+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / How to custom the Sitefinity login to support two-factor authentication?

How to custom the Sitefinity login to support two-factor authentication?

2 posts, 0 answered
  1. PC
    PC avatar
    14 posts
    Registered:
    15 Apr 2013
    28 May 2013
    Link to this post
    Hi Folks,

    We're planning to use Sitefinity to implement e-Commerce site which allow user to perform online ordering after login. However, two-factor authentication is required who user is expected to input a security code after username/password login. Could anyone advice the direction or solution here? Many Thanks!!!

    Rgds,

    PC   
  2. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    21 Nov 2016
    31 May 2013
    Link to this post
    Hello,

    To authenticate based on more than one factor, a password and something else the user profile available for each user should contain for example a text field containing the data to be used as second factor in the authentication process.

    As an example I will use text field added to the basic user profile (SitefinityProfile). Go to Administration->Users and in the bottom right of the users page there is a link "manager profile types".
    Select the basic profile type of create new profile type depending on your needs.
    Each user have user profile that contains additional information for the user different than user or password.
    Add new textfield to the basic profile and the data for this field will be used as second factor in the authentication process.
    What will be the data in this textfield is going to be is something I leave to you. The profile widget can be used to prompt the user to fill this field as example with data to later be used for authentication.

    To authenticate with two factors you will need custom login widget as the built in one authenticates based on username and password.

    In the custom login widget authenticate with the built in authentication method SecurityManager.AuthenticateUser(), but before allowing authentication with username and password make additional checks for the custom field added to Sitefintiy profile and if the data in this field is validated based on custom logic allow authentication.

    //authenticate a user with
               SecurityManager.AuthenticateUser("Default", "username", "password", true);
      
               //logout user with
               SecurityManager.Logout();
               SecurityManager.DeleteAuthCookies();

    To work with user profiles refer to this documentation. If you add new field to profile get and set its value using GetValue and SetValue extension methods for which you need reference to Telerik.Sitefinity.Model.

    using Telerik.Sitefinity.Model;
      
    UserProfileManager profileManager = UserProfileManager.GetManager();
                UserManager userManager = UserManager.GetManager();
      
                User user = userManager.GetUser(userId);
      
                SitefinityProfile profile = null;
      
                if (user != null)
                {
                    profile = profileManager.GetUserProfile<SitefinityProfile>(user);
      
                    profile.FirstName = "John";
                    profile.LastName = "Doe";
                    //this get the value
                    profile.GetValue("MyField");
                    //set the value of the field
                    profile.SetValue("MyField", "New Value");
                    profileManager.SaveChanges();
                }


    Regards,
    Stefani Tacheva
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered