Greetings, there are some problems I encountered in layered ABP solution:
- I need to disable email and phone number providers in 2FA and leave only TOTP provider functional, ie. I need to make it so that users can enable TOTP provider without verifying phone number or email. How can I achieve that? Please provide detailed instructions.
- And I need to make it so force behavior in 2FA works with TOTP, i.e when 2FA behavior is set to force, I need the app to redirect the user to Two Factor Authentication page at "/Account/Manage" and so the user is not able to log in without enabling TOTP app. Please give me detailed instructions on this as well.
7 Answer(s)
-
0
- To disable email and phone number providers in 2FA and leave only the TOTP provider functional, you need to override the logic that provides available two-factor authentication providers. In your application layer, override the method that returns the list of 2FA providers (such as GetTwoFactorProvidersAsync in your AccountAppService or equivalent). Only return the TOTP provider in the result. This will prevent users from seeing or enabling email or phone-based 2FA, and allow enabling TOTP without verifying email or phone.
Example:
public override async Task<ListResultDto<string>> GetTwoFactorProvidersAsync() { // Only return TOTP provider return new ListResultDto<string>(new List<string> { "Authenticator" }); }Make sure your UI only displays the TOTP option and does not require email or phone verification for enabling TOTP.
- To force 2FA with TOTP and redirect users to the Two Factor Authentication page at "/Account/Manage" when 2FA is required, set the 2FA behavior to "force" in your configuration. In your Angular application, after login, check if the user has 2FA enabled and is required to complete 2FA. If so, redirect them to "/Account/Manage" for TOTP verification.
You may need to customize the authentication flow in your Angular app to handle this redirect. Typically, after login, if the backend indicates that 2FA is required (e.g., via a specific response or claim), perform a client-side redirect:
// Pseudocode for Angular if (userRequires2FA) { this.router.navigate(['/account/manage']); }Ensure your backend enforces 2FA when required and that the Angular app checks for this state after authentication.
Sources:
- https://abp.io/docs/latest/modules/identity/two-factor-authentication
- https://abp.io/support/questions/4444
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
No I tried that, didn't work
-
0
hi
You can remove the email and phone from
options.Tokens.ProviderMapservices.PostConfigure<IdentityOptions>(options => { //options.Tokens.ProviderMap }); -
0
Hi, if I do that it throws "NotSupportedException: No IUserTwoFactorTokenProvider<TUser> named 'Default' is registered." error. The reason is that I still need to verify either email or phone number to enable TOTP and if I do that it throws the error above. What I need is to make TOTP provider totally independent from email and phone providers. I mean so the user can enable only TOTP without verifying email or phone number.
-
0
hi
You can consider overriding the
SendSecurityCodeModelto remove the 2FA providers.
-
0
Hi. It is a .cshtml page right? If yes can you please specify its location and exact name so I can override that page and test it? And it would also mean that I need to override the .cshtml file as well, in that case I need the content of that file too. I checked your repository in github but couldn't find it.
-
0
hi
The page class is
Volo.Abp.Account.Public.Web.Pages.Account.SendSecurityCodeModelYou can create a subclass to override
OnGetAsyncmethod.https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface
