Possible issue with 2FA

[odinnix]

Hey;

We are seeing an issue with 2FA and I'm not sure if its an Identity change or an issue with this provider.

https://github.com/aspnet/Identity/issues/1383#issuecomment-324434551

Any thoughts?

[mrahhal]

Hey,

I've not given 2FA too much attention, so it's possible. But because I mostly don't use it, it'd be great if you can provide a small repro.

But the problem itself looks simple, so in any case, I'll check if I can figure something out.

Did it work before v2.0 of Identity? And make sure you're using latest version of this lib.

[odinnix]

Everything worked before Identity 2.0 yep, and am using 3.0.1

I didn't actually setup the 2FA piece but I will chat with the developer who did to see if we can get a sample repo.

Thanks!

[mrahhal]

I see. For now, a stacktrace will be most helpful.

[mrahhal]

So upon first inspection, I guess IUserAuthenticatorKeyStore is a new interface in 2.0. Of course, I don't implement this anywhere so I'm guessing I'll have to implement it on UserStore. There might be other new interfaces too, so I'll take this chance to check up on the EFCore impl and match them up.

[odinnix]

Awesome, thank you for looking into this.

If you need me to test I can pull a prerelease package and try it out.

Do you still need a stack trace? Can get you one in a few hours here once the dev is available.

[mrahhal]

Probably won't need one, as it's obvious I simply don't implement the mentioned interface.

I'll ask you to test when I finish something. Thanks.

[mrahhal]

It appears that the architectural changes in Identity 2.0 are actually big. I made a hasty decision when I released 3.0. Looks like now there are also base stores that can be used, instead of having them all in the same store project.

For later, I'm thinking about making a new repo with a matching version and better package name: "MR.AspNetCore.Identity.EntityFramework6", that will use the stores provided by Identity Core. And this one kept for aspnetcore Identity 1.0.

For now, I'll release a quick fix.

@dcarl1 can you try this one out and let me know if it works for you?

[akonyer]

Tried your pre-release and now I'm getting a different error:

error: The entity type IdentityUserToken is not part of the model for the current context.

[odinnix]

@mrahhal @akonyer is the same project :)

[mrahhal]

Yes wanted to warn about it but forgot. You'll need to do an EF migration. Since there's a new entity (IdentityUserToken) used for 2FA and other stuff.

[mrahhal]

Ah wait. Did I not add it to the context. 🤔 I'll check.

[mrahhal]

Sure enough, I forgot to add it to the context (I don't have a handy test host for 2FA so really sorry). I'll have to ask you to test again. Here is the new release.

[akonyer]

Well, we're making progress I think?

{"error":"One or more validation errors were detected during model generation:

EFStorageProvider.IdentityUserToken: : EntityType 'IdentityUserToken' has no key defined. Define the key for this EntityType. UserTokens: EntityType: EntitySet 'UserTokens' is based on type 'IdentityUserToken' that has no keys defined. "}

[mrahhal]

Uh.. It seems an IdentityUserToken has a composite key.

[mrahhal]

Here you go.

[akonyer]

Hahaha. Thank you. This is a bit of a rabbit hole, but another error for you.

{"error":"The number of primary key values passed must match number of primary key values defined on the entity. Parameter name: keyValues"}

Sounds like it wants us to maybe add a second PK to our user entity? But we do not want to have to do that.

[mrahhal]

Hmm no, that's not it. Still another config I missed, probably. On it.

[mrahhal]

And here we go again.

[akonyer]

Still getting the same error as before. The number of primary key values passed must match number of primary key values defined on the entity.

[mrahhal]

I won't be getting around this problem like this. I think I'll setup a 2FA sample and debug this myself. Thanks, will let you know here when I fix a release.

[mrahhal]

A small repro would be most helpful, since I don't really use 2FA. In my short tests I did while trying to use it no error occurred. So maybe I'm doing things differently.

[akonyer]

Sorry for the delay in getting this to you. I got caught up with some other things.

I have created a new bare bones project that is able to reproduce this issue. You can find the project here: https://github.com/akonyer/Ef6CoreTwoFactorAuthenticationTest

To reproduce:

1. Register a new user
2. Set [TwoFactorEnabled] flag in database to true
3. try to login with user
4. You should get the error: NotSupportedException: Store does not implement IUserAuthenticatorKeyStore<User>.

Let me know if you have any problems. Thank you

[mrahhal]

Thanks for the repro. I've been very busy lately with work. If anyone wants to try their hand at this then that'd be great. If not, I'm still willing to resolve this issue as soon as I possibly can when I get some free time.

[koenbeuk]

I could reproduce this error before however after upgrading to 3.0.2 things started working correctly (except for https://github.com/mrahhal/MR.AspNet.Identity.EntityFramework6/pull/16).

[mrahhal]

@kbekkenutte are you saying 2FA completely works in 3.0.2?

[koenbeuk]

@mrahhal I wouldn't want to conclude that with absolute certainty but it seems to be, yes. Switching to 3.0.2 resolves the NotSupportedException: Store does not implement IUserAuthenticatorKeyStore. exception and https://github.com/mrahhal/MR.AspNet.Identity.EntityFramework6/pull/16 fixes the The number of primary key values passed must match number of primary key values defined on the entity. error.

As a result, I'm able to use 2FA with our Twilio SMS provider