{"id":25232115,"url":"https://github.com/mreshboboyev/multi-factor-authentification","last_synced_at":"2026-05-06T10:32:32.384Z","repository":{"id":275103869,"uuid":"925056428","full_name":"MrEshboboyev/multi-factor-authentification","owner":"MrEshboboyev","description":"This repository demonstrates a Multi-Factor Authentication (MFA) system in .NET, built using Domain-Driven Design (DDD) and Clean Architecture. It includes secure user registration, token-based authentication, MFA activation, recovery codes, and login with MFA enforcementβ€”enhancing security while maintaining flexibility.","archived":false,"fork":false,"pushed_at":"2025-10-22T19:00:07.000Z","size":68,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-22T20:44:22.497Z","etag":null,"topics":["c-sharp","clean-architecture","domain-driven-design","dotnet-core","jwt-authentication","login-protection","multi-factor-authentication","recovery-codes","rest-api","security","software-architecture"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MrEshboboyev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-01-31T06:17:52.000Z","updated_at":"2025-10-22T19:00:11.000Z","dependencies_parsed_at":"2025-06-21T12:37:27.091Z","dependency_job_id":"f222d5e8-38a5-49f0-b419-bc982aafce86","html_url":"https://github.com/MrEshboboyev/multi-factor-authentification","commit_stats":null,"previous_names":["mreshboboyev/multi-factor-authentification"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MrEshboboyev/multi-factor-authentification","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrEshboboyev%2Fmulti-factor-authentification","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrEshboboyev%2Fmulti-factor-authentification/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrEshboboyev%2Fmulti-factor-authentification/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrEshboboyev%2Fmulti-factor-authentification/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MrEshboboyev","download_url":"https://codeload.github.com/MrEshboboyev/multi-factor-authentification/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrEshboboyev%2Fmulti-factor-authentification/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32689126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T08:33:17.875Z","status":"ssl_error","status_checked_at":"2026-05-06T08:33:17.221Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-sharp","clean-architecture","domain-driven-design","dotnet-core","jwt-authentication","login-protection","multi-factor-authentication","recovery-codes","rest-api","security","software-architecture"],"created_at":"2025-02-11T12:55:16.955Z","updated_at":"2026-05-06T10:32:32.375Z","avatar_url":"https://github.com/MrEshboboyev.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# πŸ” Advanced Multi-Factor Authentication (MFA) in .NET πŸš€ \n\nThis project implements **Advanced Multi-Factor Authentication (MFA)** in **.NET** using **Domain-Driven Design (DDD) and Clean Architecture**. It provides enterprise-grade security with multiple authentication factors, device management, rate limiting, and more.\n\n---\n\n## 🌟 Key Features \n\nβœ… **User Registration** – Secure account creation with password hashing. \nβœ… **Token-Based Authentication** – Standard **JWT token issuance** upon login. \nβœ… **Multiple MFA Methods** – TOTP, Backup Codes, Recovery Codes \nβœ… **QR Code Setup** – Easy TOTP app integration with QR codes \nβœ… **Device Management** – Track and trust devices \nβœ… **Rate Limiting** – Protection against brute-force attacks \nβœ… **Session Management** – Secure session handling \nβœ… **MFA Setup Wizard** – Guided MFA configuration \nβœ… **API Documentation** – NSwag integration for Swagger UI \nβœ… **Domain-Driven Design (DDD) \u0026 Clean Architecture** – Modular, maintainable, and scalable. \n\n---\n\n## πŸ” Advanced MFA Methods\n\n### **1️⃣ Recovery Codes** (Original)\n- Traditional method from the base implementation\n\n### **2️⃣ Time-based One-Time Passwords (TOTP)**\n- Industry standard TOTP implementation (Google Authenticator, Authy, etc.)\n- QR code setup for easy configuration\n- 6-digit codes refreshed every 30 seconds\n\n### **3️⃣ Backup Codes**\n- 10 single-use backup codes for account recovery\n- Format: XXXX-XXXX\n- Regeneratable at any time\n\n---\n\n## πŸ”„ Enhanced MFA Workflow \n\n### **1️⃣ User Registration** \n- A new user registers via the `/register` endpoint with **email and password**. \n\n### **2️⃣ Standard Login (No MFA)** \n- User logs in via `/login` endpoint. \n- **If MFA is disabled**, a **JWT token** is issued. \n- **If MFA is enabled**, login is **blocked**, and the user must use MFA. \n\n### **3️⃣ MFA Setup Wizard** \n- User calls the `/mfa-setup-wizard` endpoint. \n- System automatically:\n - Enables MFA if not already enabled\n - Generates recovery code\n - Sets up TOTP with QR code\n - Generates 10 backup codes\n- Returns all information in a single response\n\n### **4️⃣ MFA Authentication Options** \nUser can authenticate using any of these methods:\n- **TOTP Code** via `/validate-totp`\n- **Backup Code** via `/validate-backup-code`\n- **Recovery Code** via `/login-with-mfa`\n\n### **5️⃣ Device Management** \n- Track devices used for authentication\n- Trust devices to bypass MFA for a period\n- Manage trusted devices via API\n\n### **6️⃣ Disabling MFA** \n- User calls `/disable-mfa` endpoint. \n- All MFA methods are disabled, and the user can log in normally. \n\n---\n\n## πŸš€ Technologies Used \n\nπŸ”Ή **.NET Core** – Secure authentication framework. \nπŸ”Ή **JWT Authentication** – Token-based security mechanism. \nπŸ”Ή **Domain-Driven Design (DDD)** – Structured, scalable architecture. \nπŸ”Ή **Clean Architecture** – Separation of concerns for maintainability. \nπŸ”Ή **Otp.NET** – TOTP implementation for time-based codes \nπŸ”Ή **NSwag** – API documentation and Swagger UI \nπŸ”Ή **Fluent Validation** – Ensuring strong input validation. \nπŸ”Ή **Serilog** – Centralized logging for security auditing. \nπŸ”Ή **MediatR** – Clean command/query handling \n\n---\n\n## πŸ›  Getting Started \n\n### **Prerequisites** \nBefore using this system, ensure you have: \nβœ… **.NET SDK installed** \nβœ… **A database for user authentication** \nβœ… **Postman or Swagger UI** for API testing \n\n### **Step 1: Clone the Repository** \n```bash \ngit clone https://github.com/MrEshboboyev/multi-factor-authentification.git \ncd multi-factor-authentification \n``` \n\n### **Step 2: Install Dependencies** \n```bash \ndotnet restore \n``` \n\n### **Step 3: Run the Application** \n```bash \ndotnet run \n``` \n\n---\n\n## 🌐 API Documentation \n\n### **Swagger UI** \nWhen running the application in **Development** mode, you can access the Swagger UI at: \n```\nhttps://localhost:5001/swagger\n```\n\n### **API Documentation** \nThe OpenAPI specification is available at: \n```\nhttps://localhost:5001/swagger/v1/swagger.json\n```\n\n---\n\n## 🌐 API Endpoints \n\n| Method | Endpoint | Description |\n|--------|----------------------------|-------------|\n| POST | `/register` | Registers a new user |\n| POST | `/login` | Logs in a user (JWT issued if MFA is disabled) |\n| POST | `/login-with-mfa` | Logs in a user with recovery code |\n| POST | `/enable-mfa` | Enables MFA and generates a recovery code |\n| POST | `/disable-mfa` | Disables MFA for the user |\n| POST | `/setup-totp` | Sets up TOTP and returns QR code URL |\n| POST | `/validate-totp` | Validates TOTP code and issues JWT |\n| POST | `/generate-backup-codes` | Generates new backup codes |\n| POST | `/validate-backup-code` | Validates backup code and issues JWT |\n| POST | `/mfa-setup-wizard` | Complete MFA setup in one call |\n| POST | `/manage-trusted-device` | Trust/Untrust devices |\n\n---\n\n## πŸ” Security Measures \n\nβœ… **Multiple Authentication Factors** – TOTP, Backup Codes, Recovery Codes \nβœ… **Rate Limiting** – Account lockout after 5 failed attempts \nβœ… **Device Tracking** – Monitor authentication devices \nβœ… **Session Management** – Secure session handling \nβœ… **JWT-Based Authentication** – Secure token issuance and validation. \nβœ… **Password Hashing** – User passwords are encrypted before storage. \nβœ… **Input Validation** – Strong validation on all endpoints \n\n---\n\n## πŸ§ͺ Testing \u0026 Quality Assurance \n\nβœ… **Unit Testing** – Covers authentication and security workflows. \nβœ… **API Testing** – Supports Postman, Swagger UI, and automated tests. \nβœ… **Security Testing** – Rate limiting, brute force protection. \nβœ… **Logging \u0026 Monitoring** – Tracks login attempts and security events. \n\n---\n\n## πŸ”₯ Why Use This Project? \n\nβœ… **Enterprise-Grade Security** – Multiple MFA methods and protections \nβœ… **Scalable \u0026 Maintainable** – Built using **DDD \u0026 Clean Architecture**. \nβœ… **Ready for Production** – Implements industry security best practices. \nβœ… **Developer Friendly** – Clean APIs and comprehensive documentation \nβœ… **Extensible** – Easy to add new authentication methods \n\n---\n\n## πŸ— About the Author \nDeveloped by [MrEshboboyev](https://github.com/MrEshboboyev), a **.NET expert** specializing in **secure authentication, clean architectures, and enterprise software development**. \n\n## πŸ“„ License \nThis project is licensed under the **MIT License**. Feel free to use and contribute! \n\n---\n\nπŸš€ **Ready to implement advanced MFA in your .NET applications?** Clone the repo and start securing your users today!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmreshboboyev%2Fmulti-factor-authentification","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmreshboboyev%2Fmulti-factor-authentification","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmreshboboyev%2Fmulti-factor-authentification/lists"}