How to Implement 2-Step Verification in ASP.NET MVC
page 5 of 12
by Keyvan Nayyeri
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 94875/ 175

Verification Code Generation

The next step is to have a simple component that generates verification codes. Here, you have to note that having a short code may not be a good idea since it’s easy to generate automatically, and having a long code makes it hard for the end user to read and type it from his cell phone. I believe that a string between 6 to 8 characters would be fine. Besides, a string that consists of numbers can increase the chances of auto-generated attacks, and I’d prefer to use a combination of letters and numbers.

For this example, I use a simpler code verification component from what I would put on production. I had a blog post on writing a library for generating random passwords with different requirements in details before, and this code generation is exactly the same scenario, and that library can serve for this purpose as well.

Having this background, the code generator class looks like the code in Listing 2. It generates a random string of 8 characters long including 4 lower case letters and 4 numbers.

Listing 2: Random code generation

using System;
using System.Collections.Generic;
 
namespace AspNetPhoneVerificationSample.Components
{
    public static class CodeGenerator
    {
        public static string GenerateCode()
        {
            List<char> chars = new List<char>();
 
            chars.AddRange(GetLowerCaseChars(4));
            chars.AddRange(GetNumericChars(4));
 
            return GenerateCodeFromList(chars);
        }
 
        private static List<char> GetLowerCaseChars(int count)
        {
            List<char> result = new List<char>();
 
            Random random = new Random();
 
            for (int index = 0; index < count; index++)
            {
                result.Add(Char.ToLower(Convert.ToChar(random.Next(97, 122))));
            }
 
            return result;
        }
 
        private static List<char> GetNumericChars(int count)
        {
            List<char> result = new List<char>();
 
            Random random = new Random();
 
            for (int index = 0; index < count; index++)
            {
                result.Add(Convert.ToChar(random.Next(0, 9).ToString()));
            }
 
            return result;
        }
 
        private static string GenerateCodeFromList(List<char> chars)
        {
            string result = string.Empty;
 
            Random random = new Random();
 
            while (chars.Count > 0)
            {
                int randomIndex = random.Next(0, chars.Count);
                result += chars[randomIndex];
                chars.RemoveAt(randomIndex);
            }
 
            return result;
        }
    }
}

View Entire Article

User Comments

Title: No source code?   
Name: Larry Q
Date: 2011-12-07 10:39:10 AM
Comment:
Hi everyone,

I enjoyed Keyvan's article very much, however the source code link doesn't work. Is it possible to get the source from another location? Many thanks for writing this article, before I forget.

-Larry






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2020 ASPAlliance.com  |  Page Processed at 2020-07-05 11:23:29 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search