C#•2y ago

❔ ASP.NET Core Identity OTP creation date

So, currently, I have an authentication server (not with IdentityServer4/Duende). I have enabled two-factor authentication, and I want users to be able to send sms with otp only once per 60 seconds. From what I see, there is no information in AspNetUserTokens about the date it was generated. So I have an idea to expand this table with an additional column with a time stamp, so I can track when otp was created and prevent user from sending a new one if it was created recently. I've added a new migration and recreated a database, and now table AspNetUserTokens contains a new row which indicates creation date. Now I'm trying to figure out how to make Identity use my new class with a Created property. I'm also wondering if I'm in a right direction or it should be implemented in the different way. Would be glad to hear any ideas/advices.

3 Replies

Tvde1•2y ago

What are you using if not IdentityServer4/Duende?

no >> bodyOP•2y ago

OpenIddict So, for now, I decided to expand the entity which inherits from IdentityUser and add new property LastOtpGenerated. And now I have something like that in my logic

....

if (AuthenticationProvider == "Phone")
{
    if (user.LastOtpGenerated > DateTime.UtcNow.AddMinutes(-1))
    {
        ErrorMessage = "You have to wait 1 minute before requesting a new code.";
        return Page();
    }
}
...

....

if (AuthenticationProvider == "Phone")
{
    if (user.LastOtpGenerated > DateTime.UtcNow.AddMinutes(-1))
    {
        ErrorMessage = "You have to wait 1 minute before requesting a new code.";
        return Page();
    }
}
...

And when OTP should be generated

user.LastOtpGenerated = DateTime.UtcNow;
await userManager.UpdateAsync(user);

user.LastOtpGenerated = DateTime.UtcNow;
await userManager.UpdateAsync(user);

Accord•2y ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

Gaming

Programming

❔ ASP.NET Core Identity OTP creation date