Hi @ismcagdas,
ASP.NET Zero API: v13.3.0 | Client: v13.3.0
Goal: Add an option to remember browser for Operators with MFA enabled. When selected, Operators can choose to remember browser, which will skip MFA prompts for future logins from the same browser.”
We enabled 2FA settings on settings page and also for specific user. 2FA works.
We also added an option "Allow to remember browser" on settings page [Administration > Settings > Security (tab)]. See the screenshot below.
We checked the setting is updated in TenantSettingsAppService.cs, settings.IsRememberBrowserEnabled = true, but users are still prompted for additional authentication (two-factor authentication) on a "remembered" browser.
Did I miss something? How the "remember browser" functionality is being implemented? Does the "Remember this browser" functionality relies on a cookie being set in the user's browser when they select the option to remember the device. I couldn't find such a cookie in the browser.
Do we need to check the host settings (HostSettingsAppService) do not force 2FA?
Thank you for your support.
15 Answer(s)
-
0
Hi @hongbing.wang,
An error may have occurred in the implementation here. We will fix this in the next version
https://github.com/aspnetzero/aspnet-zero-core/issues/5430
-
0
-
0
Hi @m.aliozkaya,
Thank you for the update.
I do have 'Remember this browser' ticked.
I also have TwoFactoRememberClientToken in angular local storage.
However, if I logout and then login again within the same browser. I am still required to provide two factor access code from Google Authenticator. Is this normal? Please explain how this should work. Thank you.
-
0
Hi @hongbing.wang,
I can't reproduce the problem. If you check the remember this browser button, you can login without Google Authenticator code.
Could you share your project with [email protected]
-
0
Hi İsmail,
Here is the video recorded from the original default Zero app V13.3.0. It doesn’t meet the following requirement: If the Operator successfully logs in with the remember browser option ticked, then they should not be prompted to enter 2FA again until they go to another browser.
Please investigate the issue.
-
0
Hi @hongbing.wang,
I can't reproduce this error on my project. Could you share your project with [email protected]?
-
0
Hi İsmail, I have shared the original Zero 13.3 project with [email protected]
-
0
Hi @hongbing.wang,
I can't reproduce the issue on your project. It is working well on my side
-
0
Hi İsmail,
I have asked my colleagues to do the same test on the original Zero 13.3 code (both in debug and production build). My colleagues can reproduce it too. Could you please share a video of your test? Is there any difference between our test methods?
-
0
Hi @hongbing.wang,
Could you access this link? https://drive.google.com/file/d/1YyWIjxnyNOvuCkouR3ACy-nk-kCVBR3o/view?usp=drive_link
-
0
Please download the video file.
-
0
Hi @hongbing.wang,
Could you share your project with support@aspnetzero ?
-
0
Hi @hongbing.wang,
Sorry for asking again. I found the project in my emails. But I still can't reproduce it. Maybe we should plan a call about this
-
0
Hi @m.aliozkaya, A call would be good. I'm available from10 AM to 5 PM AEST. But I will make me available after hours up to 10 PM if that suits you.
-
0
Hi @hongbing.wang
We have tested this on the project you shared but couldn't reproduce the problem. Is there a live URL which we can access to test this problem ? You can send an email to [email protected] for details.