Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Two factor authentication using identity server 4

How to implement a two factor authentication using Identity Server 4? The token end point returns a token with a username and password / client credentials. Can we customize those end points?

Both the methods as per the sample does not allow to customize the end point:

>     var tokenClient = new TokenClient(disco.TokenEndpoint, "ro.client", "secret");
>     var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("[email protected]",
> "Pass123$", "api1");

Is it possible to achieve 2 factor authentication using either asp.net identity Or EF Core implementation?

like image 839
Satyajit Avatar asked Apr 10 '17 17:04

Satyajit


People also ask

Does Identity Server support MFA?

MFA TOTP (Time-based One-time Password Algorithm)MFA using TOTP is a supported implementation using ASP.NET Core Identity.

Is Identity Server 4 still free?

About IdentityServer4IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core.

What are the 3 ways of 2 factor authentication?

Things you know (knowledge), such as a password or PIN. Things you have (possession), such as a badge or smartphone. Things you are (inherence), such as a biometric like fingerprints or voice recognition.


1 Answers

This shouldn't be a problem at all. When a user is redirected to the Identity Server for login in, if 2FA is enabled then he/she would have to enter the authenticator's code before the Identity Server returns the response back. I have created a repository and blog post series that explain in detail the related concepts. In the AccountController of the IdentityServer you have to check if 2FA is enabled and ask the user to proceed by providing an authenticator code before returning the response.

var signInResult = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, true,
    lockoutOnFailure: false);

if (signInResult.RequiresTwoFactor)
{
    result.Status = Status.Success;
    result.Message = "Enter the code generated by your authenticator app";
    result.Data = new {requires2FA = true};
    return result;
}

You will also need a TwoFactorAuthenticationController that supports all the 2FA tasks (enable/disable 2FA, sign in with authenticator code/recovery tokens, reset authenticator, etc...)

like image 112
chsakell Avatar answered Oct 27 '22 02:10

chsakell