This topic contains 2 replies, has 2 voices, and was last updated by  Duo_Liang 1 week, 6 days ago.

  • Author
    Posts
  • Participant
    lstuart
    Newbie
    Member since: 08.03.2019
    Number of posts: 2

    I am playing around with asking signers to answer questions before signing the application to add some fraud mitigation. I added the following:

    var packageBuilder = PackageBuilder.NewPackageNamed(signingPackage.Name)
    .WithSettings(DocumentPackageSettingsBuilder.NewDocumentPackageSettings()
    .WithHandOverLinkHref(signingPackage.HandOverLinkHref)
    .WithHandOverLinkText(signingPackage.HandOverLinkText)
    .WithDecline()
    .WithDeclineOther()
    .WithMaxAuthAttempts(5)
    .WithoutOptOut()
    .HideOwnerInPersonDropDown()
    .WithoutDialogOnComplete()
    .WithoutCaptureText()
    .WithoutLanguageDropDown()
    .WithCeremonyLayoutSettings(CeremonyLayoutSettingsBuilder.NewCeremonyLayoutSettings()
    .WithoutGlobalDownloadButton()
    .WithLogoImageSource(signingPackage.LogoUrl)
    .WithoutSessionBar()
    .WithoutGlobalNavigation()
    .WithoutBreadCrumbs()))
    .WithLanguage(Thread.CurrentThread.CurrentUICulture)
    .WithAutomaticCompletion();

    foreach (var signer in signingPackage.Signers)
    {
    packageBuilder.WithSigner(SignerBuilder.NewSignerWithEmail(signer.Email)
    .ChallengedWithQuestions(ChallengeBuilder.FirstQuestion(“Type in 12345”).Answer(“12345”).SecondQuestion(“test”).Answer(“test”))
    .WithFirstName(signer.FirstName)
    .WithLastName(signer.LastName)
    .WithTitle(signer.DisplayTitle)
    .SigningOrder(signer.SigningOrder)
    .WithCustomId(signer.CustomId));
    }

    When I generate the signing package, there are no challenge questions presented, it just goes straight in. Is there something I am missing? do I need to set a flag at the package level, or change an account setting or something. I am comparing my code to the examples in the documentation, and I don’t see anything that jumps out at me.

    Participant
    lstuart
    Newbie
    Member since: 08.03.2019
    Number of posts: 2

    Score

    1

    Ok, I figured it out. It turns out that I was using eslClient.SessionService.CreateSessionToken(packageId, signer.CustomId) to get a sessionToken, then I called to {basePath}/access?sessionToken={0}, which I’m guessing means that it is considered it authenticated, and bypasses the questions for authentication. I switched to eslClient.PackageService.GetSigningUrl(packageId, signer.CustomId), and it worked.

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 691

    Score

    0

    hi lstuart,

    Glad that you figured it out!
    Yes, your analysis are correct! Per the difference between Links built by sessionToken and SigningUrl, you can also refer to this blog:
    OneSpan Sign Developer: Session, Authentication Token, and Signing Url – Part1
    “If you have configured an Authentication Method (SMS/Q&A/KBA) for your signer and you want this process to validate your signer before his/her getting access to signing ceremony, you would choose to use Signing URL.”

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    • This reply was modified 1 week, 6 days ago by  Duo_Liang.

You must be logged in to reply to this topic.