Hello,
When 2-factor authentication is enabled, the user enters their Username and Password and then completes 2-factor authentication.
Now, the issue is that the LoginAsync() method in AbpLogInManager, saves the success records in the ABPLoginAttempts table before verifying the 2FA code entered by the user.
So in the case where the username and Password are correct, but the 2FA code is incorrect, a user fails to log in, but the ABPLoginAttempts table shows success.
Here it just checks the Username/Password and saves the attempt as Success.
3 Answer(s)
-
0
Hi,
Could you create an issue on https://github.com/aspnetzero/aspnet-zero-core ? We will test this and solve the problem.
-
0
https://github.com/aspnetzero/aspnet-zero-core/issues/5135
-
0
Thanks a lot, I have added it to next milestone. We will look into this.