I am using Aspnet Boilerplate to manage a multi-tenant system. I am currently attempting to turn on 2-factor authentication, which is baked into the boilerplate. I have logged into the host and turned on 2FA (because I understand that it can't be on in the tenanats unless it's on in the host first). Once I do this, I can now see the settings to turn 2FA on in each tenant (which I have done). My problem is that, while the host users are indeed asked for a code as expected, no tenant users ever are. I've narrowed it down to the following issue. Upon successful login, this is called:
var signInResult = await _signInManager.SignInOrTwoFactorAsync(loginResult, loginModel.RememberMe);
This always returns RequiresTwoFactor == false
. The reason for this is that, within this call, a call is made to:
GetValidTwoFactorProvidersAsync(TUser user)
which in turn calls the function of the same name within .NET Core. This call returns an empty list, meaning that I have no TwoFactor Providers registered. Which is weird, because logging in as a host I get providers, but as a tenant it returns empty. Is there anything I'm missing why this might be happening. Also, where exactly in the boilerplate code are those (email and SMS) providers registered in the first place?