.NET
This guide will demonstrate how to integrate Authsignal into your .NET app by focusing on three steps:
- Enrolling users with MFA
- Challenging users
- Validating challenges
Installation
Add the Authsignal server-side client library to your project:
dotnet add package Authsignal.Server.Client
You can then import the module and initialize the Authsignal client, providing your secret key in the constructor:
using Authsignal;
var authsignal = new AuthsignalClient(secret: "your-secret-key");
You can find your secret key in the Authsignal Portal under Settings -> Api Keys.
This secret key must be stored securely on your server and never exposed to the browser.
1. Enrolling users with MFA
The GetUser method lets you determine if a user of your application is currently enrolled.
var request = new UserRequest(userId: "usr_123");
var response = await authsignal.GetUser(request);
if (response.IsEnrolled) {
// The user has enabled at least one authenticator and can be challenged
} else {
// The user does not have MFA enabled
}
If the user isn't enrolled, you can let them enroll via the Challenge UI. Generate a URL to enroll by using the Track method:
var request = new TrackRequest(
UserId: "usr_123",
Action: "enroll",
RedirectUrl: "https://yourapp.com");
var response = await authsignal.Track(request);
var enrollmentUrl = response.Url;
The value "enroll" here is arbitrary and you can choose any value which describes the enrollment action - it simply identifies the action in the Authsignal Portal dashboards.
Redirecting the user to this URL will land them on a page which will let them enroll any authenticator type you have enabled for your tenant.
2. Challenging users
You can also use the Track method to challenge users once they are enrolled:
var request = new TrackRequest(
UserId: "usr_123",
Action: "signIn",
RedirectUrl: "https://yourapp.com/callback");
var response = await authsignal.Track(request);
var challengeUrl = response.Url;
Redirecting the user to this URL will land them on a page where they will be prompted to complete a challenge.
Once they've completed the challenge, the user will be redirected back to the RedirectUrl param you provide.
3. Validating challenges
Once the user is redirected back to your app after a challenge, you should always validate that they've completed the challenge successfully.
The easiest way to do this is by using the token query param which is appended to the redirect URL.
var token = Request.QueryString["token"];
var request = new ValidateChallengeRequest(
UserId: "usr_123",
Token: token);
var response = await authsignal.ValidateChallenge(request);
if (response.State == UserActionState.CHALLENGE_SUCCEEDED) {
// The user successfully completed the MFA challenge
} else {
// The user did not successfully complete the MFA challenge
}
Further reading
For the full API description see the Server API documentation.