Handling custom multi-factor authentication

You can use global events to define custom actions that the system performs after a user tries to sign in to Kentico using the username and password and the multi-factor authentication is enabled. See the SecurityEvents section of the global event reference to learn more about the available options.

If you want to implement your own authentication factor, clear the Display initialization token option in Settings -> Security & Membership -> Authentication.

To set up a custom action, which is performed after a user tries to sign in to Kentico, implement a handler for the SecurityEvents.MultiFactorAuthenticate.Execute event. For example, you can implement functionality that sends users an SMS text with a passcode.

This is a simple example of writing information into the event log. The example uses a custom class in the App_Code folder:




using System.Data;

using CMS.Base;
using CMS.Membership;
using CMS.EventLog;

[CustomMFAAuthentication]
public partial class CMSModuleLoader
{
    /// <summary>
    /// Attribute class that ensures the loading of custom handlers.
    /// </summary>
    public class CustomMFAAuthenticationAttribute : CMSLoaderAttribute
    {
        /// <summary>
        /// The system executes the Init method of the CMSModuleLoader attributes when the application starts.
        /// </summary>
        public override void Init()
        {
            // Assigns a handler to the SecurityEvents.MultiFactorAuthenticate.Execute event
            // This event occurs when users try to sign in to Kentico with multi-factor authentication enabled
            SecurityEvents.MultiFactorAuthenticate.Execute += MFAuthentication_Execute;
        }

        // The handler method, which writes the passcode to the event log
        // You can replace it with your custom code
        private void MFAuthentication_Execute(object sender, AuthenticationEventArgs e)
         {
            string message = string.Format("Passcode: {0}", e.Passcode);
               EventLogProvider.LogInformation("Multi-factor authentication", "Passcode", message);
         }
    }
}



Note: The Passcode parameter in its default state is 30 characters long, but the multi-factor authentication in Kentico uses only the first 5 characters.