diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 43 |
1 files changed, 32 insertions, 11 deletions
@@ -1,30 +1,51 @@ TwoStepsAuthenticator ===================== -.net implementation of the TOTP: Time-Based One-Time Password Algorithm<br/> -RFC 6238 http://tools.ietf.org/html/rfc6238 +.net implementation of the TOTP: Time-Based One-Time Password Algorithm and HOTP: HMAC-Based One-Time Password Algorithm<br/> +RFC 6238 http://tools.ietf.org/html/rfc6238<br> +RFC 4226 http://tools.ietf.org/html/rfc4226 -compatible with Microsoft Authenticator for Windows Phone, and Google Authenticator for Android and iPhone. +Compatible with Microsoft Authenticator for Windows Phone, and Google Authenticator for Android and iPhone. You can use this library as well for a client application (if you want to create your own authenticator) or for a server application (add two-step authentication on your asp.net website) For a client application, you need to save the secret key for your user. <br/> Then, you only have to call the method GetCode(string) : -<pre><code>var secret = user.secretAuthToken; -var authenticator = new TwoStepsAuthenticator.Authenticator(); -var code = authenticator.GetCode(secret);</code></pre> +<pre><code> +var secret = user.secretAuthToken; +var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(); +var code = authenticator.GetCode(secret); +</code></pre> On a server application, you will have to generate a secret key, and share it with the user, who will have to enter it in his own authenticator app. -<pre><code>var authenticator = new TwoStepsAuthenticator.Authenticator(); -var key = authenticator.GenerateKey();</code></pre> +<pre><code> +var key = TwoStepsAuthenticator.Authenticator.GenerateKey(); +</code></pre> When the user will login, he will have to give you the code generated by his authenticator.<br/> You can check if the code is correct with the method CheckCode(string secret, string code).<br/> If the code is incorrect, don't log him. -<pre><code>var secret = user.secretAuthToken; +<pre><code> +var secret = user.secretAuthToken; var code = Request.Form["code"]; -var authenticator = new TwoStepsAuthenticator.Authenticator(); -var isok = authenticator.CheckCode(secret, code);</code></pre> +var authenticator = new TwoStepsAuthenticator.TimeAuthenticator(); +bool isok = authenticator.CheckCode(secret, code); +</code></pre> + +Every code should only be used once. To prevent repeated use of a code a UsedCodesManager class is provided.<br> +It should be used as a singleton instance. + +<pre><code> +var usedCodesManager = new UsedCodesManager(); +var secret = user.secretAuthToken; +var code = Request.Form["code"]; +if (autenticator.CheckCode(secret, code) && usedCodesManager.IsCodeUsed(secret, code)) { + usedCodesManager.AddCode(secret, code); + // OK +} else { + // Not OK +} +</code></pre>
\ No newline at end of file |