Idea in general:
1/ Create a new user in Sitefinity
2/ User receive QR code and setup in Authenticator
3/ User login with username & password -> Prompt for 2FA code
4/ Login Successful!
Sample Code:
hawjeh/Sitefinity2fa (github.com)
Steps:
1/ Go to /Sitefinity/Administration/ProfileTypes -> Basic Profile
Add a custom field – AuthCode (ShortText) in user profile

2/ Create a new user, wait for email and setup the Authenticator in your mobile.

3/ Go to /Sitefinity/Administration/Settings/Advanced
a/ Authentication -> Authentication protocol -> set to SimpleWebToken
b/ Security -> RelyingParties -> Add a new record, and state the realm=”<host>”, key can be exactly same as the default localhost’s key.
c/ Security -> SecurityTokenIssuers -> Add a new record, and state the realm=”<host>”, key can be exactly same as the default localhost’s key.

4/ Update wsFederation at web.config

<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="http://<host>/wsauth/authenticate/swt" realm="http://<host>" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
</system.identityModel.services>
5/ Restart Sitefinity.
6/ Go to /Sitefinity, it will route you to the sample login screen


Further enhancements:
1/ Make fields configurable, such as:
– custom field name
– email template
2/ Make it work in all Sitefinity version (Currently tested in v12.2)
References:
– https://github.com/timw255/timw255.Sitefinity.TwoFactorAuthentication
– https://github.com/rickbassham/two-factor
– https://www.codeproject.com/Articles/403355/Implementing-Two-Factor-Authentication-in-ASP-NET
is this working for all the backend pages like /Sitefinity/* version 13.X onward?
LikeLike
Hi Gihan,
I believe it is working for v13.x onwards as long as we specified the Authentication protocol and security setting properly.
It is a shamed that I do not have chance to work on v13.x yet. Will further update if I came across to v13.x.
Thanks!
LikeLike
I already tried. but its after authenticated, instead of dashboard, it will redirect me back to login page
LikeLike