vb.net - 我应该如何为我的两因素身份验证系统生成“秘密”代码？

问题描述

我这样做只是为了保护没有本地请求和设置 2FA 方式的第三方产品。本质上，这会创建一个发送给 IT 的请求，让他们在请求时手动将密钥添加到用户配置文件中。

我应该如何为我的两因素身份验证系统生成“秘密”代码？

我正在使用QRCoder 包为我的用户群生成一个漂亮的可显示二维码。它在 Microsoft Authenticator 应用程序中运行良好，但Authy和Google都失败了。

我想我的随机秘密生成器功能是罪魁祸首？

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Dim generator As OneTimePassword = New OneTimePassword() With {
      .Secret = GenerateRandomString(16),
      .Issuer = "My Site",
      .Label = "My Service",
      .Type = OneTimePassword.OneTimePasswordAuthType.TOTP
  }

        Dim payload As String = generator.ToString()
        Dim qrGenerator As QRCodeGenerator = New QRCodeGenerator()
        Dim qrCodeData As QRCodeData = qrGenerator.CreateQrCode(payload, QRCodeGenerator.ECCLevel.Q)
        Dim qrCode As QRCode = New QRCode(qrCodeData)

        LiteralQRCode.Text = generator.Secret

        Dim imgBarCode As New System.Web.UI.WebControls.Image()
        imgBarCode.Height = 300
        imgBarCode.Width = 300
        Using bitMap As Bitmap = qrCode.GetGraphic(20)
            Using ms As New MemoryStream()
                bitMap.Save(ms, System.Drawing.Imaging.ImageFormat.Png)
                Dim byteImage As Byte() = ms.ToArray()
                imgBarCode.ImageUrl = "data:image/png;base64," + Convert.ToBase64String(byteImage)
            End Using
            plBarCode.Controls.Add(imgBarCode)
        End Using

    End Sub

    Public Function GenerateRandomString(ByRef iLength As Integer) As String
        Dim rdm As New Random()
        Dim allowChrs() As Char = "ABCDEFGHIJKLOMNOPQRSTUVWXYZ0123456789".ToCharArray()
        Dim sResult As String = ""

        For i As Integer = 0 To iLength - 1
            sResult += allowChrs(rdm.Next(0, allowChrs.Length))
        Next

        Return sResult
    End Function

标签： vb.netauthenticationqr-codetwo-factor-authentication