Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Yoadd 6 posts 76 karma points
    Aug 15, 2022 @ 10:35
    Yoadd
    0

    Implementing custom 2FA for members

    Our project requires two login methods for members (just to clarify, the login is in razor page, not the login to the backoffice):

    1. Log in via username and password. (implemented using Login macro snippet).

    2. Log in via 2FA - entering mobile phone, receiving code and submitting it.

    Is there a built-in functionality in Umbraco that allows a member to login via entering their mobile phone and submitting the code?

    The Login macro snippet in Umbraco has a 2FA code but it relies on external providers. We'd like to implement our own custom 2FA.

    The documentation lacks an explanation on creating a custom 2FA that does not rely on external providers such as Google or Facebook.

    Any help would be appreciated.

  • Damian 74 posts 397 karma points
    Aug 15, 2022 @ 17:52
    Damian
    0

    We've just implemented 2FA-membership for a client using https://our.umbraco.com/Documentation/Reference/Security/Two-factor-authentication/index-v930 as a starting point.

    It's certainly possible too 100% roll-your-own but that is a huge task! I'm all for full-control and the only third-party package (or similar) I'd consider putting into a project is usync (#h5yr!) - everything else is ours with no outside dependency... That being said, 2FA is a place where I bend as I'm not looking to also develop an app, etc… ;)

    I'd encourage deference to google or other provider if that extra layer of safety is truly important. The noted documentation is right to call out, at the very bottom,:

    ~"a one-time password on e-mail or phone (…) are not considered as secure as App Authentication"

    Hopefully the link helps get you started. Happy coding to ya', whatever you end up deciding to implement.

Please Sign in or register to post replies

Write your reply to:

Draft