Firstly the documentation for twilio appears to have disappeared, are you guys working on it? Development-Guide-Core#twilio-integration
This forum post appears to have been written about the same issue and points to the same (broken) link. Twilio not working in v6.7
I open my Twilio account and add AccountSid, AuthToken and SenderNumber to appsettings.json. I uncomment my line in [Projectname].Core:
//Twilio - Enable this line to activate Twilio SMS integration
Configuration.ReplaceService<ISmsSender,TwilioSmsSender>();
I start up my system and set up host for two factor authentication:
I go to my user account (host admin) and turn on two factor authentication:
I refresh the screen because I'm resetting my own settings.
I go to verify my phone number by selecting my settings from the drop down to the top right and get this:
I logout and log back in again, same result. I power down the development system and restart but same result.
I verify the phone number against my host admin user and then update the database and set IsPhoneNumberConfirmed = 1 using sql. I logout and log back in again and the two factor authentication is enabled and I use it to sign in.
There's something wrong with the logic in user settings. I will continue my investigation because I need this to work.
7 Answer(s)
-
0
Now I understand. To enable 2FA (Two Factor Authentication) SMS a number of steps are required:
- In host User Management tab check "Phone number verification enabled (via SMS)".
- In host Security tab settings check "Enable two factor user login." under the heading Two Factor Login.
- Below this check "Enable SMS verification."
- In tenant Security tab check "Enable two factor user login.".
- For each user to use 2FA check "Two factor authentication enabled".
It all makes sense but it's easy to miss step one. This might be in the documentation but I believe it's down for modification at the moment.
However, Google authentication is another matter. At angular\src\app\shared\layout\profile\my-settings-modal.component.html it would appear that the Google Authenticator is set to display regardless of whether the system is set up for 2FA with same. Surely there should be an *ngIf on the tab to display it only if 2FA and Google Authenticator are enabled?
-
0
Hi, the documents have been re-structure recently. The new link for twilio is at
https://docs.aspnetzero.com/documents/aspnet-core-angular/latest/Features-Angular-Two-Factor-Authentication#twilio-integration
https://docs.aspnetzero.com/documents/aspnet-core-mvc/latest/Features-Mvc-Core-Two-Factor-Authentication#twilio-integration
-
0
Thanks ryancyq, but I still don't know why users should have the Google Authenticator option if it has not been set?
-
0
Hi, @bobingham, currently
Two Factor Loginsare show/hidden behind the setting fortenant/host settingsonly.See https://github.com/aspnetzero/aspnet-zero-core/blob/2f8f00696ed4c0f14ed57701706df46ed8a14350/angular/src/app/admin/settings/tenant-settings.component.html#L196-L227
By default, Two factor logins section is always shown whereas the
enable/disablebutton is display based on the setting value.See https://github.com/aspnetzero/aspnet-zero-core/blob/4eeed7b108cbf2c68254baff14619a12f2be9649/angular/src/app/shared/layout/profile/my-settings-modal.component.html#L66-L89
I think we should align the two factor login settings in these views. Thanks for reporting.
-
0
Hi @ryancq, understood, I took a look at the code. The user can enable Google Authentication regardless of whether the option is set. As soon as you set 2FA Google Authentication is enabled at the user level. Switching it off at the host level does not change this.
-
0
angular, dotnetcore, 6.8.0, .net 4.6.1 I am still at a loss. I have just released 6.8.0. I go to host settings-> User management and enable Phone number verification:
I go to host settings-> Security and enable Two Factor Login, note Google Authenticator is unchecked:
I go to my user settings and make sure I have a phone number and enable Two factor authentication:
I refresh my page to reload all settings and go to .\admin -> My settings -> Two Factor Login:
Note I cannot verify my phone number but I can enable Google Authenticator (which is not set).
I sign out and sign in again and I have just one option for 2FA, email:
How the hell do I verify my phone number?
I go to the database and update IsPhoneNumberConfirmed:
begin tran update [dbo].[AbpUsers] set [IsPhoneNumberConfirmed] = 1 where Id = 1 --commit --rollbackI go back to the sign in page and refresh and bingo I have 2FA for the phone.
How the hell do I verify my phone number without having to resort to SQL?
-
0
DOH!
