How do I set up a SMS sender for Identity

David Thielen 2,421 Reputation points
2023-04-24T23:14:59.91+00:00

I am following the instructions here to set up a SMS sender for ASP.NET Core Identity. I have a couple of questions:

  1. Where can I find the interface ISmsSender?
  2. The code also implements IEmailSender? Is that needed or was this just sloppy left-over code?
  3. Where/how do I store the secrets for the Twilio credentials? I can't find where it gives the name for them.
  4. What do I do to have the Identity code send a text? Preferably to verify the user's phone number? thanks - dave
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,284 questions
0 comments No comments
{count} votes

Accepted answer
  1. Chen Li - MSFT 1,221 Reputation points
    2023-04-25T04:25:57.61+00:00

    Hi @David Thielen,

    Where can I find the interface ISmsSender?

    You can view and download the official sample code in the official document link you provided. Under the Services folder, you can see the ISmsSender interface: User's image

    public interface ISmsSender
    {
        Task SendSmsAsync( string number, string message);
    }
    

    The code also implements IEmailSender? Is that needed or was this just sloppy left-over code?

    IEmailSender is not necessary. You only need to use IEmailSender if you wish to set email as a second authentication factor, otherwise you don't need it. You can see the corresponding logic in AccountController's SendCode:

    if (model.SelectedProvider == "Email")
    {
        await _emailSender.SendEmailAsync(await _userManager.GetEmailAsync(user), "Security Code", message);
    }
    else if (model.SelectedProvider == "Phone")
    {
        await _smsSender.SendSmsAsync( await _userManager.GetPhoneNumberAsync(user), message);
    }
    

    User's image

    Where/how do I store the secrets for the Twilio credentials?

    In the official documentation it states that you need to create a class to fetch the secure SMS key, and use the secret-manager tool to set it.

    public class SMSoptions
    {
        public string SMSAccountIdentification { get; set; }
        public string SMSAccountPassword { get; set; }
        public string SMSAccountFrom { get; set; }
    }
    

    And then set the SMSAccountIdentification, SMSAccountPassword and SMSAccountFrom:

    dotnet user-secrets set "SMSAccountIdentification" "Your Account SID"
    dotnet user-secrets set "SMSAccountPassword" "Your Auth Token"
    dotnet user-secrets set "SMSAccountFrom" "Your Twilio phone number"
    

    The above three information can be seen in Account Info in Twilio: User's image

    After the setup is complete, run dotnet user-secrets init.

    Then, as you can see in the example, register SMSoptions in Startup: services.Configure<SMSoptions>(Configuration);

    And Inject it into AuthMessageSender.

    What do I do to have the Identity code send a text?

    You can see the implementation of ISmsSender in the MessageServices_twilio.cs file in the official example. When you are adding a phone number for verification, it will carry SMSAccountIdentification, SMSAccountPassword and other information to send a request to AddPhoneNumber in ManageController to generate a verification code and send it to the phone number that needs to be verified:

    var code = await _userManager.GenerateChangePhoneNumberTokenAsync(user, model.PhoneNumber);
    await _smsSender.SendSmsAsync(model.PhoneNumber, "Your security code is: " + code);
    

    And SendCode in AccountController is executed when all your configuration is complete and two-factor authentication is tested.

    It is worth noting that when you download the sample code and run it, you need to comment out the contents of the MessageServices_ASPSMS.cs file and the MessageServices.cs file, because there will be a naming conflict. Also you need to install ASPSMS NuGet Package.


    If the answer is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    Chen Li


1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 59,051 Reputation points
    2023-04-25T02:56:23.9+00:00

    The custom sender must implement both interface, but like the example, the email can just a null operation. The interfaces are defined in:

    Microsoft.Extensions.Options

    you store the secrets where you want. You just need to read them at configuration. The sample use the azure secrets store and passes them via the SMSoptions class loaded via injection and the ioptions pattern.

    this is all part of MFA:

    https://learn.microsoft.com/en-us/aspnet/core/security/authentication/mfa?view=aspnetcore-7.0