Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • David Armitage 508 posts 2078 karma points
    Dec 03, 2020 @ 01:21
    David Armitage
    0

    Umbraco 8 2FA

    Hi Guys,

    Me again. It's been a busy couple of months. It seems to Covet situation may have just helped our industry. Once good thing to take from it I guess.

    I have a client wanting to add 2FA to their Umbraco 8 site. I found this solution that seems to be working well apart from a few small bugs I can probably fix.

    https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator

    I was thinking there should be a package available by now for this this and I am sure I heard talks about this on Umbra coffee youtube.

    Does anyone know if there is a package for this or if this is getting added into core anytime soon? I have a feeling it is.

    Kind Regards

    David

  • David Armitage 508 posts 2078 karma points
    Dec 03, 2020 @ 03:50
    David Armitage
    1

    Hi Guys,

    I had a good look around and could find any complete packages. Maybe someone will upload something in the future.

    For now I worked with what I mentioned above. It was quite easy to fix up and the bugs are not too challenging.

    Here are the full steps....

    Setup.

    https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator

    You can download the project and get the new umbraco site up and running very easily and then you will be able to see how 2FA is setup.

    You will need to copy a load of stuff into your project. And also install GoogleAuthentication nuget package.

    You should be copying...

    1. The TwoFactorAuthentication forler

    2. The service and composer cs files

    3. The TwoFactorAuthentication package in the App_Plugins folder

    This should pretty much be it. When you run the project there is a migrations folder which adds a table to the database. I would check that has been added ok.

    This should all work and provide the functionality you need. Here is a list of the bugs....

    Issue 1

    When you login then authenticate there is no redirect to the Umbraco dashboard.

    To fix this find the file.

    \App_Plugins\2FactorAuthentication\2fa-login.js

    And replace: $scope.submit(true); For: window.location.href = '/umbraco';

    $scope.validate = function (provider, code) {
                provider = "GoogleAuthenticator"; //temp netser
                $scope.error2FA = "";
                $scope.code = code;
                authResource.verify2FACode(provider, code)
                    .then(function (data) {
                        userService.setAuthenticationSuccessful(data);
                        window.location.href = '/umbraco';
                        //$scope.submit(true);
                    }, function () { $scope.error2FA = "Invalid code entered." });
            };
    

    Issue 2

    When you enable 2FA for the first time it says invalid code. When you refresh you will see that it works.

    To fix this look for the file

    \App_Plugins\2FactorAuthentication\managementdashboard.controller.js

    And replace: if (response.data === "true")
    
    For: if (response.data === true)
    

    Issue 3

    When you disable the 2FA nothing happens. This is basically the same reason as Issue 2

    To fix this look for the file

    \App_Plugins\2FactorAuthentication\managementdashboard.controller.js

    And replace: if (response.data === "true")
    
    For: if (response.data === true)
    

    There is one more step involved on this one. A double issue.

    Find the file

    \App_Plugins\2FactorAuthentication\managementdashboard.html

    And replace: <button type="submit">Disable two step verification</button>
    
    For: <button ng-click="disable()">Disable two step verification</button>
    

    Be careful with caching. I find that opening the js and html files in the browser and then force refreshing first before testing will help.

    There is one final issue.

    There is nowhere for administrators to maintain standard users 2FA. I am going to build a custom dashboard for this since I just dont think this was every included into the plugin above.

    Kind Regards

    David

  • andrew shearer 510 posts 659 karma points
    Apr 29, 2021 @ 04:03
    andrew shearer
    0

    hi David - thanks for your summary write up here. Is this still the method you're using or have you since found another package?

  • David Armitage 508 posts 2078 karma points
    Apr 29, 2021 @ 04:27
    David Armitage
    0

    Yes I am still using this method. I actually build a second app over the top of this to improve and add a few extra features.

    I thought the management area was a bit weak so I built a separate management custom section just for the admins.

  • Kevin 5 posts 97 karma points
    Sep 30, 2021 @ 11:31
    Kevin
    1

    Can we use this in Umbraco 9 ?

  • Jay 425 posts 652 karma points
    Feb 25, 2022 @ 09:33
    Jay
    0

    Was looking for the same thing for Umbraco 9 too. Can't find anything which is weird. There's an implementation in V9.3 but for members. Not sure why there's nothing for Backend User which is weird

  • RhegaF 2 posts 72 karma points
    May 13, 2024 @ 03:53
    RhegaF
    0

    Hi david

    can we custom this function authResource.verify2FACode(provider, code) ?

    looks like the authResource is auto generate by umbraco is it?

    also wheres the route of function (PostVerify2FACode) ? i dont get it the routing

  • Scott Brady 1 post 21 karma points
    May 26, 2024 @ 09:33
    Scott Brady
    0

    Hi RhegaF,

    Did you find a solution to this. It appears I am having the same issue.

Please Sign in or register to post replies

Write your reply to:

Draft