Plugging Twilio SMS in to the ASP.NET Identity Message Service

If you want to enable 2-factor authentication in ASP.NET, ASP.NET Identity and Twilio make it silly easy to do so.

Step 1: Setting Up Your Project for ASP.NET Identity
From Visual Studio, start with an ASP.NET Web Application and select the MVC Template.  In this example I’ll use the Authentication option ‘Individual User Accounts’, which under the covers is really just adding the ASP.NET Identity NuGet packages for you.  For an existing application you could manually include the ASP.NET Identity NuGet packages, but I would take a look at the ASP.NET Identity Samples App first to get familiar with what it offers.

Create an MVC project with Individual Accounts.
Create an MVC project with Individual Accounts.

Congratulations, you now have an MVC application with ASP.NET Identity management!  In the App_Start folder a class file named IdentityConfig.cs was added by the NuGet package.

The IdentityConfig.cs file has multiple classes in it (StyleCop may have something to say about that), and the one that controls SMS is named SmsService.  Scroll down to it and you’ll see a single placeholder method to send an SMS message asynchronously.

SMS Service Class
The SmsService class in IdentityConfig.cs

Step 2: Set-up Twilio for SMS
Now it’s time for Twilio!  Sign up for a free Twilio account.  To do this simply press the ‘Sign Up’ button on the Twilio site and you’ll be prompted to create an account.  The account is free and you don’t need to enter in any payment information.  During the sign-up process it will ask to verify your mobile phone number prior to assigning you a phone number in your Twilio account.

The reason for verifying your own phone number first has to do with the free trial account that gets set up.  While in trial/sandbox mode, a phone number is created and made available to you for free, however one of the limitations is it can only communicate with a number you register and verify with Twilio.  More details of how a Twilio free trial account works can be found here.

Now that you have a Twilio account and phone number, you’ll need three pieces of information to get ASP.NET Identity 2-factor authentication via SMS working: your Twilio phone number, account SID, and Auth Token.  These can be found on the Twilio Account page.  Make a note of this information.

Twilio account page
You’ll need the Account SID, Auth Token, and your Twilio assigned phone number.

Now back to the ASP.NET application that you created.  Simply install the Twilio NuGet package to add support for their API.

PM> Install-Package Twilio

In the SmsService class in IdentityConfig.cs, the TwilioRestClient will be used to send the SMS messages supporting 2-factor authentication.

public class SmsService : IIdentityMessageService
	public Task SendAsync(IdentityMessage message)
		// Plug in your sms service here to send a text message.
		// set our AccountSid and AuthToken

		// instantiate a new Twilio Rest Client
		var client = new TwilioRestClient(AccountSid, AuthToken);
		client.SendMessage("14085551111", message.Destination, message.Body);

		return Task.FromResult(0);

In the above code, your Twilio Account SID and Auth Token are set to variables.  The TwilioRestClient takes them as parameters (more info about the TwilioRestClient can be found in this section of the Twilio docs).  The SendMessage method takes the following parameters: your Twilio assigned phone number, the recipient phone number, and the message.  The IdentityMessage object contains both the recipient (message.Destination) and the message text (message.Body).

Step 3: Using 2-factor Authentication For Your Account
Run your application and log in.  You can manage your account by clicking on your user name in the top right.  An account management screen is shown.

First add your phone number; it should be the same phone number that you verified when you created the Twilio account.

Add your phone number to your account
Click on the Add link to enter the phone number you previously verified when creating your Twilio account.

You’ll be asked to verify this phone number.  If you hooked up Twilio correctly within your app’s SmsService class, you will get a text with the verification code.  Enter that code to verify your phone number for the ASP.NET Identity service.

Enter verification code
Enter the code sent via SMS to verify your phone number.

Now enable 2-factor authentication on your account.

Enable two factor authentication for your account
Enable 2-factor authentication for your account.

To test it out, sign out of your app.  Log back in and you’ll first enter your username and password.  Next, you’ll be prompted to send a verification code for 2-factor authentication.

Enter verification code
Enter the received 2-factor verification code to complete login.

That code will be sent via SMS; enter it when prompted.  Once you press the Submit button, you’ll finally be logged in.

When you’re ready to go to production, upgrade your Twilio account and update that information in the SmsService class.

2 Replies to “Plugging Twilio SMS in to the ASP.NET Identity Message Service”

Leave a Reply

Your email address will not be published.