Pure C# Authenticator - Is it possible?

GoalMiner 1 Reputation point
2022-12-13T16:54:09.537+00:00

Is it possible to create an authenticator like authy, microsoft authenticator, google authenticator but purely in code with no dependencies on outside sources so it can run offline, perhaps clock based?

Microsoft Security | Microsoft Authenticator
Developer technologies | C#
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Karen Payne MVP 35,586 Reputation points Volunteer Moderator
    2022-12-13T23:24:17.083+00:00

    Doubtful, there is a great deal that goes into creating an alternate without dependencies that would be trustworthy.

    0 comments No comments

  2. Bruce (SqlWork.com) 78,086 Reputation points Volunteer Moderator
    2022-12-13T23:57:02.577+00:00

    yes you can code this in C#. these authenticators work by verifying you by your device, typically a phone but could be a desktop.

    the device application will generate a code, it will generate the code based on the time and a certificate registered with the authentication service. the registration service asks for the code and userid. with the userid it gets the users device certificate and current tine and validates the code.

    it is important that the certificate is safely stored, because that is all that's needed to hack the system. phone have safe places to store this information..

    one of the complexities is registering the device. at device registration you need to prove the user registering the device is the correct user.

    you don't explain your requirements. what hosts the application asking for authentication. what device is required to prove who the user is. not sure what you mean by offline.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.