I am trying to implement Two Factor authentication for Umbraco users using Google Authenticator.
I have created an extra table in the database in which I store wether the user logging in has already set up two factor authentication, if this is not the case an email with a QR-Code is sent by email which they can scan with their phone using the Google Authenticator app. In the login dialog I want to add an extra field where they can enter the code the app has provided them and then check that code.
I already have written the code to create the QR-code and check the validity of the code entered, but now I'm trying to figure out where to put in this code in the authentication process.
I have found the code where the user is authenticated and the result of that process is handled on the client. I also noticed in that part of the code that a statuscode of 402 is returned by the server when a TwoFactor setting is set. I have checked the documentation and the source but i can't a setting with that name.
What is the correct way to add this extra step to the authentication process?
Someone already pointed me to Starter Kits but I don't see who that would help me in this situation.
Note that this includes a dashboard for setting up the Google Authenticator bits, might be a bit easier and less clumsy then having to do this through email.
Note that, unfortunately, we just found and fixed a bug, so this will only work for the admin user at the moment. This is hopefully fixed in the next version soon: http://issues.umbraco.org/issue/U4-10620
Implementing Two Factor authentication for Umbraco Users
I am trying to implement Two Factor authentication for Umbraco users using Google Authenticator. I have created an extra table in the database in which I store wether the user logging in has already set up two factor authentication, if this is not the case an email with a QR-Code is sent by email which they can scan with their phone using the Google Authenticator app. In the login dialog I want to add an extra field where they can enter the code the app has provided them and then check that code.
I already have written the code to create the QR-code and check the validity of the code entered, but now I'm trying to figure out where to put in this code in the authentication process. I have found the code where the user is authenticated and the result of that process is handled on the client. I also noticed in that part of the code that a statuscode of 402 is returned by the server when a TwoFactor setting is set. I have checked the documentation and the source but i can't a setting with that name. What is the correct way to add this extra step to the authentication process?
Someone already pointed me to Starter Kits but I don't see who that would help me in this situation.
Hi there,
I have some sample code available here: https://github.com/nul800sebastiaan/YubiKey2Factor
Note that this includes a dashboard for setting up the Google Authenticator bits, might be a bit easier and less clumsy then having to do this through email.
Note that, unfortunately, we just found and fixed a bug, so this will only work for the admin user at the moment. This is hopefully fixed in the next version soon: http://issues.umbraco.org/issue/U4-10620
Hi Sebastiaan,
Thank you very much, I'm going to try your sample!
is working on a reply...