Base solution for your next web application
Open Closed

2 Factor Authentication Based on IP Address #10415


User avatar
0
[email protected] created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? v10.3.0
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .net core

If issue related with ABP Framework

  • What is ABP Framework version? v4.3

If issue is about UI

  • Which theme are you using? Theme 2
  • What are the theme settings? Default

Hi there,

I want to use the 2 factor authentication based on user's login IP address. Do you provide features like this? If not, could you please let me know what tools I can use to achieve this? Thanks.


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Could you explain a bit more how you are planning to implement the flow ? Do you only want to allow specific IP ranges for login ?

    Thanks,

  • User Avatar
    0
    [email protected] created

    When the user tries to login, we check the the IP address. If it's different from last time or unknown, we use the 2FA. I'm not sure if this is the right process but it seems many websites are doing this or sending you a notification when you login from a different location or device.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thanks, got it now. In that case, you can check the user's last logged in IP address from AbpUserLoginAttempts table and return true if the current IP is different from last logged in IP address in IsTwoFactorAuthRequiredAsync method of TokenAuthController. Rest of the flow should work as expected.