Open in app

Sign in

Write

Sign in

Two Factor Authentication

Ozan Güneri
FowApps
Published in
4 min readDec 19, 2022

Security of Informations

By 2021, there is the potential for our passwords to be stolen wherever we use the Internet. Due to malicious Software entering our computers, our passwords can be stolen and we may suffer much greater damage than we anticipated. How do companies get around this? What precautions should we take? We can find the answer to this question with Two-Factor Authentication.

What is Two-Factor Authentication?

Two-Factor Authentication is a structure that allows us to keep our account secure even if our passwords are stolen. The answer to the question of how it does this is by putting an extra layer of security. Two-Factor authentication us; While logging into our account, it enables us to log in to our account by generating keys that are constantly changing, with our personal devices such as tablets, phones, etc., with the authenticator application. Our account becomes more secure as it generates keys that are constantly changing.

Implementation Of Two-Factor Authentication in ASPNET.Core

First of all, we need a User.cs class to record that the Two-Factor Authentication feature is enabled.

And then we have to enable GoogleAuthenticator as the easiest method to enable 2FA.

-dotnet add package GoogleAuthenticator

Enable Two-Factor Authentication

C# Code:

public class TwoFactorAuthenticationController : ControllerBase
{
    [HttpGet]
     public async Task<ActionResult> Enable()
        {

            TFAuthModel model = new TFAuthModel();

            var user = //getUser 
            if (!user.IsTwoFactorEnabled)
            {
                var tenant = _tenantManager.GetById(AbpSession.TenantId.Value);

                model.UserId = user.Id;
                model.TwoFactorAuthKey = user.TwoFactorAuthKey;
                model.TwoFactorAuthKey = GenerateTwoFactorKey();
                TwoFactorAuthenticator twoFactor = new TwoFactorAuthenticator();
                var setupInfo = twoFactor.GenerateSetupCode("Test/" + tenant.TenancyName, user.EmailAddress, model.TwoFactorAuthKey, false, 3);
                ViewBag.SetupCode = setupInfo.ManualEntryKey;
                ViewBag.BarcodeImageUrl = setupInfo.QrCodeSetupImageUrl;
            }
            else
            {
                throw new UserFriendlyException(L("TFAuthEnabledError"));
            }

            return PartialView(model);
        }
    
     private static string GenerateTwoFactorKey()
        {
            return Guid.NewGuid().ToString() + "_" + DateTime.Now.ToString();
        }

      [HttpPost]
      public ActionResult Enable(string inputCode)
      {
          User user = // TODO: fetch signed in user from a database
          TwoFactorAuthenticator twoFactor = new TwoFactorAuthenticator();
          bool isValid = twoFactor.ValidateTwoFactorPIN(TwoFactorKey(user), inputCode);
          if (!isValid)
          {
              return Redirect("/twofactorauthentication/enable");
          }
      
          user.TwoFactorEnabled = true;
          // TODO: store the updated user in database
          return Redirect("/");
      }
}

 public class TFAuthModel
    {
        public long UserId { get; set; }
        public string TwoFactorAuthKey { get; set; }
        public bool IsTwoFactorEnabled { get; set; }

    }

Html Code:

<html>
<body>
    <h1>Enable two-factor authentication</h1>
    <form method="post">
        <img src="@ViewBag.BarcodeImageUrl" /><br/>
        Setup code: @ViewBag.SetupCode<br/>
        Input security code: <input name="inputCode" /><br/>
        <input type="submit" />
    </form>
</body>
</html>

We see this screen when we start our Project:

When we see the above-mentioned screen, we must read the qr that appears on the screen with the qr reading option from your Authenticator application installed on our phone, enter the code on our phone into the specified field and press the send button.

Disable Two Factor Auth

C# Code:

      [HttpGet]
public IActionResult Disable()
{
    return View();
}

[HttpPost]
public IActionResult Disable(string inputCode)
{
    User user = // TODO: fetch signed in user from a database
    TwoFactorAuthenticator twoFactor = new TwoFactorAuthenticator();
    bool isValid = twoFactor.ValidateTwoFactorPIN(TwoFactorKey(user), inputCode);
    if (!isValid)
    {
        return Redirect("/twofactorauthentication/disable");
    }

    user.TwoFactorEnabled = false;
    // TODO: store the updated user in database
    return Redirect("/");
}

To disable TFA, we must enter the code that came to my phone on the screen below and press the send button.

HTML Code:

<html>
<body>
    <h1>Disable two-factor authentication</h1>
    <form method="post">
        Input security code: <input name="inputCode" /><br />
        <input type="submit" />
    </form>
</body>
</html>

Authorize with TFA

C# Code:

[HttpGet]
public IActionResult Authorize()
{
    return View();
}

[HttpPost]
public IActionResult Authorize(string inputCode)
{
    User user = // TODO: fetch signed in user from a database
    TwoFactorAuthenticator twoFactor = new TwoFactorAuthenticator();
    bool isValid = twoFactor.ValidateTwoFactorPIN(TwoFactorKey(user), inputCode);
    if (!isValid)
    {
        return Redirect("/twofactorauthentication/authorize");
    }

    // TODO: Sign in the user
    return Redirect("/");
}

Html Code:

<html>
<body>
    <h1>Authorize</h1>
    <form method="post">
        Input security code: <input name="inputCode" /><br />
        <input type="submit" />
    </form>
</body>
</html>

Output:

In order to authorize with TFA, we must enter the code on our phone in the code entry field on the output screen and press the submit button.

Two Factor Authentication

--

--

Ozan Güneri
FowApps

Written by Ozan Güneri

6 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams