lstuart

adding ChallengedWithQuestions is not challenging with questions on the sandbox

0 votes
I am playing around with asking signers to answer questions before signing the application to add some fraud mitigation. I added the following: var packageBuilder = PackageBuilder.NewPackageNamed(signingPackage.Name) .WithSettings(DocumentPackageSettingsBuilder.NewDocumentPackageSettings() .WithHandOverLinkHref(signingPackage.HandOverLinkHref) .WithHandOverLinkText(signingPackage.HandOverLinkText) .WithDecline() .WithDeclineOther() .WithMaxAuthAttempts(5) .WithoutOptOut() .HideOwnerInPersonDropDown() .WithoutDialogOnComplete() .WithoutCaptureText() .WithoutLanguageDropDown() .WithCeremonyLayoutSettings(CeremonyLayoutSettingsBuilder.NewCeremonyLayoutSettings() .WithoutGlobalDownloadButton() .WithLogoImageSource(signingPackage.LogoUrl) .WithoutSessionBar() .WithoutGlobalNavigation() .WithoutBreadCrumbs())) .WithLanguage(Thread.CurrentThread.CurrentUICulture) .WithAutomaticCompletion(); foreach (var signer in signingPackage.Signers) { packageBuilder.WithSigner(SignerBuilder.NewSignerWithEmail(signer.Email) .ChallengedWithQuestions(ChallengeBuilder.FirstQuestion("Type in 12345").Answer("12345").SecondQuestion("test").Answer("test")) .WithFirstName(signer.FirstName) .WithLastName(signer.LastName) .WithTitle(signer.DisplayTitle) .SigningOrder(signer.SigningOrder) .WithCustomId(signer.CustomId)); } When I generate the signing package, there are no challenge questions presented, it just goes straight in. Is there something I am missing? do I need to set a flag at the package level, or change an account setting or something. I am comparing my code to the examples in the documentation, and I don't see anything that jumps out at me.

Reply to: adding ChallengedWithQuestions is not challenging with questions on the sandbox

1 votes
Ok, I figured it out. It turns out that I was using eslClient.SessionService.CreateSessionToken(packageId, signer.CustomId) to get a sessionToken, then I called to {basePath}/access?sessionToken={0}, which I'm guessing means that it is considered it authenticated, and bypasses the questions for authentication. I switched to eslClient.PackageService.GetSigningUrl(packageId, signer.CustomId), and it worked.

Reply to: adding ChallengedWithQuestions is not challenging with questions on the sandbox

0 votes
hi lstuart, Glad that you figured it out! Yes, your analysis are correct! Per the difference between Links built by sessionToken and SigningUrl, you can also refer to this blog: OneSpan Sign Developer: Session, Authentication Token, and Signing Url – Part1 "If you have configured an Authentication Method (SMS/Q&A/KBA) for your signer and you want this process to validate your signer before his/her getting access to signing ceremony, you would choose to use Signing URL." Duo

Duo Liang OneSpan Evangelism and Partner Integrations Developer


Reply to: adding ChallengedWithQuestions is not challenging with questions on the sandbox

0 votes

Has anything changed recently in the sandbox regarding challenges?  Our code that worked a month ago now does not.  Famous last words..."nothing has changed at our end", but challenges no longer appear.

We're using .Net Sdk.  Package looks good and has challenge in there.  We tried both SMS and Q&A.  We are using signing Url with loginToken, not session token. Did not see anything is May release notes that sounds like a change in this area.

Any ideas?

Likely we'll find a dependency changed in our codebase...but we've already spend a lot of time looking, and it would be comforting to know the SDK/Platform is not the issue. 

Thanks in advance for your help. 


Reply to: adding ChallengedWithQuestions is not challenging with questions on the sandbox

0 votes

Thanks Duo...for the benefit of the group, the issue was our package had a single signer.  When email of that signer matches the sender in account setup, the challenges are by-passed. 

In our case, we had changed the package and account settings for test purposes, not knowing of this behavior.

Thanks again Duo for your super-fast assistance. :-).


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off