Use Microsoft Authenticatior App for forgot password

We have an application in Asp.net Webform. We must use passwordless sign-in using Microsoft Authenticator App. Basically, the user enters samAccountName, and the system must check Microsoft Authenticator App for approval, and based on the response we have to redirect to change the password screen.

We have a login module that validates our username password with the internal Active directory. We cannot implement a new authentication model now. We just need validation using the Microsoft Authenticator app after approval from the app we need to redirect to the change password screen there we will change the AD account password.

Where do I start with? Plz Help give some idea

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You should start from the the AspNet Identity Package.

This will give you the basic DB infrastructure to store the authentication data of your app. You can find details here:

• https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity#get-started-with-aspnet-identity

and more in depth here:

• https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project

Once you have the basic infrastructures and all the tables in place, then you can extend your authentication mechanism with 2FA.

A good tutorial I found is this one, which shows you how to extend ASP.NET Identity with 2FA TOTP tokens:

• https://www.domstamand.com/two-factor-authentication-in-asp-net-identity-3-using-totp-authenticator/

Once you have everything in place, then you can simply call a redirect to the ResetPassword action when the 2FA request gets validated.

Hope this will help you. Your question is too broad to provide any kind of code snippet.

Method 2

I have achieved this by using OpenID connect. I did the below.

1. I have registered an application in Azure and enable MFA(Passwordless method) for my tenant. Important: Please configure the redirect URI here. For example your application is running http://localhost:8088 then configure the respective Url.
2. Copied ClientId, TenantId, redirect URI and then added as the configuration in my application configuration

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0