Using totp microsoft authenticator for asp net mvc


ASP.NET is a popular programming language used for building web applications. In this article, we will explore how to use TOTP (Time-based One-Time Password) with Authenticator in an ASP.NET MVC application.

What is TOTP?

TOTP is a type of two-factor authentication that generates a temporary password based on the current time. It provides an additional layer of security by requiring users to enter both their regular password and the temporary password generated by an authenticator app.

Setting up Microsoft Authenticator

Before we can use TOTP in our ASP.NET MVC application, we need to set up Microsoft Authenticator on our mobile device. Microsoft Authenticator is for both iOS and Android devices.

Once you have installed the app, the instructions to set up your account. This usually involves scanning a QR code or manually entering a secret key provided by the application or service you are trying to secure.

Implementing TOTP in ASP.NET MVC

To implement TOTP in our ASP.NET MVC application, we need to install the necessary NuGet packages and make some changes to our code.

First, let's install the required NuGet packages:

Install-Package OtpSharp
Install-Package QRCoder

Next, let's add the necessary code to our application. We will start by creating a new controller called “” and adding the following code:

using OtpSharp;
using QRCoder;

public  AccountController : Controller
    public ActionResult EnableTwoFactorAuthentication()
        //  a new secret key
        var secretKey = KeyGeneration.GenerateRandomKey(20);

        // Generate a QR code for the secret key
        var qrCodeGenerator = new QRCodeGenerator();
        var qrCodeData = qrCodeGenerator.CreateQrCode(secretKey, QRCodeGenerator.ECCLevel.Q);
        var qrCode = new Base64QRCode(qrCodeData);
        var qrCodeImage = qrCode.GetGraphic(20);

        // Save the secret key and display the QR code to the user
        // TODO: Save the secret key to the user's account
        ViewBag.SecretKey = secretKey;
        ViewBag.QRCodeImage = qrCodeImage;

        return View();

In the above code, we first generate a new secret key using the OtpSharp library. We then use the QRCoder library to generate a QR code for the secret key. The QR code can be scanned by the Microsoft Authenticator app to set up the TOTP authentication.

We save the secret key to the user's account (you will need to implement the logic to save it to your database) and display the QR code to the user.

TOTP for a User

To enable TOTP for a user, we need to create a new view called “EnableTwoFactorAuthentication.cshtml” and add the following code:

    ViewBag.Title = "Enable Two-Factor Authentication";

Enable Two-Factor Authentication

Scan the QR code below using the Microsoft Authenticator app:

QR Code

After scanning the QR code, enter the code generated by the app below:

@using (Html.BeginForm("EnableTwoFactorAuthentication", "Account", FormMethod.Post)) { @Html.AntiForgeryToken()
@Html.Label("Verification Code") @Html.TextBox("verificationCode", null, new { @class = "form-control" })

In the above code, we display the QR code generated in the previous step and ask the user to scan it using the Microsoft Authenticator app. We then provide a text box for the user to enter the verification code generated by the app.

When the user submits the form, we need to validate the verification code. We can do this by adding the following code to the “AccountController”:

public ActionResult EnableTwoFactorAuthentication(string verificationCode)
    // TODO: Validate the verification code
    if (verificationCodeIsValid)
        // TODO: Enable TOTP for the user
        return RedirectToAction("Index", "Home");
        ModelState.AddModelError("", "Invalid verification code");
        return View();

In the above code, we validate the verification code entered by the user. If the code is , we can enable TOTP for the user and redirect them to the home page. If the code is invalid, we add a model error and return the view to display an error message.


In this article, we have explored how to use TOTP with Microsoft Authenticator in an ASP.NET MVC application. By implementing TOTP, we can add an layer of security to our web application and protect our users' accounts from unauthorized access.

Remember to follow best practices for secure authentication and keep your application up to date with the latest security patches.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents