Search Results :

×
Sign Up Contact Us

Contents

Two Factor Authentication (2FA) for ASP.NET using OTP over SMS | Secure ASP.NET Login

ASP.NET Two Factor Authentication (2FA) adds an extra layer of security to your ASP.NET application login process by enabling OTP verification over SMS. With this method, after entering the correct username and password, users receive a time-sensitive one-time passcode (OTP) on their registered mobile number via SMS. To explore how this can be implemented, visit our ASP.NET Two Factor Authentication (2FA) plugin page. The login is completed only after entering the correct OTP, ensuring that only authorized users can access the application. This setup strengthens the security of your ASP.NET web application and helps protect against unauthorized access, credential theft, and other cyber threats.

download plugin button Download plugin pricing button plugin pricing button Pricing Plans
  • To install the miniOrange 2FA NuGet package in your .NET application, just install the miniOrange NuGet package on top of your application.
  • For Manual Installation , add the required .dlls file in the bin folder and static file in the separate miniOrange directory in the root directory of your application.
  • Build your application. During the build process, the NuGet package will automatically add the necessary DLL files (two of them) and static content (views/CSS) into a dedicated miniOrange directory within your application.

To configure the miniOrange 2FA NuGet package in your .NET application, follow these steps:

  • Run the application, where you have installed the miniOrange NuGet package.
  • Once the application is up and running, go the below URL: 
<your-base-url>/?tfaconfig=admin
  • Enter your miniOrange Admin Credentials when prompted.
asp-net-login-page

  • Once validated, you will be able to see the miniOrange configuration dashboard.
  • Set up and turn on the multi-factor authentication (MFA) methods you prefer. When users log in for the first time, they will see the available options and can choose and register the one they want to use.
Multi factor authentication configure methods

  • Once the 2FA method is successfully configured, the green badge will be displayed.
  • Click on the Configure button and enter your Phone number when prompted, then click on Get OTP.
OTP over SMS - Enter Phone Number

  • Provide the OTP received via SMS on your registered mobile number.
OTP over SMS - Enter OTP

  • After entering the OTP, click on Verify OTP to confirm.
OTP over SMS - Verify OTP

  • Upon successful validation, the "OTP over SMS" method will be configured for the end user.
  • Follow similar steps to configure other 2FA methods.
  • After configuration, users can select and register their preferred method to complete Two-Factor Authentication (2FA) before accessing the application.

To integrate the miniOrange 2FA in your .NET application, follow these steps:

  • In your login mechanism, after the successful authentication by the Username and Password, add the following code to prompt for 2FA.
  var loginEventHandler = new LoginEventHandler();
  loginEventHandler.OnLoginSuccess(email);
  • End-Users will be shown with the 2FA screen to register their choice of 2FA method.
End User 2FA screen

  • After clicking "configure" during registration, users will be prompted to register their device, email, or phone number, based on their chosen method.
  • Once registration is complete, the end user will see a screen to enter the OTP received on their registered email/phone number or the TOTP from their Authenticator app.
    • OTP Over SMS: If the user has registered OTP over SMS as their 2FA method, they will be prompted to enter the OTP sent to their registered mobile number via SMS.
    End User - OTP over SMS
  • Upon successful validation, the user's session and the 2FA validation state will be established within the application context. This information can then be retrieved in your code-behind to determine whether the user is granted or denied login access, based on the validation outcome.
  string username="";
  string claimtype="";
  string claimvalue="";

  if(User.Claims != null)
  {
    foreach( var claim in User.Claims)
    {
      claimtype = claim.Type;
      claimvalue = claim.Value;
    }

    //retrive tfa validation result
    var identity = (ClaimsIdentity)User.Identity;
      IEnumerable claims = identity.Claims;
      string result = identity.FindFirst("tfaValidationState")?.Value;
  }
  • You can use this result and check whether it's true or false and allow/deny the user accordingly.

Please reach out to us at aspnetsupport@xecurify.com, and our team will assist you with setting up the ASP.NET Core SAML SSO. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support