-
Notifications
You must be signed in to change notification settings - Fork 10
External Authentication Two Factor Authentication
Being able to authenticate with popular platforms can make both registration easier for your users, and possibly more secure (if they enable various Multi-Factor Authentication features with those services).
The Baseline follows Microsoft Authentication Documentation in enabling either Google, Facebook, Twitter, or Microsoft authentication services.
To enable any of these, simply uncomment out the appropriate authentication sections in the StartupConfig.cs, and then add the appropriate Settings keys in your AppSettings.json.
services.AddAuthentication()
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/?view=aspnetcore-6.0&tabs=visual-studio
/*.AddGoogle("Google", opt =>
{
var googleAuth = Configuration.GetSection("Authentication:Google");
opt.ClientId = googleAuth["ClientId"];
opt.ClientSecret = googleAuth["ClientSecret"];
opt.SignInScheme = IdentityConstants.ExternalScheme;
opt.EventsType = typeof(SiteSettingsOauthAuthenticationEvents);
}).AddFacebook("Facebook", opt =>
{
var facebookAuth = Configuration.GetSection("Authentication:Facebook");
opt.AppId = facebookAuth["AppId"];
opt.AppSecret = facebookAuth["AppSecret"];
opt.SignInScheme = IdentityConstants.ExternalScheme;
opt.EventsType = typeof(SiteSettingsFacebookOauthAuthenticationEvents);
}).AddTwitter(opt =>
{
var twitterAuth = Configuration.GetSection("Authentication:Twitter");
opt.ConsumerKey = twitterAuth["APIKey"];
opt.ConsumerSecret = twitterAuth["APIKeySecret"];
opt.RetrieveUserDetails = true;
opt.EventsType = typeof(SiteSettingsTwitterOauthAuthenticationEvents);
}).AddMicrosoftAccount(opt =>
{
var microsoftAuth = Configuration.GetSection("Authentication:Microsoft");
opt.ClientId = microsoftAuth["ClientId"];
opt.ClientSecret = microsoftAuth["ClientSecret"];
opt.EventsType = typeof(SiteSettingsOauthAuthenticationEvents);
})*/
// Baseline Configuration of External Authentication
.ConfigureAuthentication(config =>
{
config.ExistingInternalUserBehavior = Models.Account.ExistingInternalUserBehavior.SetToExternal;
config.FacebookUserRoles.Add("facebook-user");
});The Baseline has an extension method to the AuthenticationBuilder called ConfigureAuthentication(config => ). This allows you to do the following:
- Add custom roles to be applied to various external authenticated users upon registration
- determine behavior if an internal user already exists
- Enable/Disable Two Form Authentication
Feel free to adjust the Login.cshtml view to adjust how these sign on buttons should appear.
Another option to help secure your site is to enable Two Form Authentication. The Baseline has built into it an email based token verification, and can be enabled through the authenticationBuilder.ConfigureAuthentication extension:
services.AddAuthentication()
// Baseline Configuration of External Authentication
.ConfigureAuthentication(config =>
{
config.UseTwoFormAuthentication = false;
});This normally would use the SignInManager.TwoFactorAuthenticatorSignInAsync method, however It was continually returning Failed, so instead the code verifies the token and manually signs in the user then.
You can follow a similar model for SNS text message codes by simply texting the code vs. emailing it (see LogInController.LogIn await _userService.SendVerificationCodeEmailAsync(actualUser, token);).
- Solution architecture
- Feature Folders
- Page Template View Component
- Interface Model Implementation Map
- Cache Dependency Building and Async
- Post Redirect Get
- Front End Asset (CSS/JS Parsing
- Navigation
- Page Builder Header/Footer
- SEO Meta Data
- Navigation Redirection
- Page Types
- Partial Widget Page / ShareableContent
- Widgets
- Account Management
- External Authentication/Two Factor Authentication
- Ecommerce Ready
- Error Pages
- Sitemap
- Robots.txt
- Form Bootstrapification
- Bundling css/javascript + Gzip
- Bootstrap and Containers