Solved

implementing google-authenticator to classic asp login page  for two factor authentication

Posted on 2016-08-24
6
37 Views
Last Modified: 2016-09-23
Hi, I need to implement google-authenticator to classic asp login page for two factor authentication. I couldn't find an example on the internet. I'll be appreciated If I can get any help.
0
Comment
Question by:Aslı BESLER
  • 2
  • 2
6 Comments
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 500 total points
ID: 41769682
Are you trying to use google to authenticate into a private area on your website?

Which version?  https://developers.google.com/identity/choose-auth

In short, you just need to use the code supplied on the front end that returns some information client side. From there you can set a cookie and even update your db if required.

https://developers.google.com/identity/sign-in/web/sign-in

I have an article on creating a sign in with classic asp that would work nicely with this https://www.experts-exchange.com/articles/18259/User-Log-In-Using-A-Token.html

Just substitute the form for adding the username and password for the google code.  Note that I am using cookies and not sessions. This will make it easier to integrate.

What have you tried on your own already or do you just need a start like this?
1
 

Author Comment

by:Aslı BESLER
ID: 41769908
Dear Scott,

Thank you very much for the answer.

Shortly, I need to implement two-factor authentication to the private login page of the company I've been working for.

The login page is designed with classic asp code. It contains username and password fields . I have been already using windows authentication in that page. But my boss asked me to provide a token which is sent via SMS or email after the windows authentication. This token is going to be another input on the login page and it'll be checked for validation. I thougt that maybe I could use google's mobile app for two factor auth. Just like in this article:

http://brandonpotter.com/2014/09/07/implementing-free-two-factor-authentication-in-net-using-google-authenticator/

But the problem is that all of the examples in the internet are written in asp.net or MVC.

If I don't get any other recommendation from you or somebody else, I am going to implement your method to create token. I think I can send that token via email.

Thanks a lot Scott.
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 41770061
I have not done much work with Active Directory but you can authenticate that way and you probably are.  Also an old solution here https://www.experts-exchange.com/questions/28077231/Classic-ASP-Active-Directory-Authentication.html#a39025197.

Once you have authenticated be it AD or User/Pass against a DB, generate your token.  If you have not done so already, create a table in the DB that tracks log ins.  You can have the UserID, Token, TimeStampGenerated, TimeStampAuthenticated, and TimeStampExpires.  

Once they authenticate with the AD, generate your token and store in the db with the UserID. Add the UserID to a cookie as well.   Then email or SMS their token or code you want them to enter.  Next pick up the cookie to read the userid and accept the code you just sent them.  You can accept either by entering in code in a form field or email a link.  When data is entered, match the UserID AND the Code to your table that tracks log ins.  If there is a match, then look up if not expired before letting them in all the way.  

That is essentially what I outlined.  To use SMS, check out https://www.twilio.com/.   Their examples are not in classic asp, but you just need to send an xmlhttppost where you build your xml data by hand.  https://www.experts-exchange.com/questions/28459564/web-service-soap-with-classic-asp.html#a40146520

if you know PHP, it may be easier to work with on that portion.  You can create your twillio procesing pages in php that accept a simple post and again use xmlhttpost in classic asp to hit those pages.
1
 

Author Comment

by:Aslı BESLER
ID: 41770108
Hi Scott,

AD part is ok. I've already done it. Now I am trying to combine, understand and implement your marvellous ideas and sendings.  I will let you know if I can knock off my issue.

Thank you very much,
Regards,
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Learn new improvements released by Google for Google Calendar. Noted in this article are simple tips and tricks that can make your everyday use of Google Calendar better.
Whether you’re looking to gather data for research or gather feedback on an idea, being able to build and distribute your own online survey is not only cost-effective, but allows you to reach a larger audience and receive results in real-time. Googl…
This Micro Tutorial will demonstrate common damaging and frequent mistakes I see in most analytic audits. Most of them are campaign tagging mistakes, so this video will break it down into simple steps.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now