Search Results :

×
Sign Up Contact Us

Contents

Two Factor Authentication (2FA) for ASP.NET using Google Authenticator | Secure ASP.NET Login

ASP.NET Two Factor Authentication (2FA) allows you to add an extra layer of security to the default ASP.NET login. With Google Authenticator, users are required to enter a time-based one-time passcode (TOTP) generated by the app after entering their username and password. To explore the available options and integration steps, visit our ASP.NET Two Factor Authentication (2FA) page. This helps confirm the identity of users before granting access to your application. Our ASP.NET 2FA solution supports multiple authentication methods, including Microsoft Authenticator, Duo Authenticator, and more.

download plugin button Download plugin pricing button plugin pricing button Pricing Plans
  • To install the miniOrange 2FA NuGet package in your .NET application, just install the miniOrange NuGet package on top of your application.
  • For Manual Installation , add the required .dlls file in the bin folder and static file in the separate miniOrange directory in the root directory of your application.
  • Build your application. During the build process, the NuGet package will automatically add the necessary DLL files (two of them) and static content (views/CSS) into a dedicated miniOrange directory within your application.

To configure the miniOrange 2FA NuGet package in your .NET application, follow these steps:

  • Run the application, where you have installed the miniOrange NuGet package.
  • Once the application is up and running, go the below URL: 
<your-base-url>/?tfaconfig=admin
  • Enter your miniOrange Admin Credentials when prompted.
asp-net-login-page

  • Once validated, you will be able to see the miniOrange configuration dashboard.
  • Set up and turn on the multi-factor authentication (MFA) methods you prefer. When users log in for the first time, they will see the available options and can choose and register the one they want to use.
Multi factor authentication configure methods

  • Once the 2FA method is successfully configured, the green badge will be displayed.
  • Click on the configure button and either enter the secret key or scan the QR code in the Google Authenticator app.
Configure Google Authenticator

  • Enter the TOTP generated on the Google Authenticator app and click on verify.
Google Authenticator - Verify

  • Upon successful validation, the "Google Authenticator" method will be configured for your end-user.
  • Follow the similar steps to configure other 2FA methods.
  • After configuration, users can select and register their preferred method to complete two-factor authentication (2FA) before accessing the application.

To integrate the miniOrange 2FA in your .NET application, follow these steps:

  • In your login mechanism, after the successful authentication by the Username and Password, add the following code to prompt for 2FA.
  var loginEventHandler = new LoginEventHandler();
  loginEventHandler.OnLoginSuccess(email);
  • End-Users will be shown with the 2FA screen to register their choice of 2FA method.
End User 2FA screen

  • After clicking "configure" during registration, users will be prompted to register their device, email, or phone number, based on their chosen method.
  • Once registration is complete, the end user will see a screen to enter the OTP received on their registered email/phone number or the TOTP from their Authenticator app.
    • Google Authenticator: If the user has registered Google Authenticator as their 2FA method. They will be asked to enter the TOTP generated in their Authenticator Apps.
    End User - Google Authenticator
  • Once the user logs in after completing the registration process, they will be prompted to enter the code generated by their configured Authenticator app. After entering the Time-based One-Time Password (TOTP), the user must click on the Validate button to proceed with the login.
Google Authenticator - Verify

  • Upon successful validation, the user's session and the 2FA validation state will be established within the application context. This information can then be retrieved in your code-behind to determine whether the user is granted or denied login access, based on the validation outcome.
  string username="";
  string claimtype="";
  string claimvalue="";

  if(User.Claims != null)
  {
    foreach( var claim in User.Claims)
    {
      claimtype = claim.Type;
      claimvalue = claim.Value;
    }

    //retrive tfa validation result
    var identity = (ClaimsIdentity)User.Identity;
      IEnumerable claims = identity.Claims;
      string result = identity.FindFirst("tfaValidationState")?.Value;
  }
  • You can use this result and check whether it's true or false and allow/deny the user accordingly.

Please reach out to us at aspnetsupport@xecurify.com, and our team will assist you with setting up the ASP.NET Core SAML SSO. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support