Block enabling 2fa if cookie policy not accepted

aspnet / Identity

[Archived] ASP.NET Core Identity is the membership system for building ASP.NET Core web applications, including membership, login, and user data. Project moved to https://github.com/aspnet/AspNetCore

Apache License 2.0

1.97k stars 871 forks source link

Block enabling 2fa if cookie policy not accepted #2034

Closed HaoK closed 5 years ago

HaoK commented 5 years ago

Not accepting the cookie policy prevents temp cookies from being used which interrupts 2fa flows like displaying recovery codes (which is an issue during registration).

The fix for 2.2 is to block the ability to enable 2fa when cookie consent is not given.

Eilon commented 5 years ago

Do we need another bug opened to track the 3.0 work where we want to see if we can just make this all work?

cc @ajcvickers

HaoK commented 5 years ago

3.0 bug: https://github.com/aspnet/Identity/issues/2039