Skip to main content

.NET

This guide will demonstrate how to integrate Authsignal into your .NET app by focusing on three steps:

  1. Enrolling users with MFA
  2. Challenging users
  3. Validating challenges

Installation

Add the Authsignal server-side client library to your project:

dotnet add package Authsignal.Server.Client

You can then import the module and initialize the Authsignal client, providing your secret key in the constructor:

using Authsignal;

var authsignal = new AuthsignalClient(secret: "your-secret-key");

You can find your secret key in the Authsignal Portal under Settings -> Api Keys.

caution

This secret key must be stored securely on your server and never exposed to the browser.

1. Enrolling users with MFA

The GetUser method lets you determine if a user of your application is currently enrolled.

var request = new UserRequest(userId: "usr_123");

var response = await authsignal.GetUser(request);

if (response.IsEnrolled) {
// The user has enabled at least one authenticator and can be challenged
} else {
// The user does not have MFA enabled
}

If the user isn't enrolled, you can let them enroll via the Challenge UI. Generate a URL to enroll by using the Track method:

var request = new TrackRequest(
UserId: "usr_123",
Action: "enroll",
RedirectUrl: "https://yourapp.com");

var response = await authsignal.Track(request);

var enrollmentUrl = response.Url;
info

The value "enroll" here is arbitrary and you can choose any value which describes the enrollment action - it simply identifies the action in the Authsignal Portal dashboards.

Redirecting the user to this URL will land them on a page which will let them enroll any authenticator type you have enabled for your tenant.

Authsignal user enrollment screen which shows various authentication options

2. Challenging users

You can also use the Track method to challenge users once they are enrolled:

var request = new TrackRequest(
UserId: "usr_123",
Action: "signIn",
RedirectUrl: "https://yourapp.com/callback");

var response = await authsignal.Track(request);

var challengeUrl = response.Url;

Redirecting the user to this URL will land them on a page where they will be prompted to complete a challenge.

Authsignal presenting a MFA challenge

Once they've completed the challenge, the user will be redirected back to the RedirectUrl param you provide.

3. Validating challenges

Once the user is redirected back to your app after a challenge, you should always validate that they've completed the challenge successfully.

The easiest way to do this is by using the token query param which is appended to the redirect URL.

var token = Request.QueryString["token"];

var request = new ValidateChallengeRequest(
UserId: "usr_123",
Token: token);

var response = await authsignal.ValidateChallenge(request);

if (response.State == UserActionState.CHALLENGE_SUCCEEDED) {
// The user successfully completed the MFA challenge
} else {
// The user did not successfully complete the MFA challenge
}

Further reading

For the full API description see the Server API documentation.