I've been beating my head for hours on this request.
I have an on-premise installation of an Azure MultiFactor Authentication Server. I'm building a new ASP.Net MVC 5 application that will do an LDAP lookup for users in Active Directory (also on-premise) with no ADFS configured.
I've gone through the sdk for MFA Server and can easily enable SMS requests to be sent. I get the otp code from calling pf_auth.pf_authenticate(authParams, out otp, out callStatus, out errorId);
This works for test. But I need to direct this request to my on-site MFA Server. I can't find anything that tells me where I can set this value.
I know that if I login to a machine on that domain it automatically sends the SMS text to my phone and I can enter it into the next screen to complete a login (the default user portals set up with MFA). I would assume that this would possibly work when I call ValidateCredentials on my application's newly created PrincipalContext. But how do I submit the sms code without some sort of RequestId to synch up the communication.
I'm sorry if this doesn't make much sense. It's just all the examples I can find are for using MFA with a local ADFS. I only have Active Directory which is causing me to do the custom LDAP lookup.
Any help or direction is greatly appreciated.
OK, sorry for the delay in responding to this post. After getting no responses I moved on but have recently noticed that there have been 45+ views since my post and thought I should update for others who might be experiencing a similar issue.
Turns out that when using MFA on premise you can point multiple applications to a single MFA server, like Remote Access, VPN, etc.
However if you are attempting to setup a Web Application hosted on IIS you need to install a copy of the MFA server on the IIS server hosting the application.
When installing you can point to the existing MFA setup so that both machines are in the same configuration. This local install also adds a custom IIS Plugin that does the request interception and directs it through the MFA pipeline. If everything looks good the request is then forwarded to your web application like normal.
This is really pretty straight forward but the documentation for MFA setup was sorely lacking. Hopefully in the future there will be a decent sample app provided by Microsoft that demos this process using local MFA and not just the Azure hosted solution.