ASP.NET Core 6.0 - Users With Device 2FA

Ken Haggerty
Created 12/31/2021 - Updated 01/12/2022 02:34 GMT

This article introduces the ASP.NET Core 6.0 - Users With Device 2FA Project (UWD2FAP) and an article series about the implementation of ASP.NET Core 6.0 with Visual Studio 2022. I will assume you have downloaded the ASP.NET Core 6.0 - Users With Device 2FA Project.

Users With Device 2FA Project and Article Series

This article series is about the implementation of ASP.NET Core 6.0 with Visual Studio 2022. The ASP.NET Core 6.0 - Users With Device 2FA Project (UWD2FAP) implements WebAuthn, also known as FIDO2, instead of authenticator apps for two-factor authentication (2FA). The project implements Bootstrap v5 and Bootstrap Native. After a user registers, they can enable 2FA with Windows Hello, Android Lock Screen, or a FIDO2 security key. If I had this project when I created KenHaggerty. Com three years ago, I would have started with this user authentication template. The latest version is published at Preview. KenHaggerty. Com. I encourage you to register and evaluate multiple 2FA devices in Manage Account > Two-Factor Authentication. Details, screenshots, and related articles can be found at ASP.NET Core 6.0 - Users With Device 2FA Project. The details page includes the version change log.

Updated with links as the articles become published.

Visual Studio 2022 (VS 2022) is a 64-bit application, no longer limited to ~4gb of memory in the main devenv.exe process. VS 2022 is required to develop .NET 6 and ASP.NET Core 6.0 applications. .NET 6 is a Long Term Support (LTS) release and will be supported until November 08, 2024. .NET 5 is a Current release and will be supported until May 08, 2022. .NET 3.1 is a LTS release and will be supported until December 3, 2022. See .NET and .NET Core release lifecycle. I have been working with VS 2022 since Preview 3.1. The General Availability version was released on November 08, 2021. My ASP.NET Core 5.0 applications load, build, and run in VS 2022 without issue.

To evaluate the migration from ASP.NET Core 5.0 to ASP.NET Core 6.0, I created a new ASP.NET Core 6.0 Razor Pages Project then integrated the ASP.NET Core 5.0 - Users Without Identity Project and the ASP.NET Core 5.0 - Users Without Passwords Project. The UWD2FAP implements WebAuthn, also known as FIDO2, instead of authenticator apps for two-factor authentication (2FA). The project implements Bootstrap v5 and Bootstrap Native. After a user registers, they can enable 2FA with Windows Hello, Android Lock Screen, or a FIDO2 security key. Windows Hello implements authentication with an IR webcam for facial recognition, a fingerprint scanner, or just by setting up and using a PIN. See Learn about Windows Hello and set it up.

The project supports multiple authenticators and authenticator challenge history including failed attempts. Challenges which fail before associating to a known credential are orphaned. Admins can list users, credentials, and all invalid challenges. The latest version is published at Preview. KenHaggerty. Com. I encourage you to register and evaluate multiple 2FA devices in Manage Account > Two-Factor Authentication. If I had this project when I created KenHaggerty.Com three years ago, I would have started with this user authentication template.

The initial migration from ASP.NET Core 5.0 to ASP.NET Core 6.0 is as simple as updating the Target framework and NuGet packages. To evaluate some of the new features, I enabled the nullable context and mitigated all warnings and issues. I also implemented global usings and file scoped namespaces. This series describes the following.

Migrate From .NET 5.0

VS 2022 has a new project properties UI. This article describes how to upgrade the Target framework and NuGet packages. The new UI includes a Nullable setting on the Build tab which specifies the project-wide C# nullable context. This UI option was introduced in Visual Studio 16.5, and is only enabled for projects that use C# 8.0 or later. Migrating existing code, EF Core models, and data to a project-wide nullable context should be carefully planned. The UWD2FAP has the nullable context enabled and I have mitigated all warnings and issues. I am creating a new article series to describe the nullable context and how to migrate from the data up.

Top-Level Statements

This article describes the new top-level statements and how to migrate Startup.cs code to Program.cs.

Top-level statements means the compiler generates the namespace, class, and method elements for your main program. You can look at the code for the new application and imagine that it contains the statements inside the Main method generated by earlier templates. You can add more statements to the program, just like you can add more statements to your Main method in the traditional style. You can even add functions. They're created as local functions nested inside the generated Main method. See MSDocs - New C# templates generate top-level statements.

Global Usings

This article describes the new Global using directives and how to implement a GlobalUsing.cs file. New ASP.NET Core 6.0 projects enables Implicit using directives by default. GlobalUsing.cs can replace the confusing Implicit using directives.

If you want to remove this behavior and manually control all namespaces in your project, add <ImplicitUsings> disable </ImplicitUsings> in the project file. See MSDocs - Disable implicit using statements.

A global using directive imports a namespace for your whole application instead of a single file. These global directives can be added either by adding a <Using> item to the project file, or by adding the global using directive to a code file. See MSDocs - Global using directives.

Data Protection Keys

If the app is hosted in IIS, keys are persisted to the HKLM registry in a special registry key that's ACLed only to the worker process account. If the app is restarted a new key is generated. This article describes persisting keys to a file or to the database.

Administrator Claim

UWD2FAP implements an AppUserClaim entity for claims-based authorization. This article describes the AppUserClaim, creating a ClaimsPrincipal, and migrating the AppUser Administrator property to an AppUserClaim.

Terms Of Service

UWD2FAP implements a Terms Of Service feature. This article describes the TOS AppUserClaim, TOS page, and TermsOfServiceMiddleware.

Claims-Based Authorization

I am developing a mock-up of products to demonstrate claims-based authorization. The demonstration will be included in the UWD2FAP when completed.

Zero Trust

Zero Trust is a discipline rather than any one practice. This article describes the features of the UWD2FAP which support a Zero Trust environment.

Comment Count = 0

Please log in to comment.

Login Register
Logged in users receive web notifications.
Web Notifications