Sitefinity Custom 2FA Authentication

💡 Idea in General

1. Create a new user in Sitefinity
2. User receives a QR code and sets up Authenticator
3. User logs in with username & password → Prompted for 2FA code
4. Login Successful!

🔗 Sample Code

• Haw Jeh GitHub - Sitefinity 2FA

---

✅ Steps

1. Add a Custom Field to User Profile

Go to:

/Sitefinity/Administration/ProfileTypes -> Basic Profile

Add a custom field – AuthCode (ShortText) in the user profile.

2. Create a New User

• Wait for email
• Set up the Authenticator app on your mobile

3. Update Advanced Settings

Go to /Sitefinity/Administration/Settings/Advanced

a. **Authentication** → Authentication protocol → Set to `SimpleWebToken`  
b. **Security** → RelyingParties → Add a new record  
   - `realm="http://<host>"`, use the same key as localhost  
c. **SecurityTokenIssuers** → Add a new record  
   - `realm="http://<host>"`, use the same key as localhost

4. Update web.config with wsFederation Settings

 <system.identityModel.services>
    <federationConfiguration>
      <wsFederation passiveRedirectEnabled="true" issuer="http://<host>/wsauth/authenticate/swt" realm="http://<host>" requireHttps="false" />
      <cookieHandler requireSsl="false" />
    </federationConfiguration>
  </system.identityModel.services>

5. Restart Sitefinity.

6. Test Login

Go to /Sitefinity, it will route you to the sample login screen

📌 Further enhancements:

• Make fields configurable, such as: – custom field name – email template
• Make it work in all Sitefinity version (Currently tested in v12.2)

📚 References

• GitHub - timw255
• GitHub Gist - rickbassham 2FA
• Code Project - Implementing 2FA Authe in ASP NET
• Sitefinity KB - Modifying Sitefinity Backend Login Page