Anyone know where I could find sample code for this with system.security.cryptography namespace -- or instructions followable by a developer?
The purpose is to add two-factor authentication to an asp.net website. On website I want to ask user to enter a passcode (similar to if they got it from a keyfob). On the client side I want to provide a vb.net windows.forms program that generates the correct passcode.
I want to do this with system.security.cryptography namespace on a small scale. I was looking for sample code I don't want to mess with devices or purchase authentication server appliances.
Most of the algorithms out there require an advanced degree in math or are for other platforms such as Linux or PHP. I'm looking for the .net equivalent.
The cryptographic parts of RFC4226 (counter-based OTP) or draft-mraihi-totp-timebased (time-based OTP) are relatively simple:
It is usually the user-management and the static/dynamic synchronization that makes it complicated.
Something like this should work: