Allow user to chose how the passcode is sent for multi-factor authentication

Jessica Knaak asked on August 15, 2018 07:24

I have customized the logon form webpart to do the following:

  1. Enter user name and password (this is the regular functionality)
  2. Click Logon (regular functionality)
  3. If multi-factor auth is turned on (which is true by default), it will send either and email or text message accordingly to your settings in the admin (I added some custom fields on the user and am checking those)
  4. When you enter the passcode, you have the ability to turn off multi-factor auth.

The problem I'm having is that I need to be able to give the user the ability to decide how they would like the multi-factor passcode sent to them (either email or text).

Is there a way to stop the passcode from being sent when you hit login and show the "How would you like the passcode sent to you?" question?

I don't want the question to show right away because if the user has logged in before, and turned off multi-factor, that question doesn't make any sense to the user. Any ideas would be greatly appreciated. Thanks!

Correct Answer

Dragoljub Ilic answered on August 15, 2018 15:30

Hi Jessica,

You can retrive user information before submit with this kind of example, where you can modify layout of Logon webpart on this way:

<script runat="server">
    public bool IsAuthDisabled(string userName)
    {
        var user = CMS.Membership.UserInfoProvider.GetUsers().WhereEquals("UserName", userName).Column("UserCustomField");
        if (!DataHelper.DataSourceIsEmpty(user))
        {
            return ValidationHelper.GetBoolean(user.Tables[0].Rows[0]["UserCustomField"], false);
        }
        return false;
    }

    protected void UserName_TextChanged(object sender, EventArgs e)
    {
        TextBox txtUserName = (TextBox)sender;
        if (IsAuthDisabled(txtUserName.Text))
        {
            //Hide
        }
        else
        {
             //Show
        }
    }
</script>

Also it's required to add this change on UserName TextBox as well: <cms:CMSTextBox ID="UserName" runat="server" AutoPostback="true" OnTextChanged="UserName_TextChanged"/>

In this way, you can retrieve custom field for the user based on entered username before user exactly log in on the page.

NOTE: I will suggest you to clone LogonForm web part and customize there directly what you need, to make code clean.

Best regards, Dragoljub

1 votesVote for this answer Unmark Correct answer

Recent Answers

Arun Kumar answered on August 15, 2018 07:58

Hi,

You can customize the multi factor authentication using custom module which will override the mnultifactor execute event. See this post for reference.

0 votesVote for this answer Mark as a Correct answer

Jessica Knaak answered on August 15, 2018 08:09

Thank you Arun for the post. This is the documentation I went off of to custom this event. I have all of that working, what I need, is to be able to show two hidden fields and have the user pick one before this code is executed. That's what I'm not sure about because I'm not sure how to get the user data but but not trigger this code before I have the input I need.

0 votesVote for this answer Mark as a Correct answer

Arun Kumar answered on August 15, 2018 08:40

To add custom fields you can add them in User table using Modules -> Membership -> Users -> Fields and to display them to login form you can either create a copy if the existing login form or modify the existing one(preferred to clone the existing one) which you can find under CMS -> CMSPages -> logon.aspx and then use your new fields in that form. To change the login form for website to use your new form you can set that in Setings -> Security & Membership under Content section.

0 votesVote for this answer Mark as a Correct answer

Jessica Knaak answered on August 15, 2018 16:37

Thank you Dragoljub Ilic that worked great.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.