Passing credentials in ASPNET & OTP Authentication
There are 2 views
- Index
- VerifyAuthOTP
Both have the same controller , IndexController which implements Controller, that is IndexController : Controller
Expected flow: Landing on Index view and then enter userName and password (captcha as well), hit submit will take to another action Index with params as login Model.
From here if user credential is valid then VerifyAuthOTP is called .
In VerifyAuthOTP, neither Session nor TempData remains if initialized in Index.
Therefore I tried to send it in query param using base 64 encoding but due to security concerns this has been rejected.
Is there any other way to do it ?
neither Session nor TempData remains if initialized in Index
Just like you know, TempData is persisted for the next request unless it is read.
ASP.NET Core exposes the Razor Pages TempData or Controller TempData. This property stores data until it's read in another request.
I had a test with codes below and it worked for me. I just add builder.Services.AddSession(); and app.UseSession(); in Program.cs so that I could use Session.
public class IndexController : Controller
{
public IActionResult Index()
{
TempData["data"] = "this is the temp data";
TempData.Keep("data");
HttpContext.Session.SetString("SessionData", "session value");
return View(new LoginModel());
}
public IActionResult login(LoginModel mod) {
if (true) {
VerifyAuthOTP();
}
return Ok("success");
}
public void VerifyAuthOTP() {
var data = TempData["data"];
var sessionData = HttpContext.Session.GetString("SessionData");
}
}
public class LoginModel {
public string UserName { get; set; }
public string Password { get; set; }
}
I used a simple view
@model WebApplication1.Controllers.LoginModel
<div>@TempData["data"]</div>
<form asp-action="login">
<div>
<lable [email protected]>user name</lable>
<input [email protected] />
</div>
<div>
<lable [email protected]>password</lable>
<input [email protected] />
</div>
<button type="submit">submit</button>
</form>
