Home .net identity custom authentication
Reply: 0

.net identity custom authentication

user1115
1#
user1115 Published in May 26, 2018, 11:40 pm

I have a web API, which is used by a web application and a mobile application. Currently it uses the standard approach of username and password login. For the sake of simplicity we need to send a user a six digit code through SMS; this code combined with there phone number would grant them access to the API.

My question: Would it be possible to generate a six digit number and let the users login with a combination of this code and their phone number?

I was looking at the possibility of just adding it to the request headers and then handling this in the authentication provider, but I am not sure if there is a best practice I should be following here. Security is of high importance of course.

I could just check the headers in the provider and then have the code act accordingly. I have searched for other examples but have not found anything, so this is more a question for guidance and best approach. The code would have a one day expiration and be stored in database after being hashed.

Again, any suggestions would be most appreciated.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.310063 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO