Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

implementing google-authenticator to classic asp login page  for two factor authentication

Posted on 2016-08-24
6
Medium Priority
?
272 Views
Last Modified: 2016-09-23
Hi, I need to implement google-authenticator to classic asp login page for two factor authentication. I couldn't find an example on the internet. I'll be appreciated If I can get any help.
0
Comment
Question by:Aslı BESLER
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 2000 total points
ID: 41769682
Are you trying to use google to authenticate into a private area on your website?

Which version?  https://developers.google.com/identity/choose-auth

In short, you just need to use the code supplied on the front end that returns some information client side. From there you can set a cookie and even update your db if required.

https://developers.google.com/identity/sign-in/web/sign-in

I have an article on creating a sign in with classic asp that would work nicely with this https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html

Just substitute the form for adding the username and password for the google code.  Note that I am using cookies and not sessions. This will make it easier to integrate.

What have you tried on your own already or do you just need a start like this?
1
 

Author Comment

by:Aslı BESLER
ID: 41769908
Dear Scott,

Thank you very much for the answer.

Shortly, I need to implement two-factor authentication to the private login page of the company I've been working for.

The login page is designed with classic asp code. It contains username and password fields . I have been already using windows authentication in that page. But my boss asked me to provide a token which is sent via SMS or email after the windows authentication. This token is going to be another input on the login page and it'll be checked for validation. I thougt that maybe I could use google's mobile app for two factor auth. Just like in this article:

http://brandonpotter.com/2014/09/07/implementing-free-two-factor-authentication-in-net-using-google-authenticator/

But the problem is that all of the examples in the internet are written in asp.net or MVC.

If I don't get any other recommendation from you or somebody else, I am going to implement your method to create token. I think I can send that token via email.

Thanks a lot Scott.
0
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 2000 total points
ID: 41770061
I have not done much work with Active Directory but you can authenticate that way and you probably are.  Also an old solution here https://www.experts-exchange.com/questions/28077231/Classic-ASP-Active-Directory-Authentication.html#a39025197.

Once you have authenticated be it AD or User/Pass against a DB, generate your token.  If you have not done so already, create a table in the DB that tracks log ins.  You can have the UserID, Token, TimeStampGenerated, TimeStampAuthenticated, and TimeStampExpires.  

Once they authenticate with the AD, generate your token and store in the db with the UserID. Add the UserID to a cookie as well.   Then email or SMS their token or code you want them to enter.  Next pick up the cookie to read the userid and accept the code you just sent them.  You can accept either by entering in code in a form field or email a link.  When data is entered, match the UserID AND the Code to your table that tracks log ins.  If there is a match, then look up if not expired before letting them in all the way.  

That is essentially what I outlined.  To use SMS, check out https://www.twilio.com/.   Their examples are not in classic asp, but you just need to send an xmlhttppost where you build your xml data by hand.  https://www.experts-exchange.com/questions/28459564/web-service-soap-with-classic-asp.html#a40146520

if you know PHP, it may be easier to work with on that portion.  You can create your twillio procesing pages in php that accept a simple post and again use xmlhttpost in classic asp to hit those pages.
1
 

Author Comment

by:Aslı BESLER
ID: 41770108
Hi Scott,

AD part is ok. I've already done it. Now I am trying to combine, understand and implement your marvellous ideas and sendings.  I will let you know if I can knock off my issue.

Thank you very much,
Regards,
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of my favorite tools to use with Google Drive is the offline access. Setting up offline access for Google Drive makes it easier for users to edit and view their docs, sheets and slides without Internet connection. Follow these steps to learn how…
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
This Micro Tutorial will demonstrate importing calendar invites from events such as webinars into your Google Calendar.
This Micro Tutorial will demonstrate Google Calendar to monitor updates with top sites, such as Facebook, Google, Twitter, etc. with Marketing News. Each update of Google Calendar can be monitored, correlate dips and spikes in your website traffic, …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question