vb.net - 我应该如何为我的两因素身份验证系统生成“秘密”代码?
问题描述
我这样做只是为了保护没有本地请求和设置 2FA 方式的第三方产品。本质上,这会创建一个发送给 IT 的请求,让他们在请求时手动将密钥添加到用户配置文件中。
我应该如何为我的两因素身份验证系统生成“秘密”代码?
我正在使用QRCoder 包为我的用户群生成一个漂亮的可显示二维码。它在 Microsoft Authenticator 应用程序中运行良好,但Authy和Google都失败了。
我想我的随机秘密生成器功能是罪魁祸首?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim generator As OneTimePassword = New OneTimePassword() With {
.Secret = GenerateRandomString(16),
.Issuer = "My Site",
.Label = "My Service",
.Type = OneTimePassword.OneTimePasswordAuthType.TOTP
}
Dim payload As String = generator.ToString()
Dim qrGenerator As QRCodeGenerator = New QRCodeGenerator()
Dim qrCodeData As QRCodeData = qrGenerator.CreateQrCode(payload, QRCodeGenerator.ECCLevel.Q)
Dim qrCode As QRCode = New QRCode(qrCodeData)
LiteralQRCode.Text = generator.Secret
Dim imgBarCode As New System.Web.UI.WebControls.Image()
imgBarCode.Height = 300
imgBarCode.Width = 300
Using bitMap As Bitmap = qrCode.GetGraphic(20)
Using ms As New MemoryStream()
bitMap.Save(ms, System.Drawing.Imaging.ImageFormat.Png)
Dim byteImage As Byte() = ms.ToArray()
imgBarCode.ImageUrl = "data:image/png;base64," + Convert.ToBase64String(byteImage)
End Using
plBarCode.Controls.Add(imgBarCode)
End Using
End Sub
Public Function GenerateRandomString(ByRef iLength As Integer) As String
Dim rdm As New Random()
Dim allowChrs() As Char = "ABCDEFGHIJKLOMNOPQRSTUVWXYZ0123456789".ToCharArray()
Dim sResult As String = ""
For i As Integer = 0 To iLength - 1
sResult += allowChrs(rdm.Next(0, allowChrs.Length))
Next
Return sResult
End Function
解决方案
I ended up using OtpNet and using their Base32Encode function to get what I needed.
Hopefully this will help the next person who is attempting to work on a project that isn't exactly conventional.
Dim totp = KeyGeneration.GenerateRandomKey()
Dim generator As OneTimePassword = New OneTimePassword() With {
.Secret = Base32Encoding.ToString(totp),
.Issuer = "My Site",
.Label = "My Service",
.Type = OneTimePassword.OneTimePasswordAuthType.TOTP
}
推荐阅读
- git - git 仅将特定功能从 dev 合并到 master
- android - 通知生成器在随机时间显示通知
- javascript - 角表渲染问题(它渲染了太多的单元格)
- javascript - 当有人之前给予许可时,我的网页项目会自动获取 Facebook 信息
- debian - Apache vhost 目录从未使用过
- java - 无法使用正则表达式匹配单词中的起始字符
- android - 支持的 Android 设备 0 台设备(不支持所需功能
- android.hardware.camera2) - java - 将 Spring Boot 1.3.2 升级到 1.4.1 后休眠 hbm2ddl (ddl-auto) 失败
- laravel - 在 AWS 上部署期间 laravel 护照无效令牌
- angular - 如何使用 Angular 6 过滤两种不同类型的数组(删除重复数据)?