How to custom the Sitefinity login to support two-factor authentication?
Hi Folks,
We're planning to use Sitefinity to implement e-Commerce site which allow user to perform online ordering after login. However, two-factor authentication is required who user is expected to input a security code after username/password login. Could anyone advice the direction or solution here? Many Thanks!!!
Rgds,
PC
Hello,
To authenticate based on more than one factor, a password and something else the user profile available for each user should contain for example a text field containing the data to be used as second factor in the authentication process.
As an example I will use text field added to the basic user profile (SitefinityProfile). Go to Administration->Users and in the bottom right of the users page there is a link "manager profile types".
Select the basic profile type of create new profile type depending on your needs.
Each user have user profile that contains additional information for the user different than user or password.
Add new textfield to the basic profile and the data for this field will be used as second factor in the authentication process.
What will be the data in this textfield is going to be is something I leave to you. The profile widget can be used to prompt the user to fill this field as example with data to later be used for authentication.
To authenticate with two factors you will need custom login widget as the built in one authenticates based on username and password.
In the custom login widget authenticate with the built in authentication method SecurityManager.AuthenticateUser(), but before allowing authentication with username and password make additional checks for the custom field added to Sitefintiy profile and if the data in this field is validated based on custom logic allow authentication.
//authenticate a user with
SecurityManager.AuthenticateUser(
"Default"
,
"username"
,
"password"
,
true
);
//logout user with
SecurityManager.Logout();
SecurityManager.DeleteAuthCookies();
To work with user profiles refer to this documentation. If you add new field to profile get and set its value using GetValue and SetValue extension methods for which you need reference to Telerik.Sitefinity.Model.
using
Telerik.Sitefinity.Model;
UserProfileManager profileManager = UserProfileManager.GetManager();
UserManager userManager = UserManager.GetManager();
User user = userManager.GetUser(userId);
SitefinityProfile profile =
null
;
if
(user !=
null
)
profile = profileManager.GetUserProfile<SitefinityProfile>(user);
profile.FirstName =
"John"
;
profile.LastName =
"Doe"
;
//this get the value
profile.GetValue(
"MyField"
);
//set the value of the field
profile.SetValue(
"MyField"
,
"New Value"
);
profileManager.SaveChanges();