Me again. It's been a busy couple of months. It seems to Covet situation may have just helped our industry. Once good thing to take from it I guess.
I have a client wanting to add 2FA to their Umbraco 8 site. I found this solution that seems to be working well apart from a few small bugs I can probably fix.
You can download the project and get the new umbraco site up and running very easily and then you will be able to see how 2FA is setup.
You will need to copy a load of stuff into your project. And also install GoogleAuthentication nuget package.
You should be copying...
The TwoFactorAuthentication forler
The service and composer cs files
The TwoFactorAuthentication package in the App_Plugins folder
This should pretty much be it.
When you run the project there is a migrations folder which adds a table to the database. I would check that has been added ok.
This should all work and provide the functionality you need.
Here is a list of the bugs....
Issue 1
When you login then authenticate there is no redirect to the Umbraco dashboard.
To fix this find the file.
\App_Plugins\2FactorAuthentication\2fa-login.js
And replace: $scope.submit(true);
For: window.location.href = '/umbraco';
And replace: <button type="submit">Disable two step verification</button>
For: <button ng-click="disable()">Disable two step verification</button>
Be careful with caching.
I find that opening the js and html files in the browser and then force refreshing first before testing will help.
There is one final issue.
There is nowhere for administrators to maintain standard users 2FA. I am going to build a custom dashboard for this since I just dont think this was every included into the plugin above.
Was looking for the same thing for Umbraco 9 too. Can't find anything which is weird. There's an implementation in V9.3 but for members. Not sure why there's nothing for Backend User which is weird
Umbraco 8 2FA
Hi Guys,
Me again. It's been a busy couple of months. It seems to Covet situation may have just helped our industry. Once good thing to take from it I guess.
I have a client wanting to add 2FA to their Umbraco 8 site. I found this solution that seems to be working well apart from a few small bugs I can probably fix.
https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator
I was thinking there should be a package available by now for this this and I am sure I heard talks about this on Umbra coffee youtube.
Does anyone know if there is a package for this or if this is getting added into core anytime soon? I have a feeling it is.
Kind Regards
David
Hi Guys,
I had a good look around and could find any complete packages. Maybe someone will upload something in the future.
For now I worked with what I mentioned above. It was quite easy to fix up and the bugs are not too challenging.
Here are the full steps....
Setup.
https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator
You can download the project and get the new umbraco site up and running very easily and then you will be able to see how 2FA is setup.
You will need to copy a load of stuff into your project. And also install GoogleAuthentication nuget package.
You should be copying...
The TwoFactorAuthentication forler
The service and composer cs files
The TwoFactorAuthentication package in the App_Plugins folder
This should pretty much be it. When you run the project there is a migrations folder which adds a table to the database. I would check that has been added ok.
This should all work and provide the functionality you need. Here is a list of the bugs....
Issue 1
When you login then authenticate there is no redirect to the Umbraco dashboard.
To fix this find the file.
And replace: $scope.submit(true); For: window.location.href = '/umbraco';
Issue 2
When you enable 2FA for the first time it says invalid code. When you refresh you will see that it works.
To fix this look for the file
Issue 3
When you disable the 2FA nothing happens. This is basically the same reason as Issue 2
To fix this look for the file
There is one more step involved on this one. A double issue.
Find the file
Be careful with caching. I find that opening the js and html files in the browser and then force refreshing first before testing will help.
There is one final issue.
There is nowhere for administrators to maintain standard users 2FA. I am going to build a custom dashboard for this since I just dont think this was every included into the plugin above.
Kind Regards
David
hi David - thanks for your summary write up here. Is this still the method you're using or have you since found another package?
Yes I am still using this method. I actually build a second app over the top of this to improve and add a few extra features.
I thought the management area was a bit weak so I built a separate management custom section just for the admins.
Can we use this in Umbraco 9 ?
Was looking for the same thing for Umbraco 9 too. Can't find anything which is weird. There's an implementation in V9.3 but for members. Not sure why there's nothing for Backend User which is weird
Hi david
can we custom this function authResource.verify2FACode(provider, code) ?
looks like the authResource is auto generate by umbraco is it?
also wheres the route of function (PostVerify2FACode) ? i dont get it the routing
Hi RhegaF,
Did you find a solution to this. It appears I am having the same issue.
is working on a reply...