MultiFactorProvider

Namespace: ASPSecurityKit.AuthProviders
Assembly: ASPSecurityKit.dll

Summary

Implements IMultiFactorProvider and performs multi-factor step of the security pipeline.

Remarks

Out of the box it supports various options to determine whether multi-factor is enabled and provides you multiple ways to override the same at the application, user or per-request level. To learn more, visit https://ASPSecurityKit.net/docs/article/the-security-pipeline/#multi-factor-authentication

Constructors

#ctor(authSessionProvider,userService,failureHandler,securityContext,securitySettings)

Summary

Initializes a new instance of the MultiFactorProvider class.

Parameters
Name Type Description
authSessionProvider ASPSecurityKit.IAuthSessionProvider The auth session provider.
userService ASPSecurityKit.IUserService The user service.
failureHandler ASPSecurityKit.ISecurityFailureResponseHandler The failure handler.
securityContext ASPSecurityKit.ISecurityContext The security context.
securitySettings ASPSecurityKit.ISecuritySettings The security settings.

Methods

IsEnabled(requestService)

Summary

Determines whether the current identity has multi-factor enabled.

Returns

true if the current identity has multi-factor enabled; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.
Remarks

Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:

  • If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.

  • Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).

  • Public operations: Do not need MFA check (Public).

  • MFA is enabled for the current user as determined by Enabled.

  • Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.

Verify(requestService)

Summary

Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.

Returns

AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.

HandleUnverifiedRequest(requestService,result)

Summary

Handles response when request failed multi-factor verification.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
result ASPSecurityKit.AuthProviders.AuthResult The result instance with failure details.
Exceptions
Type Description
System.ArgumentNullException When requestService/result is null.
System.ArgumentException When result is not a failed one.

IsEnabledAsync(requestService)

Summary

Determines whether the current identity has multi-factor enabled.

Returns

true if the current identity has multi-factor enabled; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.
Remarks

Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:

  • If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.

  • Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).

  • Public operations: Do not need MFA check (Public).

  • MFA is enabled for the current user as determined by Enabled.

  • Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.

IsEnabledAsync(requestService,cancellationToken)

Summary

Determines whether the current identity has multi-factor enabled.

Returns

true if the current identity has multi-factor enabled; otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.
Remarks

Multiple checks are made to determine whether or not MFA can be considered enabled for this request. This includes:

  • If the authenticated identity token supports MFA (IsMFASupported). Usually tokens of type user session need MFA and not APIKeys.

  • Not impersonating: MFA is skipped during impersonation; even if it’s enabled for the user being impersonated as it’s a check for protecting the real logged in identity (IsImpersonating).

  • Public operations: Do not need MFA check (Public).

  • MFA is enabled for the current user as determined by Enabled.

  • Token/Request specific analysis including white-listed networks etc. by IsMFAEnabled.

VerifyAsync(requestService)

Summary

Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.

Returns

AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.

VerifyAsync(requestService,cancellationToken)

Summary

Performs multi-factor check for the specified request. This is only called if IsEnabled returns true.

Returns

AuthResult instance with Code as Success if multi-factor verification succeeded; otherwise, a possible reason of failure (most likely NotMultiFactored).

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.

HandleUnverifiedRequestAsync(requestService,result)

Summary

Handles response when request failed multi-factor verification.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
result ASPSecurityKit.AuthProviders.AuthResult The result instance with failure details.
Exceptions
Type Description
System.ArgumentNullException When requestService/result is null.
System.ArgumentException When result is not a failed one.

HandleUnverifiedRequestAsync(requestService,result,cancellationToken)

Summary

Handles response when request failed multi-factor verification.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
result ASPSecurityKit.AuthProviders.AuthResult The result instance with failure details.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When requestService/result is null.
System.ArgumentException When result is not a failed one.