implementing google-authenticator to classic asp login page for two factor authentication

Hi, I need to implement google-authenticator to classic asp login page for two factor authentication. I couldn't find an example on the internet. I'll be appreciated If I can get any help.
Aslı BESLERDatabase AdministratorAsked:
Who is Participating?
Scott Fell, EE MVEConnect With a Mentor Developer & EE ModeratorCommented:
I have not done much work with Active Directory but you can authenticate that way and you probably are.  Also an old solution here

Once you have authenticated be it AD or User/Pass against a DB, generate your token.  If you have not done so already, create a table in the DB that tracks log ins.  You can have the UserID, Token, TimeStampGenerated, TimeStampAuthenticated, and TimeStampExpires.  

Once they authenticate with the AD, generate your token and store in the db with the UserID. Add the UserID to a cookie as well.   Then email or SMS their token or code you want them to enter.  Next pick up the cookie to read the userid and accept the code you just sent them.  You can accept either by entering in code in a form field or email a link.  When data is entered, match the UserID AND the Code to your table that tracks log ins.  If there is a match, then look up if not expired before letting them in all the way.  

That is essentially what I outlined.  To use SMS, check out   Their examples are not in classic asp, but you just need to send an xmlhttppost where you build your xml data by hand.

if you know PHP, it may be easier to work with on that portion.  You can create your twillio procesing pages in php that accept a simple post and again use xmlhttpost in classic asp to hit those pages.
Scott Fell, EE MVEConnect With a Mentor Developer & EE ModeratorCommented:
Are you trying to use google to authenticate into a private area on your website?

Which version?

In short, you just need to use the code supplied on the front end that returns some information client side. From there you can set a cookie and even update your db if required.

I have an article on creating a sign in with classic asp that would work nicely with this

Just substitute the form for adding the username and password for the google code.  Note that I am using cookies and not sessions. This will make it easier to integrate.

What have you tried on your own already or do you just need a start like this?
Aslı BESLERDatabase AdministratorAuthor Commented:
Dear Scott,

Thank you very much for the answer.

Shortly, I need to implement two-factor authentication to the private login page of the company I've been working for.

The login page is designed with classic asp code. It contains username and password fields . I have been already using windows authentication in that page. But my boss asked me to provide a token which is sent via SMS or email after the windows authentication. This token is going to be another input on the login page and it'll be checked for validation. I thougt that maybe I could use google's mobile app for two factor auth. Just like in this article:

But the problem is that all of the examples in the internet are written in or MVC.

If I don't get any other recommendation from you or somebody else, I am going to implement your method to create token. I think I can send that token via email.

Thanks a lot Scott.
Aslı BESLERDatabase AdministratorAuthor Commented:
Hi Scott,

AD part is ok. I've already done it. Now I am trying to combine, understand and implement your marvellous ideas and sendings.  I will let you know if I can knock off my issue.

Thank you very much,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.