C#Bot Release


Multi-factor Authentication

Multi-factor authentication (2FA) has been added as requested in 2FA/MFA. This allows users to configure and use a second factor when authenticating. There are currently 2 supported methods of multi-factor authentication available.

  • Email - after a user tries to log in, they are sent an email with a multifactor code that they must input.
  • Authenticator - when setting up 2FA for the first time, a user will scan a QR code into an authenticator app (e.g. Google Authenticator, Authy etc). This authenticator app can then be used to generate 2FA codes for future authentication attempts.

When a user configures 2FA for their account, they can choose which type of second factor to use. The multi-factor authentication method that they chose will be stored on the PreferredTwoFactorMethod attribute of the user entity.


  • Added protected regions to SetupTests.ts so that the default enzyme testing environment can be configured.
  • Added protected regions in the component Tabs.tsx.
  • Updated ContextMenu.tsx to use keys properly. This fixes an issue where rendering multiple context menus could result in unpredictable behaviour.
  • Added protected regions to client-side attribute validator files.
  • Email templates have been updated to user RazorLight for templating.
  • Changed Error to Warning when Redis server can’t be found by the server.
  • Added IsTwoFactorAuthenticated extension method to the HttpContext to detect if the user had signed in to this current session with 2FA. In addition, TwoFactorAuthenticated field was added to IIdentityService that calls this method.
  • The lockout related fields on user entities will now prevent users from logging into the application.
  • The authentication scheme for cookie login has been changed from Cookies to Application.Identity.
  • Added React context for the client-side global store variable and a new useStore hook for injecting it into function based components.

Resolved defects

  • Updated collection row and collection list to render as functions instead of components. When rendered as components, mobx was unable to track changes to observables properly.
  • Updated RadioButtonGroup component to use keys properly. This fixed an issue where React would behave unpredictably sometimes when multiple RadioButtonGroups were rendered together.
  • Updated the default behaviour of the server to use the proxy SPA only in the development environment. Before, the behaviour was to use proxy SPA in any environment that is not production.
  • Fixed broken email validation when creating a new user entity through the admin CMS. The bug involved a user being able to register with space characters in their email address, but then, subsequently, not being able to log in with the same email.
  • Fixed bug where the GetFiles method in Model.tsx wasn’t traversing arrays correctly. This causes files/images not to load in some cases.
  • Fixed the styling for the spinner component, so the component will now display as reported in Spinner Component not visible.
  • Fixed bug where client-side would crash when trying to create a form submission against a null form version.
  • Fixed SCSS bug where using the custom icons mixin would cause a compilation error

Migration Path

Email Templates

Built in email templates (reset password, confirm account and the new two factor email) have been updated to use the RazorLight templating tool instead of the simple string replacement method that was used before. To facilitate this the following changes have been made.

  • Email templates have been renamed from [EmailName].template.html to EmailName.cshtml
  • Razor syntax is now used to inject code variables into the templates. Instead of ${user} to print a users name, you must now use @Model.UserName.
  • Any @ characters in Razor must be escaped by prepending it with another @ character. For example, the line @media screen and (max-width: 685px) { must be changed to @@media screen and (max-width: 685px) {

Apart from these changes, the existing email HTML code can be copied into these new files. For more information on Razor templates, see the official documentation.

Moved Classes

The GroupResult and UserResult classes have been moved from UserServer.cs to their own files. Any changes to the protected regions to those classes must be migrated to the new files.

Removed User Service Methods

The obsolete CheckCredentials and Exchange methods have been removed from the IUserService interface and its corresponding implementation. Please use the methods of the same name on the ISignInService instead.

Authentication Scheme Changes

With the change of authentication scheme from Cookies to Application.Identity any code that references authentication schemes will need to be updated. This would include any custom authorization policies and any custom created claims principals. To fix this issue, search for any instances of the variable CookieAuthenticationDefaults.AuthenticationScheme and replace it with IdentityConstants.ApplicationScheme.

Login Page Changes

The file LoginPage.tsx has moved from clientside/src/Views/Pages to clientside/src/Views/Pages/Login. Any protected region changes in this file will need to be moved across to the file in the new location.

Known Defects/Limitations

  • The date-picker component has incorrect styling in some cases.
  • Users can not create JWT tokens for login if they have multi-factor authentication enabled.