CheckPasswordSignInCoreAsync in SignInManager doesn't report RequiresTwoFactor

[JohnGalt1717]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

In .NET 10 RC2 ( don't know about anywhere else) the SignInManager.cs CheckPasswordSignInCoreAsync returns a SignInResult.

But the code clearly shows that it never actually sets the Two Factor requirement which it should as it does check if it is required it just does nothing with it and returns success.

This means that CheckPasswordSignIn incorrectly says that the password signin would be successful when it wouldn't be, it would return RequiresTwoFactor.

While you can work around this by just directly trying to SignIn (which works) you're not signed in thus defeating the point of having CheckPasswordSignIn.

Expected Behavior

This should return result.RequiresTwoFactor = true if Two Factor authentication is on.

Steps To Reproduce

Setup a user that has Two Factor Authentication on (phone or Authenticator app, doesn't matter)
Call signInManager.CheckPasswordSignInAsync

It doesn't have a parameter to tell it to check for Two factor, so just accept the defaults.

IT will always return Success instead of RequiresToFactor

Exceptions (if any)

No response

.NET Version

10.0.100-rc.2.25502.107

Anything else?

N/A.

[MihuBot]

I'm a bot. Here is a possible related and/or duplicate issue (I may be wrong):

• SignInManager. CheckPasswordSignInAsync does not check for two factor authentication #33030

[JohnGalt1717]

It is, but the issue is that the OP is correct and the return surface area implies that it should actually do it.

So either the inline documentation and learn.microsoft.com should call this out, or it should align or the return should just be a boolean since it is either success or failure and the other option isn't even valid for the endpoint.

Wasted hours trying to figure out why it doesn't do the obvious because of bad documentation, naming and return type information.