NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: urayoan on February 18, 2021, 08:57:03 AM

Title: Multi Factor Authentication
Post by: urayoan on February 18, 2021, 08:57:03 AM: Hello everyone. Any ideas or maybe APIs to implement two factor authentication in NetTalk web applications?

Sadly, this needs to be an alternative to SECWIN

Thanks in advance
Title: Re: Multi Factor Authentication
Post by: Niels Larsen on February 18, 2021, 11:57:11 PM: Hi
I send an sms to the registered user with a 5 digit code which is used for validation.
I use Vonage API (formerly Nexmo) - it's cheap and very easy to use.

net.SetAllHeadersDefault()
net.SetContentType('form')
net.SetValue('api_key','xxxxxxxx')
net.SetValue('api_secret','xxxxxxxxxxxxxxxx')
st.SetValue(clip(pText))
st.ToUnicode(st:EncodeUtf8,st:CP_WINDOWS_1258)

net.SetValue('text',st.GetValue())
net.SetValue('from','Bazic Validation')
net.SetValue('to',pNummer)
net.Post('https://rest.nexmo.com/sms/json')
Title: Re: Multi Factor Authentication
Post by: urayoan on February 19, 2021, 03:45:37 AM: Thank you very much Neils. I will check

Quote from: Niels Larsen on February 18, 2021, 11:57:11 PM
Hi
I send an sms to the registered user with a 5 digit code which is used for validation.
I use Vonage API (formerly Nexmo) - it's cheap and very easy to use.

net.SetAllHeadersDefault()
net.SetContentType('form')
net.SetValue('api_key','xxxxxxxx')
net.SetValue('api_secret','xxxxxxxxxxxxxxxx')
st.SetValue(clip(pText))
st.ToUnicode(st:EncodeUtf8,st:CP_WINDOWS_1258)

net.SetValue('text',st.GetValue())
net.SetValue('from','Bazic Validation')
net.SetValue('to',pNummer)
net.Post('https://rest.nexmo.com/sms/json')
Title: Re: Multi Factor Authentication
Post by: Bruce on February 20, 2021, 03:55:21 AM: hi Ura,

So second factor breaks down to a number of steps;

a) User identifies themself (presumably on the login screen)
b) create a second factor token for them (ie some code). Ideally store the token with some sort of timeout, and of course make sure it's single-use
c) send the token to the user (sms / email / whatever)
d) allow the user to enter the token onto the login screen, along with the user name and password.

Cheers
Bruce
Title: Re: Multi Factor Authentication
Post by: urayoan on February 22, 2021, 10:44:29 AM: Thank you Bruce. That would help too.

Quote from: Bruce on February 20, 2021, 03:55:21 AM
hi Ura,

So second factor breaks down to a number of steps;

a) User identifies themself (presumably on the login screen)
b) create a second factor token for them (ie some code). Ideally store the token with some sort of timeout, and of course make sure it's single-use
c) send the token to the user (sms / email / whatever)
d) allow the user to enter the token onto the login screen, along with the user name and password.

Cheers
Bruce
Title: Re: Multi Factor Authentication
Post by: rjolda on February 22, 2021, 04:39:12 PM: Hi,
What I do is create a temporary login record with the required code and set the time - in a file that is used only for these temporary logins.
I send the code to the user either by sms to cell phone or by E mail to their registered address.
I then have them enter their login and capture that and look at the temporary login record for their name and they enter the required code. I make sure that it is the appropriate code and make sure that the elapsed time from initial record write is <= 10 min. If all OK, then log them in. If not, then ask them if they want to get another temporary code and write a new record to the temporary login file.....can track number of login attempts and lock out user if you want!

C_RST FILE,DRIVER('TOPSPEED'),NAME(rstname),PRE(CRT),CREATE
GUI_KEy KEY(CRT:guid),PRIMARY,NOCASE !guid key
ACT_KEY KEY(CRT:acct_ihid),DUP,NOCASE !on acct No
record RECORD
guid CSTRING(80)
tdate LONG
oprator CSTRING(20) !operator
statuscd BYTE
tmstamp LONG !time stamp
email_addr CSTRING(140) !e mail address
acct_ihid LONG
place_from CSTRING(20) !coming from AREG, PROVIDER, ADMINS, ACCTLOG
acct_path CSTRING(150) !path for acct
Login_name CSTRING(50) !this is the user login name
loginID SHORT !this is the login ID for this logon
other1 CSTRING(20)
other2 CSTRING(20)
END
END

Here is some code that I use if the user wants to reset their password - could be the same if they want a code...
Make_EMAIL ROUTINE
!message('making E mail')
If Access:C_RST.PrimeAutoInc() = Level:Benign
CRT:guid = st5.Random() ! 16 chars by default.
CRT:statuscd = 0 ! nothing done yet
CRT:tdate = TODAY()
CRT:oprator = 'LOGINACCT'
CRT:tmstamp = clock()
CRT:email_addr = p_web.GSV('userEmail') ! BAL:L_Email ! lookup
CRT:acct_ihid = p_web.GSV('userID') !loc:acct
CRT:place_from = 'WebLOGINACCT'
CRT:acct_path = GLO:currPath ! BAR:base_dir
CRT:Login_name = p_web.GSV('usrlogin') ! user name login name
CRT:loginID = p_web.GSV('userID')! acctlog IHID
CRT:other1 = 'TO BE SENT'
CRT:other2 =''!
CRT:person_name = p_web.GSV('usrname') ! this is their actual name
CRT:acct_type = p_web.GSV('LoginFrom') ! should be A or P

access:C_RST.Insert()
!do SEND_MAIL
!we need to start a new process to send E Mail on its own thread!!!!

start(SENDEMAIL,25000,CRT:guid) ! we send the IHID as a string so E Mail will send only this one
ELSE
! message('Could NOT add record to RESET Queue')

If Access:C_ERRS.PrimeAutoInc() = Level:Benign
CEE:Proc_name = 'APWEB'
CEE:Pt_account = ''
CEE:Bus_Acct = loc:acct
CEE:error_no = 30
CEE:err_msg = 'Could not write record to PW reset Q: ' & BAL:L_Email
CEE:err_level = 6
CEE:err_text = 'RESET PW ERROR write to file C_RST'
Access:C_ERRS.Insert()
! p_web.CloseFile(C_ERRS)
END ! If Access:C_ERRS.PrimeAutoInc() = Level:Benign

end ! If Access:C_RST.PrimeAutoInc

Hopefully that gives you some insight.
FWIW,
Ron Jolda
Title: Re: Multi Factor Authentication
Post by: urayoan on February 23, 2021, 06:10:51 AM: Thank you very much Ron!