(C# ASP.NET Core) Disabling 2-Factor Authentication

The purpose of this tutorial is to add the functionality that allows a user to disable his 2-factor authentication. For this we shall have to modify the _LoginPartial page so that the disable 2-factor authentication link is shown to him.
(Rev. 19-Mar-2024)

Categories | About |     |  

Parveen,

Step 1 - Modify the _LoginPartial Page

The first step is to modify the login partial page so that we can show a link for disabling 2-factor authentication. This link will appear if the user has already enabled it, and on the other hand, if he hasn't enabled it, then he should see the link for enabling it.

Open the solution explorer and locate the _LoginPartial page. Double click to open it so that we can examine the completed page.

First we have the directives for a namespace and tag helpers. Then we have used dependency injection to obtain an instance of the SignInManager class.

// Pages -> Shared -> _LoginPartial.cshtml 

@using Microsoft.AspNetCore.Identity

@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers

@inject SignInManager<IdentityUser> _sm

@if (_sm.IsSignedIn(User))
{
  var user = await _sm.UserManager.GetUserAsync(User);

  <div>

    <span>Welcome @User.Identity?.Name</span>
    
    |

    <a asp-area="auth" asp-page="Logout">Logout</a>

    |

    @if (await _sm.UserManager.GetTwoFactorEnabledAsync(user))
    {

      <a asp-area="auth" asp-page="Mfa/DisableAuthenticator">
        Disable 2-Factor Auth
      </a>

    }
    else
    {

      <a asp-area="auth" asp-page="Mfa/EnableAuthenticator">
        Enable 2-Factor Auth
      </a>

    }

  </div>
}
else
{
  <div>
    <a asp-area="auth" asp-page="Register">Register</a>
    |
    <a asp-area="auth" asp-page="Login"> Login </a>
  </div>
}

  

An if condition checks if the user is already signed in. If he is signed in, then we display his user name and a log out link. The next if condition checks if 2-factor authentication is already enabled. If it is enabled then the link for disable authentication is shown, and otherwise the link for enable authentication is shown.

Let us now add the page for disable authentication.

Video Explanation (see it happen!)

Please watch the following youtube video:

Step 2 - Add the DisableAuthenticator Page

Open the solution explorer and locate the folder Mfa under the Auth area.

Add a razor page called DisableAuthenticator.

Double click and open the DisableAuthenticator.cshtml file so that we can examine the markup.

// Areas -> Auth -> Pages -> Mfa -> DisableAuthenticator.cshtml 

@page

@using Microsoft.AspNetCore.Identity

@inject UserManager<IdentityUser> _um

@functions {

  public String Message { get; set; } = default!;

  public async Task<IActionResult> OnGetAsync()
  {
    var user = await _um.GetUserAsync(User);

    if (user == null)
    {
      return NotFound();
    }
    else
    {
      var ret = await _um.SetTwoFactorEnabledAsync(user, false);

      Message = ret.Succeeded ? "disabled success" : "some error";

      return Page();

    }
  }
}

<p style="color:red">@Message</p>

  

First we have the directives for page and a namespace. Then we have used dependency injection to obtain an instance of the UserManager service.

Next we have used a functions block so that the handlers and properties can be written in this cshtml file itself.

The Message property will help us display a message for success or failure to the user. The OnGet method is called when the page is reached by the user.

First we use the UserManager service to obtain the logged in user.

If the user cannot be found, then an error response is sent.

Otherwise, the SetTwoFactorEnabled method of the UserManager service is used to disable 2-factor authentication. If the function succeeds we set the Message property to show a success message.

Run the Project

Run the project and do a 2-factor login.

We verify that the link for disable 2-factor login appears at the top.

Now click this link to disable 2-factor authentication. We verify that the two-factor authentication has been successfully disabled. This is how 2-factor authentication works. Thankyou!


This Blog Post/Article "(C# ASP.NET Core) Disabling 2-Factor Authentication" by Parveen is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.