Set up SMS for Two-factor authentication with Twilio

Adding two-factor authentication (2FA) to your web application increases the security of your user’s data. Multi-factor authentication determines the identity of a user in two steps:

  • First we validate the user with an email and password
  • Second we validate the user using his or her mobile device, by sending a one-time verification code

Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.

This tutorial provides instructions for using either Twilio or ASPSMS but you can use any other SMS provider.

  1. Creating a User Account with an SMS providerCreate a Twilio account.
  2. Installing additional packages or adding service referencesTwilio:
    In the Package Manager Console, enter the following command:
    Install-Package Twilio
Attempting to gather dependency information for package 'Twilio.5.4.0' with respect to project 'tes(2)', targeting '.NETFramework,Version=v4.5'
Gathering dependency information took 938.39 ms
Attempting to resolve dependencies for package 'Twilio.5.4.0' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Twilio.5.4.0'
Resolved actions to install package 'Twilio.5.4.0'
Retrieving package 'Twilio 5.4.0' from ''.
 OK 423ms
Installing Twilio 5.4.0.
Adding package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to folder 'C:\Users\iulluc\Documents\Visual Studio 2015\Projects\tes\packages'
Added package 'Twilio.5.4.0' to 'packages.config'
Successfully installed 'Twilio 5.4.0' to tes(2)
Executing nuget actions took 10.75 sec
  • Figuring out SMS Provider User credentialsFrom the Dashboard tab of your Twilio account, copy the Account SID and Auth token.
  • We will later store these values in the variables SMSAccountIdentification and SMSAccountPassword .
  • Specifying SenderID / OriginatorFrom the Numbers tab, copy your Twilio phone number.
  • We will later store this value in the variable SMSAccountFrom
  • Initialize Twilio under the Account Startup / Global.asax file
  • public interface ITwilioMessageSender
            Task SendMessageAsync(string to, string from, string body);
        public class TwilioMessageSender : ITwilioMessageSender
            public TwilioMessageSender()
                TwilioClient.Init(Config.AccountSid, Config.AuthToken);
            public async Task SendMessageAsync(string to, string from, string body)
                await MessageResource.CreateAsync(new PhoneNumber(to),
                                                  from: new PhoneNumber(from),
                                                  body: body);
  • public class SmsService : IIdentityMessageService
            private readonly ITwilioMessageSender _messageSender;
            public SmsService() : this(new TwilioMessageSender()) { }
            public SmsService(ITwilioMessageSender messageSender)
                _messageSender = messageSender;
            public async Task SendAsync(IdentityMessage message)
                await _messageSender.SendMessageAsync(message.Destination,

Security – Never store sensitive data in your source code. The account and credentials are added to the code above to keep the sample simple

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.