When working with multi-factor authentication, apps like Google Authenticator or Microsoft Authenticator are often used to generate an additional factor. These generate (time-based) one-time passwords, using algorithms like those described in RFC 6238 and/or RFC 4226. When you want to implement server-side verification, or you want to implement your own app that generates these OTPs, you’ll thus have to implement these standards.
There’s a very useful library by Guillaume Lacasa that does this: TwoStepsAuthenticator. From the description:
.NET implementation of the TOTP: Time-Based One-Time Password Algorithm and HOTP: HMAC-Based One-Time Password Algorithm RFC 6238 & RFC 4226. Compatible with Microsoft Authenticator for Windows Phone, and Google Authenticator for Android and iPhone.
You can use this library as well for a client application (if you want to create your own authenticator) or for a server application (add two-step authentication on your asp.net website)
Today I needed a port of this because of a need to target this across a Xamarin & .NET 4.5 project. I figured I wouldn’t be the only with this requirement, so I put it on GitHub. I ported it to support the .NET Standard 1.6 profile as those libraries can be targeted by .NET Core, .NET, Xamarin, … so if you have a need for this, feel free to use it. All coding credits go to Guillaume – I simply ported it –, so I’d like to explicitly thank him for his hard work on this!
Happy coding! 
Leave a Reply