- Mobile being your customers’ omnipresent companion, SMS presents you with immense opportunities to strengthen existing customer connects in a multi-channel environment, primarily while sharing time-sensitive content with them.
- MAUI extends this success on mobile to embrace the desktop making it the best way to build multi-platform applications across both, especially our new devices such as the new Surface Duo.NET MAUI simplifies the choices for.NET developers, providing a single stack that supports all modern workloads: Android, iOS, macOS, and Windows.
- Speaking with MediaNama, Netcore CEO Girish Nair said that via a partnership with Verisign, the company is introducing Phone.cc, which allows each user with an Indian mobile number (beginning with.
- Barry Luijbregts January 15, 2018 Developer Tips, Tricks & Resources One of the main reasons for using.NET Core is that you can run it on multiple platforms and architectures. So you can build an app that will run on Windows, but also on Linux, macOS and on different architectures like x86 and ARM.
Netcore is headquartered in Mumbai with offices across 8 locations Mumbai Headquarters. Netcore Solutions Pvt. 8th Floor, Peninsula Towers, Peninsula Corporate Park, G. Marg, Lower Parel (W), Mumbai - 400 013.
-->By Rick Anderson and Swiss-Devs
Warning
Two factor authentication (2FA) authenticator apps, using a Time-based One-time Password Algorithm (TOTP), are the industry recommended approach for 2FA. 2FA using TOTP is preferred to SMS 2FA. For more information, see Enable QR Code generation for TOTP authenticator apps in ASP.NET Core for ASP.NET Core 2.0 and later.
This tutorial shows how to set up two-factor authentication (2FA) using SMS. Instructions are given for twilio and ASPSMS, but you can use any other SMS provider. We recommend you complete Account Confirmation and Password Recovery before starting this tutorial.
View or download sample code. How to download.
Create a new ASP.NET Core project
Create a new ASP.NET Core web app named Web2FA
with individual user accounts. Follow the instructions in Enforce HTTPS in ASP.NET Core to set up and require HTTPS.
Create an SMS account
Create an SMS account, for example, from twilio or ASPSMS. Record the authentication credentials (for twilio: accountSid and authToken, for ASPSMS: Userkey and Password).
Figuring out SMS Provider credentials
Twilio:
From the Dashboard tab of your Twilio account, copy the Account SID and Auth token.
ASPSMS:
From your account settings, navigate to Userkey and copy it together with your Password.
We will later store these values in with the secret-manager tool within the keys SMSAccountIdentification
and SMSAccountPassword
.
Specifying SenderID / Originator
Twilio:From the Numbers tab, copy your Twilio phone number.
ASPSMS:Within the Unlock Originators Menu, unlock one or more Originators or choose an alphanumeric Originator (Not supported by all networks).
We will later store this value with the secret-manager tool within the key SMSAccountFrom
.
Provide credentials for the SMS service
We'll use the Options pattern to access the user account and key settings.
- Create a class to fetch the secure SMS key. For this sample, the
SMSoptions
class is created in the Services/SMSoptions.cs file.
Set the SMSAccountIdentification
, SMSAccountPassword
and SMSAccountFrom
with the secret-manager tool. For example:
- Add the NuGet package for the SMS provider. From the Package Manager Console (PMC) run:
Twilio:
Install-Package Twilio
ASPSMS:
Install-Package ASPSMS
- Add code in the Services/MessageServices.cs file to enable SMS. Use either the Twilio or the ASPSMS section:
Twilio:
ASPSMS:
Netcore Mobile Phones & Portable Devices Driver Download
Configure startup to use SMSoptions
Add SMSoptions
to the service container in the ConfigureServices
method in the Startup.cs:
Enable two-factor authentication
Open the Views/Manage/Index.cshtml Razor view file and remove the comment characters (so no markup is commented out).
Log in with two-factor authentication
- Run the app and register a new user
- Tap on your user name, which activates the
Index
action method in Manage controller. Then tap the phone number Add link.
- Add a phone number that will receive the verification code, and tap Send verification code.
- You will get a text message with the verification code. Enter it and tap Submit
If you don't get a text message, see twilio log page.
- The Manage view shows your phone number was added successfully.
- Tap Enable to enable two-factor authentication.
Netcore Mobile Phones & Portable Devices Driver Downloads
Test two-factor authentication
Log off.
Log in.
The user account has enabled two-factor authentication, so you have to provide the second factor of authentication . In this tutorial you have enabled phone verification. The built in templates also allow you to set up email as the second factor. You can set up additional second factors for authentication such as QR codes. Tap Submit.
Enter the code you get in the SMS message.
Clicking on the Remember this browser check box will exempt you from needing to use 2FA to log on when using the same device and browser. Enabling 2FA and clicking on Remember this browser will provide you with strong 2FA protection from malicious users trying to access your account, as long as they don't have access to your device. You can do this on any private device you regularly use. By setting Remember this browser, you get the added security of 2FA from devices you don't regularly use, and you get the convenience on not having to go through 2FA on your own devices.
Account lockout for protecting against brute force attacks
Account lockout is recommended with 2FA. Once a user signs in through a local account or social account, each failed attempt at 2FA is stored. If the maximum failed access attempts is reached, the user is locked out (default: 5 minute lockout after 5 failed access attempts). A successful authentication resets the failed access attempts count and resets the clock. The maximum failed access attempts and lockout time can be set with MaxFailedAccessAttempts and DefaultLockoutTimeSpan. The following configures account lockout for 10 minutes after 10 failed access attempts:
Confirm that PasswordSignInAsync sets lockoutOnFailure
to true
: