Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

SMS Two-Factor Authentication with C# and ASP.NET MVC

Download the Code

This ASP.NET application example demonstrates how to implement an SMS two-factor authentication using Twilio.

To run this application yourself download the code and follow the instructions on GitHub.

Adding two-factor authentication (2FA) to your web application increases the security of your user's data. Multi-factor authentication determines the identity of a user in two steps:

  1. First we validate the user with an email and password
  2. Second we validate the user using his or her mobile device, by sending a one-time verification code

Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.

Loading Code Sample...
      
      
      
      
      SMS2FA.Web/App_Start/IdentityConfig.cs

      For a more advanced - and more secure - integration using Authy One-Touch, checkout this tutorial.

      Intuit uses Twilio SMS to protect 1M+ businesses from online security threats. Read why they chose Twilio.

      Let's get started!

      Adding Two-Factor Authentication

      This application uses ASP.NET Identity to manage authentication. In order to send verification codes through SMS, we need to create an implementation of IIdentityMessageService.

      Loading Code Sample...
          
          
          
          
          SMS2FA.Web/App_Start/IdentityConfig.cs

          Configure SmsService to use our TwilioMessageSender

          SMS2FA.Web/App_Start/IdentityConfig.cs

          On this implementation we are just calling TwilioMessageSender.SendMessageAsync with the verification code message. This class is a wrapper around the Twilio Rest Client, and encapsulates the logic to send an SMS message through Twilio. Let's see how that's done next.

          Sending the SMS with Twilio

          Using Twilio to send SMS

          The Twilio C# helper library allows us to easily send an SMS.

          First we have to initialize the Twilio Rest Client with our credentials. Now all we have to do to send an SMS using the REST API is to call MessageResource.CreateAsync() with the necessary parameters.

          Loading Code Sample...
              
              
              
              
              SMS2FA.Web/Domain/Twilio/TwilioMessageSender.cs

              A helper class to wrap the calls to the Twilio API

              SMS2FA.Web/Domain/Twilio/TwilioMessageSender.cs

              You can find your credentials at your Twilio Account.

              Next, we need to register a two-factor provider.

              Registering a Two-Factor Provider

              Registering a Two-Factor Provider

              Individual User Accounts authentication provides Two-Factor authentication almost ready out of the box. To setup 2-step authentication you have to register the right provider for your application.

              We are registering the PhoneNumberTokenProvider to send text messages.

              Loading Code Sample...
                  
                  
                  
                  
                  SMS2FA.Web/App_Start/IdentityConfig.cs

                  Register the PhoneNumberTokenProvider to send text messages

                  SMS2FA.Web/App_Start/IdentityConfig.cs

                  Next, let's take a look at how we would send a verification code in an SMS with Twilio.

                  Sending the Verification Code

                  Sending the Verification Code

                  When a user tries to login, the application needs to make sure the user possesses the phone number they entered.

                  We have a Two-Factor authentication provider registered, which will be used to to send a 6-digit validation code to validate the login.

                  Loading Code Sample...
                      
                      
                      
                      
                      SMS2FA.Web/Controllers/AccountController.cs

                      Sending the Verification Code

                      SMS2FA.Web/Controllers/AccountController.cs

                      Now let's verify the user's code.

                      Verifying the Code

                      Verifying the Code

                      The user needs to have logged in with their credentials.

                      TwoFactorSignInAsync takes care of protecting the application against brute force attacks by using an expirable verification code. If the user enters incorrect codes their account will be locked out.

                      If the validation was successful the application allows the user to have access to the protected content. Otherwise the application will prompt for the validation code once again.

                      Loading Code Sample...
                          
                          
                          
                          
                          SMS2FA.Web/Controllers/AccountController.cs

                          Verifying the Code

                          SMS2FA.Web/Controllers/AccountController.cs

                          That's it! We've just implemented an SMS Two-Factor Authenticated application.

                          Where to next?

                          Where to next?

                          If you're a ASP.NET developer working with Twilio, you might want to check out these other tutorials.

                          Automated Survey

                          Instantly collect structured data from your users with a survey conducted over a call or SMS text messages.

                          Click to Call

                          Click-to-call enables your company to convert web traffic into phone calls with the click of a button. Learn how to implement it in minutes.

                          Did this help?

                          Thanks for checking this tutorial out! If you have any feedback to share with us, we'd love to hear it. Contact us on Twiiter to let us know what you think.

                          Jose Oliveros Agustin Camino Andrew Baker David Prothero Kat King Hector Ortega

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

                          Loading Code Sample...