Web Connection
Two Factor Authentication
Gravatar is a globally recognized avatar based on your email address. Two Factor Authentication
  Kathy
  All
  Feb 22, 2019 @ 07:46am

Hello,
I have not gone through User Security Manager and its documentation **yet **but I've been asked to add Two Factor Authentication to our webconnection application, and preferably by sending code to smart phones, all new to me!
Would you please let me know if this is something practical and if there's any guidance on how to start and implement?
Thank you in advance,
Kathy

Gravatar is a globally recognized avatar based on your email address. re: Two Factor Authentication
  Rick Strahl
  Kathy
  Feb 22, 2019 @ 01:45pm

There's no native support for two-factor auth in Web Connection or the User Security manager. Setting up two factor auth requires a separate validation mechanism and some sort of service that can send SMS messages (or possibly using an auth service like Microsoft Authenticator or Authy).

I would be careful about going down the SMS path because there serious privacy issues involved and I think in the next few years using SMS as a verification mechanism is going to likely go away because of it.

If you do go down this route it might be worthwhile to look into some of the authentication services that are available like Auth0 but even with a service like this the process is very complex.

Unfortunately I don't have a good answer for you - authentication is something that is difficult to do on any platform and especially on FoxPro because we don't even have the basic infrastructure built in. Web Connection provides all the HTTP basics needed, but we don't have all the oAuth functionality for token processing and the back and forth flow of callback messages that are required. It's possible but it's a lot of code that needs to be manually written and figured out.

I personally have not done this with Web Connection. I have with .NET and even with the infrastructure built-in it was not an easy task...

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Two Factor Authentication
  Kathy
  Rick Strahl
  Feb 25, 2019 @ 09:01am

Thank you so much for your precious advice.
I know it's way above me now but I'm asking this to answer my curiosity, so is it possible to go for oAuth and .Net approach and some how add the feature to the webconnection application using the magic of wwDotNetBridge?

Gravatar is a globally recognized avatar based on your email address. re: Two Factor Authentication
  Kathy
  Rick Strahl
  Mar 8, 2019 @ 12:37pm

Hi again Rick,
I'm just back from FoxCon where I heard about U2F and its libraries for the first time.
I know this may sound too much but would you see any possibility of adding it (or something similar to it) to Webconnect in future? Or I'm way off 😃
Thanks,
Kathy

Gravatar is a globally recognized avatar based on your email address. re: Two Factor Authentication
  Rick Strahl
  Kathy
  Mar 8, 2019 @ 01:37pm

This standard is very new and there are very few tools available to work for it to date. I think only Chrome currently supports the hardware interfaces to USB keys and honestly I don't see this having a large impact any time soon. I took a quick look at the libraries available to do this, and they are super low level server implementations that deal with device level interfaces. In order to do this in Web Connection some sort of interface library would be required.

So the short answer is - no this won't become part of Web Connection unless it becomes a lot more popular with better library support from bigger server framework vendors.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Two Factor Authentication
  Kathy
  Rick Strahl
  Apr 10, 2019 @ 07:47pm

Sorry for this late reply.
Thank you so much for looking into it and letting us know.
Kathy

© 1996-2019