ISecurityFailureResponseHandler | The failure handler. |
| securityContext | ASPSecurityKit.ISecurityContext | The security context. |
| securitySettings | ASPSecurityKit.ISecuritySettings | The security settings. |
Methods
IsEnabled(requestService)
Summary
Determines whether the current identity has multi-factor enabled.
Returns
true if the current identity has multi-factor enabled; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
Remarks
Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:
-
If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.
-
Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).
-
Public operations: Do not need MFA check (Public).
-
MFA is enabled for the current user as determined by Enabled.
-
Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.
Verify(requestService)
Summary
Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.
Returns
AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
HandleUnverifiedRequest(requestService,result)
Summary
Handles response when request failed multi-factor verification.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| result | ASPSecurityKit.AuthProviders.AuthResult | The result instance with failure details. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService/result is null. |
| System.ArgumentException | When result is not a failed one. |
IsEnabledAsync(requestService)
Summary
Determines whether the current identity has multi-factor enabled.
Returns
true if the current identity has multi-factor enabled; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
Remarks
Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:
-
If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.
-
Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).
-
Public operations: Do not need MFA check (Public).
-
MFA is enabled for the current user as determined by Enabled.
-
Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.
IsEnabledAsync(requestService,cancellationToken)
Summary
Determines whether the current identity has multi-factor enabled.
Returns
true if the current identity has multi-factor enabled; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
Remarks
Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:
-
If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.
-
Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).
-
Public operations: Do not need MFA check (Public).
-
MFA is enabled for the current user as determined by Enabled.
-
Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.
VerifyAsync(requestService)
Summary
Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.
Returns
AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
VerifyAsync(requestService,cancellationToken)
Summary
Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.
Returns
AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
HandleUnverifiedRequestAsync(requestService,result)
Summary
Handles response when request failed multi-factor verification.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| result | ASPSecurityKit.AuthProviders.AuthResult | The result instance with failure details. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService/result is null. |
| System.ArgumentException | When result is not a failed one. |
HandleUnverifiedRequestAsync(requestService,result,cancellationToken)
Summary
Handles response when request failed multi-factor verification.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| result | ASPSecurityKit.AuthProviders.AuthResult | The result instance with failure details. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService/result is null. |
| System.ArgumentException | When result is not a failed one. |