DEV Community: Chinthaka Bandara

Implementing Multi-Factor Authentication (MFA) in .NET Applications

Chinthaka Bandara — Tue, 21 Jan 2025 10:25:50 +0000

Multi-Factor Authentication (MFA) is a crucial security measure designed to enhance our application's protection and reduce the chances of unauthorized access.

This article walks you through the steps to implement MFA in a .NET 8 application, focusing on Time-based One-Time Password (OTP) compatible with Google Authenticator and Microsoft Authenticator.

Prerequisites

A working .NET Web API
Google Authenticator or Microsoft Authenticator installed on your phone

Step 1: Setting up
Install the following NuGet packages:

dotnet add package QRCoder
dotnet add package OtpNet

Step 2: Adding TOTP Service
This service will generate the secret Key for each user, generate QR codes, and validate OTP

using OtpNet;
using QRCoder;

namespace MFA;

public class TotpService
{
    public string GenerateSecretKey()
    {
        var secretKey = KeyGeneration.GenerateRandomKey(20);
        return Base32Encoding.ToString(secretKey);
    }

    public string GenerateQrCodeUrl(string email, string secretKey)
    {
        var issuer = Uri.EscapeDataString("yourAppName");
        var userEmail = Uri.EscapeDataString(email);

        return $"otpauth://totp/{issuer}:{userEmail}?secret={secretKey}&issuer={issuer}&algorithm=SHA1&digits=6&period=30";
    }

    public byte[] GenerateQRCode(string uri)
    {
        using var qrGenerator = new QRCodeGenerator();
        using var qrCodeData = qrGenerator.CreateQrCode(uri, QRCodeGenerator.ECCLevel.Q);
        using var qrCode = new PngByteQRCode(qrCodeData);

        return qrCode.GetGraphic(20);
    }

    public bool ValidateOTP(string secretKey, string otp)
    {
        var totp = new Totp(Base32Encoding.ToBytes(secretKey));
        return totp.VerifyTotp(otp, out _, VerificationWindow.RfcSpecifiedNetworkDelay);
    }
}

Step 3: Integration TOTP Service into application

User Registration

When registering a user, generate a secret key and a QR code. The secret key should be saved with the user's information in the database, and the QR Code should be displayed to the user.
Using this QR users can register using either Google Authenticator or Microsoft Authenticator.
As a best practice do not keep the 'secretKey' in clear text format. Encrypt this value.

var secretKey = _totpService.GenerateSecretKey();
var uri = _totpService.GenerateQrCodeUrl("chinthakapb@gmail.com", secretKey);
var qrCodeImage = _totpService.GenerateQRCode(uri);

Validating OTP

Once the user logs into the application, provide a place for the user to enter the Time-based OTP generated from either Google Authenticator or Microsoft Authenticator.
Get the 'secretKey' from the database and validate the OTP from the backend.

bool result = _totpService.ValidateOTP(request.SecretKey, request.Code);

The above code will return whether the OTP is valid is not. You can use this to navigate the user into the system or not.

Happy Coding 😀

How to map colors & labels in ApexChart

Chinthaka Bandara — Wed, 15 May 2024 06:47:39 +0000

Problem
When using a donut/pie chart it is mapping the colors in the array to labels in the label order. If there is no value for a particular label, then the whole thing gets messed up. This is a big issue when presenting data that doesn't always come in a predefined order.

Solution
When passing data from the API, pass the colors also in the same order as labels. This way colors of missing labels won't be in the colors array. You have to send the color codes in Hex (#ffffff) format.

const chartOptions = {
    labels: chartData?.labels || [],
    colors: chartData?.colors || [],
        ...
};

<Chart 
    options={chartOptions} 
    series={chartData?.series || []} 
    type='donut' 
    height={300} 
/>

Happy Coding 😉

PowerShell Script Not Digitally Signed

Chinthaka Bandara — Tue, 17 Oct 2023 08:25:10 +0000

When you run a PowerShell script you might get the message saying “xxxx.ps1 is not digitally signed. The script will not execute on the system.”

To fix this issue we have to bypass the PowerShell's execution policy. The following command will do that.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Execution policy Bypass
This means Nothing is blocked and there are no warnings or prompts.

Scope Process
This means only affects the current PowerShell session. The execution policy is saved in the environment variable $env:PSExecutionPolicyPreference, rather than the registry. When the PowerShell session is closed, the variable and value are deleted.

For more information check this article from Microsoft

Node Version Manager

Chinthaka Bandara — Tue, 20 Dec 2022 04:39:24 +0000

Sometimes when you are working as a developer you will have to work on multiple projects or fix up a bug in a old project. All these projects will not have the same node.js version. Then you had to re-install node.js according to the project. This will be a hassle when you had to switch between node.js versions multiple times.

nvm is a version manager for node.js, designed to be installed per-user. nvm works on these platforms: unix, macOS, and windows WSL.

Getting Started

First we have to download and install nvm-windows.
https://github.com/coreybutler/nvm-windows/releases/tag/1.1.11

Usage

Check nvm version

nvm --version

List locally installed versions

nvm ls

Install specific version

nvm install v18.12.1

Uninstall specific version

nvm uninstall 14.17.6

Use specific version

nvm use 18.12.1

Using these commands we can easily navigate across multiple node.js versions

Happy Coding 😉

SonarQube + Docker + .NET Core Code Analysis

Chinthaka Bandara — Wed, 13 Jul 2022 10:13:49 +0000

Writing quality code plays a vital role in the software development life cycle. There are few tools to help us to write cleaner code. SonarQube is one of the tools which has a free community version.
SonarQube performs various analyzes, bugs, code smells, test coverage, vulnerabilities, duplicate blocks.

Install SonarQube on Docker

Let's now install the SonarQube on docker desktop. You should have Docker Desktop installed & logged in. Run this command on command prompt.

docker pull sonarqube

Now we have to do the port mapping

docker run --name Sonarqube --publish 192.168.4.176:9000:9000 sonarqube

Replace the followings with your values
Sonarqube - Name of the containter (Sonarqube)
192.168.4.176 - IP Address of the PC
9000 - Port that we are going to map

once the installation completes, Open your browser & go to http://localhost:9000, it will prompts you to change the "admin" password. After that you will be directed to SonarQube home page.

Install SonarScanner for .NET Core Global Tool

dotnet tool install --global dotnet-sonarscanner

Create a project in SonarQube

click on the "Manually" option & on the next screen provide name & key for the project.
In this article we will go with a local repository.
Provide a name for the token & press "Generate" button. Once token is generated press on "Continue" button to run analysis on your project.

Run analysis on your project

Select ".NET" as the build type & ".NET Core" as the build tool.
Go to the root folder of your .NET Core project solution & open a command prompt from it. Now we can run the commands provided in the page one by one in the command prompt.

dotnet sonarscanner begin /k:"DemoProject" /d:sonar.host.url="http://localhost:9000"  /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"

dotnet build

dotnet sonarscanner end /d:sonar.login="sqp_4f474d2d735dec2daa03b382cfde19ddc59cb18c"

make sure to save these commands to re-run the code analysis.
Once the last commands completes the page will be automatically refreshed with the report.

Happy Coding 😀

Tenant App Catalog vs Site Collection App Catalog in SharePoint Online

Chinthaka Bandara — Fri, 20 May 2022 08:16:25 +0000

Tenant App Catalog in SharePoint Online is the central place for managing all your SharePoint Apps/add-ins and SPFx solutions. The deployed packages are visible to all site collections.
With the introduction of Site Collection App Catalogs, tenant administrators can enable app catalogs in selected sites. Once enabled site collection admin can deploy packaged into that particular site collection.

Let’s compare the Tenant App Catalog & Site Collection App Catalogs

	Tenant App Catalog	Site Collection App Catalog
Availability	All the sites in the tenant	Only selected site collection
Who can deploy	Tenant Administrator	Site Collection Administrator
When to use	- Manage the apps centrally - Have apps available globally	- Try-out apps - Apps are specific to a site collection - Developing an App and want to make sure that app is only available in a specific site
Limitations	-	Configure and manage using the SharePoint Online Management Shell
Security	Tenant Administrator has the option to verify all the apps being deployed	Site Collection Administrator has the option to verify all the apps being deployed. Although solutions installed, can be used only in a particular site, they can potentially access resources from other sites in the tenant

Enable Site Collection App Catalog
Run the following commands in "SharePoint Online Management Shell"

Connect-SPOService -Url https://<site name>-admin.sharepoint

When prompt enter your tenant administrator credentials

Add-SPOSiteCollectionAppCatalog -Site https://<site name>.sharepoint.com/sites/DemoAppCatalog

This command will create a App Catalog in "DemoAppCatalog" site as shown in the below image

Deploy Apps into Site Collection App Catalog

Navigate to the Site Contents page of the Site Collection you have enabled app catalog
Click on the “Apps for SharePoint” list
Upload your custom solution .sppkg or .app file to the library
If its a .sppkg, You’ll get a prompt asking if you trust the solution and if you would like to “Make this solution available to all sites in the organization”. Make sure to check this option and then click Deploy.

Disable Site Collection App Catalog
Run the following commands in "SharePoint Online Management Shell"

Connect-SPOService -Url https://<site name>-admin.sharepoint

When prompt enter your tenant administrator credentials

Remove-SPOSiteCollectionAppCatalog -Site https://<site name>.sharepoint.com/sites/DemoAppCatalog

After executing this script, the Apps for SharePoint library will be still visible in your site collection, but you will not be able to deploy or use any solutions deployed in it.

Happy Coding 😉

Install Oracle 12C with Docker

Chinthaka Bandara — Mon, 27 Sep 2021 10:37:04 +0000

Installing oracle database is a very tedious task. But with the help of Docker Containers, it can be easily done. With this solution, it gives developers the flexibility to work with multiple databases without the hassle.

Prerequisites

Docker Installation
Docker Hub Account
Oracle Account (for downloading SQL Developer)

Head into Oracle Database Enterprise Edition & agree to terms & conditions.

Installation

Open Windows Terminal & run the following commands

docker login

Download Oracle Image

docker pull store/oracle/database-enterprise:12.2.0.1

Run Image

docker run -d -p 1521:1521 --name oracle store/oracle/database-enterprise:12.2.0.1

Connect to container

docker exec -it oracle bash -c "source /home/oracle/.bashrc; sqlplus /nolog"

Once the above command executes it will connect you to the SQL Plus terminal. Execute following commands to create the user to work on

connect sys as sysdba;

Above command will prompt you to enter the password. Enter Oradoc_db1 as default password

Next, run the below commands one by one

alter session set "_ORACLE_SCRIPT"=true;
create user <username> identified by <password>;
GRANT ALL PRIVILEGES TO <username>;

Now we can connect to the above created Oracle schema using Oracle SQL Developer

Use the following values when login

Property	Value
Username	entered user
Password	entered password
Hostname	localhost
Port	1521
Service Name	ORCLCDB.localdomain

Happy Coding 😀