Adding two-factor authentication (2FA) to your web application increases the security of your user’s data. Multi-factor authentication determines the identity of a user in two steps:
- First we validate the user with an email and password
- Second we validate the user using his or her mobile device, by sending a one-time verification code
Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.
This tutorial provides instructions for using either Twilio or ASPSMS but you can use any other SMS provider.
- Creating a User Account with an SMS providerCreate a Twilio account.
- Installing additional packages or adding service referencesTwilio:
In the Package Manager Console, enter the following command:
Install-Package Twilio
Attempting to gather dependency information for package 'Twilio.5.4.0' with respect to project 'tes(2)', targeting '.NETFramework,Version=v4.5' Gathering dependency information took 938.39 ms Attempting to resolve dependencies for package 'Twilio.5.4.0' with DependencyBehavior 'Lowest' Resolving dependency information took 0 ms Resolving actions to install package 'Twilio.5.4.0' Resolved actions to install package 'Twilio.5.4.0' Retrieving package 'Twilio 5.4.0' from 'nuget.org'. GET https://api.nuget.org/packages/twilio.5.4.0.nupkg OK https://api.nuget.org/packages/twilio.5.4.0.nupkg 423ms Installing Twilio 5.4.0. Adding package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages' Added package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages' Added package 'Twilio.5.4.0' to 'packages.config' Successfully installed 'Twilio 5.4.0' to tes(2) Executing nuget actions took 10.75 sec
- Figuring out SMS Provider User credentials
From the Dashboard tab of your Twilio account, copy the Account SID and Auth token. - We will later store these values in the variables
SMSAccountIdentificationandSMSAccountPassword. - Specifying SenderID / OriginatorFrom the Numbers tab, copy your Twilio phone number.
- We will later store this value in the variable
SMSAccountFrom - Initialize Twilio under the Account Startup / Global.asax file
-
public interface ITwilioMessageSender { Task SendMessageAsync(string to, string from, string body); } public class TwilioMessageSender : ITwilioMessageSender { public TwilioMessageSender() { TwilioClient.Init(Config.AccountSid, Config.AuthToken); } public async Task SendMessageAsync(string to, string from, string body) { await MessageResource.CreateAsync(new PhoneNumber(to), from: new PhoneNumber(from), body: body); } } -
public class SmsService : IIdentityMessageService { private readonly ITwilioMessageSender _messageSender; public SmsService() : this(new TwilioMessageSender()) { } public SmsService(ITwilioMessageSender messageSender) { _messageSender = messageSender; } public async Task SendAsync(IdentityMessage message) { await _messageSender.SendMessageAsync(message.Destination, Config.TwilioNumber, message.Body); } }
Security – Never store sensitive data in your source code. The account and credentials are added to the code above to keep the sample simple
Advertisements
