Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Required passwordless authentication #6910

User avatar
0
krishna created

Hi, We have requirement to implement passwordless authentication (Using UsernameOrEmailAddress) in our project. We have tried but we are facing problem to establish session, So please provide neccessary steps/docs to implement passwordless authentication .

Go to accepted answer
8 Answer(s)
  • User Avatar
    0
    alper created
    Support Team

    see https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management#external-authentication

  • User Avatar
    0
    krishna created

    Hi alper, Tq for your reply. I have gone through the link, which you have shared, but i think its not related to my requirement. I have a requirement to authenticate a user without password by enter only username, for that in asp.net zero is there any possibility, if yes please share that link.

    Tq

  • User Avatar
    0
    alper created
    Support Team

    AspNet Boilerplate is the framework of AspNet Zero.

    public class MyExternalAuthSource : DefaultExternalAuthenticationSource<Tenant, User>,  ITransientDependency
{
    public override string Name
    {
        get { return "MyCustomSource"; }
    }

    public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
    {
       return true;
    }
}
  • User Avatar
    0
    krishna created

    Hi alper,

    In the below method, do we need to give password mandatory? If yes then its not related to passwordless authentication right?

    public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant) { return true; }

  • User Avatar
    0
    ryancyq created
    Support Team

    Hi, do you meant SSO for passwordless authentication?

    or you are looking remove password validation completely? meaning as long as a person provides any email addrsss, the person will be logged in as the email address given?

  • User Avatar
    0
    krishna created

    Hi, Yes we are looking for session establishment with only given email address/username by check in database, instead of using both username and password in AspNet Biolerplate to provide passwordless authentication. We are using asp.net core with angular, Is there any way to authenticate user with only emailaddress/username?

  • User Avatar
    0
    maliming created
    Support Team

    @krishna

    Although I don't understand why you are doing this, and I think this will have security issues.

    However, you can still add the login method of Email+ username in LogInManager. Evaluate email and username based on your needs.

    Code refer to: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/e318781f19fbd28cba8a4d9dad51f0d4821acc71/src/Abp.ZeroCore/Authorization/AbpLoginManager.cs#L81

  • User Avatar
    0
    krishna created

    we are actually trying to interate FIDO2 passwordless login with our ThinC-AUTH Biometric token.

    we have got the actual FIDO2 functionality integrated and are able to use it as a 2nd factor device. since we have biometrics on it we are trying to privide passwordless experience similar to

    https://www.microsoft.com/en-us/microsoft-365/blog/2018/11/20/sign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key/

    thanks for the reference, will try that out.

Assignee
No one
Labels
None yet