How to customize the default timeout for 2fa token generated by default email provider in asp.net core identity framework

Question

How to customize the default timeout for 2fa token generated by default email provider in asp.net core identity framework

Rohit Mahindrakar 0

I am using asp.net core identity framework in my application, and the default email provider for 2fa token generation. The documentation here - https://learn.microsoft.com/en-us/aspnet/identity/overview/features-api/two-factor-authentication-using-sms-and-email-with-aspnet-identity#enabling-2fa, says that the default timeout is 6 mins for the token. But when testing I noticed its coming out to be 5 mins. Also, I don't see any clear documentation around customizing this timeout setting. We are trying to update the timeout value to 15 mins. I tried to follow the steps mentioned here - https://learn.microsoft.com/en-us/answers/questions/842342/extend-the-2fa-token-expiration-in-asp-net-core, but that did not work. I keep getting an error - "'Scheme already exists: Identity.Application'". Please advise. Thank you in advance.

Anonymous

2023-12-21T02:48:14.8166667+00:00

Hi,@Rohit Mahindrakar,the error "Scheme already exists: Identity.Application" indicates you've registered Identity multipule times.Could you show the codes related so that we could reproduce your issue?

Rohit Mahindrakar 0

Hi Ruikai, thank you so much for your response. Please find the below the snippet of the code being used as part of the application startup.cs.

        public void ConfigureServices(IServiceCollection services)
        {
            services.ConfigureRootConfiguration(Configuration);

            // Add DbContext for Asp.Net Core Identity
            services.AddIdentityDbContext<AdminIdentityDbContext>(Configuration, Environment);

            // Add Services to expire reset password token
            services.Configure<DataProtectionTokenProviderOptions>(options =>
            {
                options.TokenLifespan = System.TimeSpan.FromMinutes(1);//testing
            });

            //2fa token customization
            services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
            .AddEntityFrameworkStores<AdminIdentityDbContext>().AddTokenProvider<DataProtectorTokenProvider<IdentityUser>>(TokenOptions.DefaultEmailProvider);

Anonymous

2023-12-22T07:00:24.15+00:00

Hi,@Rohit Mahindrakar

services.AddIdentityDbContext<TContext>() is not a build- in method ,has you already registered Identity inside the Extension method?

1 answer

Your answer

Anonymous

2023-12-21T02:48:14.8166667+00:00

Hi,@Rohit Mahindrakar,the error "Scheme already exists: Identity.Application" indicates you've registered Identity multipule times.Could you show the codes related so that we could reproduce your issue?
Rohit Mahindrakar 0 Reputation points

2023-12-21T12:26:34.4933333+00:00

Hi Ruikai, thank you so much for your response. Please find the below the snippet of the code being used as part of the application startup.cs.

public void ConfigureServices(IServiceCollection services) { services.ConfigureRootConfiguration(Configuration); // Add DbContext for Asp.Net Core Identity services.AddIdentityDbContext<AdminIdentityDbContext>(Configuration, Environment); // Add Services to expire reset password token services.Configure<DataProtectionTokenProviderOptions>(options => { options.TokenLifespan = System.TimeSpan.FromMinutes(1);//testing }); //2fa token customization services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true) .AddEntityFrameworkStores<AdminIdentityDbContext>().AddTokenProvider<DataProtectorTokenProvider<IdentityUser>>(TokenOptions.DefaultEmailProvider);
Anonymous

2023-12-22T07:00:24.15+00:00

Hi,@Rohit Mahindrakar

services.AddIdentityDbContext<TContext>() is not a build- in method ,has you already registered Identity inside the Extension method?

Answer 1

I suggest that you use the MFA TOTP (Time-based One-time Password Algorithm) for the ASP.NET Core as described in the following Microsoft document:

Multi-factor authentication in ASP.NET Core

"MFA using TOTP is supported by default when using ASP.NET Core Identity."

Although the default does not include QR Code generation it can be added according to the following Microsoft document:

Enable QR code generation for TOTP authenticator apps in ASP.NET Core

The result is shown blow:

The first document shown in your question is for .NET Framework version ASP.NET Identity. Use of e-mail and SMS for 2FA is no longer supported in the project template for the ASP.NET Core App.

Share via

How to customize the default timeout for 2fa token generated by default email provider in asp.net core identity framework

1 answer

Your answer