Phone Verification is an important, high-confidence step in a registration flow to verify that a user has the device they claim to have. Adding Twilio Verify to your application to validate new accounts will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.
This quickstart guides you through creating an ASP.NET Core app that requires a Phone Verification step to create an account. Two channels of Phone Verification are demoed: SMS and Voice.
Ready to add Twilio Verify to a demo app and keep the bad actors away?
Once logged in, visit the Verify Console. Click on the red 'Create New Aplication' (or big red plus ('+') if you already created one) to create a new Verify application then name it something memorable.
Twilio will redirect you to the Settings page next:
Click the eyeball icon to reveal your Production API Key, and copy it somewhere safe. You will use the API Key during the application setup step below.
Start by cloning our repository. Then, enter the directory and install dependencies:
git clone https://github.com/TwilioDevEd/account-security-csharp.git cd account-security-csharp/src/AccountSecurity dotnet restore
- Open the file
AuthyApiKeyto the API Key from the above step
When a user registers with your application, a request is made to Twilio to add that user to your App, and a
user_id is returned. In this demo, we'll store the returned
user_id in an MSSQL database.
On Windows, you can install the free SQL Server Express:
On Linux or Mac, run it as a docker container:
docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=yourStrong(!)Password' \ -p 1433:1433 --name mssql -d microsoft/mssql-server-linux:latest
Make sure your
DefaultConnection connection string in
appsettings.json is correct for your SQL Server installation. You may need to change the
localhost\\SQLEXPRESS if running MSSQL Server Express on Windows. Or, you may need to change the password if you selected a different one when starting your Docker container.
Run the database migrations to get everything up to date:
dotnet ef database update -v
That's all the setup you'll need.
Now, launch the application with:
dotnet run --environment development
Assuming your API Key is correctly entered, you'll soon get a message that the app is up!
Keeping your phone at your side, visit the Phone Verification page of the demo at https://localhost:5001/verification/
Country Code and
Phone Number, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.
You'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (enter a number on the phone keypad).
Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':
And with that, your demo app is protected with Twilio's Phone Verification!
Your demo app is now keeping fraudulent users from registering with your business and polluting your database. Next, check out all of the variables and options available to you in the Phone Verification API Reference. Also, to protect your customers in an ongoing manner (with this same codebase) try the .NET Core Authy Two-Factor Authentication Quickstart.
After that, visit the Docs for more Account Security demos and tutorials and web applications using all of Twilio's products.