Set up SMS for Two-factor authentication with Twilio

Adding two-factor authentication (2FA) to your web application increases the security of your user’s data. Multi-factor authentication determines the identity of a user in two steps:

  • First we validate the user with an email and password
  • Second we validate the user using his or her mobile device, by sending a one-time verification code

Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.

This tutorial provides instructions for using either Twilio or ASPSMS but you can use any other SMS provider.

  1. Creating a User Account with an SMS providerCreate a Twilio account.
  2. Installing additional packages or adding service referencesTwilio:
    In the Package Manager Console, enter the following command:
    Install-Package Twilio
Attempting to gather dependency information for package 'Twilio.5.4.0' with respect to project 'tes(2)', targeting '.NETFramework,Version=v4.5'
Gathering dependency information took 938.39 ms
Attempting to resolve dependencies for package 'Twilio.5.4.0' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Twilio.5.4.0'
Resolved actions to install package 'Twilio.5.4.0'
Retrieving package 'Twilio 5.4.0' from 'nuget.org'.
 GET https://api.nuget.org/packages/twilio.5.4.0.nupkg
 OK https://api.nuget.org/packages/twilio.5.4.0.nupkg 423ms
Installing Twilio 5.4.0.
Adding package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to 'packages.config'
Successfully installed 'Twilio 5.4.0' to tes(2)
Executing nuget actions took 10.75 sec
  • Figuring out SMS Provider User credentialsFrom the Dashboard tab of your Twilio account, copy the Account SID and Auth token.
  • We will later store these values in the variables SMSAccountIdentification and SMSAccountPassword .
  • Specifying SenderID / OriginatorFrom the Numbers tab, copy your Twilio phone number.
  • We will later store this value in the variable SMSAccountFrom
  • Initialize Twilio under the Account Startup / Global.asax file
  • public interface ITwilioMessageSender
        {
            Task SendMessageAsync(string to, string from, string body);
        }
        public class TwilioMessageSender : ITwilioMessageSender
        {
            public TwilioMessageSender()
            {
                TwilioClient.Init(Config.AccountSid, Config.AuthToken);
            }
    
            public async Task SendMessageAsync(string to, string from, string body)
            {
                await MessageResource.CreateAsync(new PhoneNumber(to),
                                                  from: new PhoneNumber(from),
                                                  body: body);
            }
        }
  • public class SmsService : IIdentityMessageService
        {
            private readonly ITwilioMessageSender _messageSender;
    
            public SmsService() : this(new TwilioMessageSender()) { }
    
            public SmsService(ITwilioMessageSender messageSender)
            {
                _messageSender = messageSender;
            }
    
            public async Task SendAsync(IdentityMessage message)
            {
                await _messageSender.SendMessageAsync(message.Destination,
                                                      Config.TwilioNumber,
                                                      message.Body);
            }
        }
    

Security – Never store sensitive data in your source code. The account and credentials are added to the code above to keep the sample simple

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s