two-factor authentication using google authenticator

Is there any way to implement two-factor authentication using google authenticator within a COT solution?
1 person has
this question
+1
Reply
  • Patrick,

    Configure authentication with Google as explained at http://codeontime.com/learn/security/.... This feature requires Unlimited Edition.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Thank you for the quick reply, but reading this it doesn't tell me how to implement two-factor authentication. It tells me how the implement google login, which isn't I'm looking for.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • 1
    Patrick,
    I have integrated Google Two-Factor-Authentication with several of my CodeOnTime projects, but it's not easy for those who have never done it before. If you don't have experience creating C# business rules, its pretty much impossible.

    If you do have experience creating C# business rules, you have to customize your MyProfile controller to add the additional field for capturing the 2 factor code, and then use a calculate command to send the information back to the server for validation and either refocus on the 2FA field on error, or allow them to proceed to the next field upon successful validation. The 2FA code needs to be marked as a required field.

    You have to extend the calculate functionality by creating a custom partial class and put your logic in there to validate and display a message of success or failure:

    public partial class MyProfileBusinessRules : MyProfileBusinessRulesBase
    {

    [ControllerAction("MyProfile", "loginForm", "Calculate", ActionPhase.Execute)]
    protected virtual void ValidateUser(string username, string password, string TwoFactorCode)
    • view 1 more comment
    • Dave, did you modified the membership tables to store the user secret?
    • I did not store any 2 factor data in the membership tables. I took the email address of the user, made it all uppercase and added a salted string to the end of it to make it unique for each users email address when I created the IR code. Then on my business rule for validating the PIN I made the inputted email address all uppercase and added the same global salt string to the end of the email (just in case someone happens to change the case of the email address). The end user doesn't need to know the salted string, all they know is their email address. The way I have it implemented, if I change the salted string on the login code, I have to change it in the code for the IR code generation and every user would have to re-enroll with a new updated code.

      There are a ton of different ways this could be implemented for your own specific needs, but this was the quick and dirty for me. I might change it down the road so that everyone might not have to re-enroll if the salted string changes, but for now its working.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Instead of actually implementing 2-factor auth within the app, is it possible to utilize 2-factor from one of the External Authentication providers?

    In not, for COT, it would be a great blog post or video to show a step-by-step implementation of 2-factor auth.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated