Solved

implementing google-authenticator to classic asp login page  for two factor authentication

Posted on 2016-08-24
6
162 Views
Last Modified: 2016-09-23
Hi, I need to implement google-authenticator to classic asp login page for two factor authentication. I couldn't find an example on the internet. I'll be appreciated If I can get any help.
0
Comment
Question by:Aslı BESLER
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 53

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 41769682
Are you trying to use google to authenticate into a private area on your website?

Which version?  https://developers.google.com/identity/choose-auth

In short, you just need to use the code supplied on the front end that returns some information client side. From there you can set a cookie and even update your db if required.

https://developers.google.com/identity/sign-in/web/sign-in

I have an article on creating a sign in with classic asp that would work nicely with this https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html

Just substitute the form for adding the username and password for the google code.  Note that I am using cookies and not sessions. This will make it easier to integrate.

What have you tried on your own already or do you just need a start like this?
1
 

Author Comment

by:Aslı BESLER
ID: 41769908
Dear Scott,

Thank you very much for the answer.

Shortly, I need to implement two-factor authentication to the private login page of the company I've been working for.

The login page is designed with classic asp code. It contains username and password fields . I have been already using windows authentication in that page. But my boss asked me to provide a token which is sent via SMS or email after the windows authentication. This token is going to be another input on the login page and it'll be checked for validation. I thougt that maybe I could use google's mobile app for two factor auth. Just like in this article:

http://brandonpotter.com/2014/09/07/implementing-free-two-factor-authentication-in-net-using-google-authenticator/

But the problem is that all of the examples in the internet are written in asp.net or MVC.

If I don't get any other recommendation from you or somebody else, I am going to implement your method to create token. I think I can send that token via email.

Thanks a lot Scott.
0
 
LVL 53

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 41770061
I have not done much work with Active Directory but you can authenticate that way and you probably are.  Also an old solution here https://www.experts-exchange.com/questions/28077231/Classic-ASP-Active-Directory-Authentication.html#a39025197.

Once you have authenticated be it AD or User/Pass against a DB, generate your token.  If you have not done so already, create a table in the DB that tracks log ins.  You can have the UserID, Token, TimeStampGenerated, TimeStampAuthenticated, and TimeStampExpires.  

Once they authenticate with the AD, generate your token and store in the db with the UserID. Add the UserID to a cookie as well.   Then email or SMS their token or code you want them to enter.  Next pick up the cookie to read the userid and accept the code you just sent them.  You can accept either by entering in code in a form field or email a link.  When data is entered, match the UserID AND the Code to your table that tracks log ins.  If there is a match, then look up if not expired before letting them in all the way.  

That is essentially what I outlined.  To use SMS, check out https://www.twilio.com/.   Their examples are not in classic asp, but you just need to send an xmlhttppost where you build your xml data by hand.  https://www.experts-exchange.com/questions/28459564/web-service-soap-with-classic-asp.html#a40146520

if you know PHP, it may be easier to work with on that portion.  You can create your twillio procesing pages in php that accept a simple post and again use xmlhttpost in classic asp to hit those pages.
1
 

Author Comment

by:Aslı BESLER
ID: 41770108
Hi Scott,

AD part is ok. I've already done it. Now I am trying to combine, understand and implement your marvellous ideas and sendings.  I will let you know if I can knock off my issue.

Thank you very much,
Regards,
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I tend toward trying the newest hardware and software.  Thiss sometimes works out to my benefit, and sometimes not.  Because I downloaded and installed Android 5.x (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.htm…
Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effe…
This Micro Tutorial demonstrates in Google Analytics how to create a custom report that shows you traffic over time using the month of year dimensions. There are also instructions on how to fix Google's odd month of year formatting, which Microsoft …
This Micro Tutorial will demonstrate using Google Doc how to import live data to another spreadsheet in Google Spreadsheets using the IMPORTRANGE function.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question