• Home
  • Resume
  • Blog

Sitefinity Custom 2FA Authentication

sitefinity | NET, CMS, Sitefinity | 2021-05-20

hawjeh 2024 all right reserve.

0g of CO2 is produced loading this sustainable web page.

Only tested in V12.x

Idea in general

  1. Create a new user in Sitefinity
  2. User receive QR code and setup in Authenticator
  3. User login with username & password -> Prompt for 2FA code
  4. Login Successful!

Sample Code

  • Haw Jeh GitHub - Sitefinity 2FA

Steps

  1. Go to
/Sitefinity/Administration/ProfileTypes -> Basic Profile
Add a custom field – AuthCode (ShortText) in user profile

screen1

  1. Create a new user, wait for email and setup the Authenticator in your mobile.

screen2

  1. Go to /Sitefinity/Administration/Settings/Advanced

    a. Authentication -> Authentication protocol -> set to SimpleWebToken

    b. Security -> RelyingParties -> Add a new record, and state the realm=”(host)”, key can be exactly same as the default localhost’s key.

    c. Security -> SecurityTokenIssuers -> Add a new record, and state the realm=”(host)”, key can be exactly same as the default localhost’s key.

screen3

  1. Update wsFederation at web.config
 <system.identityModel.services>
    <federationConfiguration>
      <wsFederation passiveRedirectEnabled="true" issuer="http://<host>/wsauth/authenticate/swt" realm="http://<host>" requireHttps="false" />
      <cookieHandler requireSsl="false" />
    </federationConfiguration>
  </system.identityModel.services>

  1. Restart Sitefinity.

  2. Go to /Sitefinity, it will route you to the sample login screen

screen4

Further enhancements:

  1. Make fields configurable, such as: – custom field name – email template

  2. Make it work in all Sitefinity version (Currently tested in v12.2)

References

  • GitHub - timw255
  • GitHub Gist - rickbassham 2FA
  • Code Project - Implementing 2FA Authe in ASP NET
  • Sitefinity KB - Modifying Sitefinity Backend Login Page