Hi @ismcagdas,
ASP.NET Zero API: v13.3.0 | Client: v13.3.0
Goal: Add an option to remember browser for Operators with MFA enabled. When selected, Operators can choose to remember browser, which will skip MFA prompts for future logins from the same browser.”
We enabled 2FA settings on settings page and also for specific user. 2FA works.
We also added an option "Allow to remember browser" on settings page [Administration > Settings > Security (tab)]. See the screenshot below.
We checked the setting is updated in TenantSettingsAppService.cs, settings.IsRememberBrowserEnabled = true, but users are still prompted for additional authentication (two-factor authentication) on a "remembered" browser.
Did I miss something? How the "remember browser" functionality is being implemented? Does the "Remember this browser" functionality relies on a cookie being set in the user's browser when they select the option to remember the device. I couldn't find such a cookie in the browser.
Do we need to check the host settings (HostSettingsAppService) do not force 2FA?
Thank you for your support.
7 Answer(s)
-
0
Hi @hongbing.wang,
An error may have occurred in the implementation here. We will fix this in the next version
https://github.com/aspnetzero/aspnet-zero-core/issues/5430
-
0
Hi @hongbing.wang,
I tested it but remember me functionality is working successfully for me.
Maybe you are not selecting marked place
Angular local storage item
Mvc cookie
-
0
Hi @m.aliozkaya,
Thank you for the update.
I do have 'Remember this browser' ticked.
I also have TwoFactoRememberClientToken in angular local storage.
However, if I logout and then login again within the same browser. I am still required to provide two factor access code from Google Authenticator. Is this normal? Please explain how this should work. Thank you.
-
0
Hi @hongbing.wang,
I can't reproduce the problem. If you check the remember this browser button, you can login without Google Authenticator code.
Could you share your project with [email protected]
-
0
Hi İsmail,
Here is the video recorded from the original default Zero app V13.3.0. It doesn’t meet the following requirement: If the Operator successfully logs in with the remember browser option ticked, then they should not be prompted to enter 2FA again until they go to another browser.
Please investigate the issue.
-
0
Hi @hongbing.wang,
I can't reproduce this error on my project. Could you share your project with [email protected]?
-
0
Hi İsmail, I have shared the original Zero 13.3 project with [email protected]
