Set up SMS for Two-factor authentication with Twilio

Adding two-factor authentication (2FA) to your web application increases the security of your user’s data. Multi-factor authentication determines the identity of a user in two steps:

• First we validate the user with an email and password
• Second we validate the user using his or her mobile device, by sending a one-time verification code

Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.

This tutorial provides instructions for using either Twilio or ASPSMS but you can use any other SMS provider.

1. Creating a User Account with an SMS providerCreate a Twilio account.
2. Installing additional packages or adding service referencesTwilio:
   In the Package Manager Console, enter the following command:
   Install-Package Twilio

Attempting to gather dependency information for package 'Twilio.5.4.0' with respect to project 'tes(2)', targeting '.NETFramework,Version=v4.5'
Gathering dependency information took 938.39 ms
Attempting to resolve dependencies for package 'Twilio.5.4.0' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Twilio.5.4.0'
Resolved actions to install package 'Twilio.5.4.0'
Retrieving package 'Twilio 5.4.0' from 'nuget.org'.
 GET https://api.nuget.org/packages/twilio.5.4.0.nupkg
 OK https://api.nuget.org/packages/twilio.5.4.0.nupkg 423ms
Installing Twilio 5.4.0.
Adding package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to 'packages.config'
Successfully installed 'Twilio 5.4.0' to tes(2)
Executing nuget actions took 10.75 sec

• Figuring out SMS Provider User credentialsFrom the Dashboard tab of your Twilio account, copy the Account SID and Auth token.
• We will later store these values in the variables SMSAccountIdentification and SMSAccountPassword .
• Specifying SenderID / OriginatorFrom the Numbers tab, copy your Twilio phone number.
• 
• We will later store this value in the variable SMSAccountFrom
• Initialize Twilio under the Account Startup / Global.asax file

• public interface ITwilioMessageSender
      {
          Task SendMessageAsync(string to, string from, string body);
      }
      public class TwilioMessageSender : ITwilioMessageSender
      {
          public TwilioMessageSender()
          {
              TwilioClient.Init(Config.AccountSid, Config.AuthToken);
          }
  
          public async Task SendMessageAsync(string to, string from, string body)
          {
              await MessageResource.CreateAsync(new PhoneNumber(to),
                                                from: new PhoneNumber(from),
                                                body: body);
          }
      }

• public class SmsService : IIdentityMessageService
      {
          private readonly ITwilioMessageSender _messageSender;
  
          public SmsService() : this(new TwilioMessageSender()) { }
  
          public SmsService(ITwilioMessageSender messageSender)
          {
              _messageSender = messageSender;
          }
  
          public async Task SendAsync(IdentityMessage message)
          {
              await _messageSender.SendMessageAsync(message.Destination,
                                                    Config.TwilioNumber,
                                                    message.Body);
          }
      }
  

Security – Never store sensitive data in your source code. The account and credentials are added to the code above to keep the sample simple