Two Factor Login

ASP.NET Zero is ready to provide two factor login, but it's disabled as default. You can easily enable it in host settings page in security tab:

Two factor settings

Note: In a multi-tenant application, two factor authentication is available to tenants only if it's enabled in the host settings. Also, email verification and SMS verification settings are only available in the host side. This is by design.

When it's enabled, user is asked to select a verification provider after entering user name and password:

Send security code

Then a confirmation code is sent to the selected provider and user enters the code in the next page:

Verify security code

Email Verification

This is available if user has a confirmed email address. Since email sending is disabled in debug mode, you can see the code in logs. In release mode, email will be sent (You can change this and make emailing available in also debug. See sending emails section).

SMS Verification

This is available if user has a confirmed phone number. SMS sending is not implemented actually (because it requires an integration to an SMS vendor). Current implementation just writes security code to logs. You should complete SmsSender class in the solution to make it usable. Otherwise, disable SMS verification in the settings.

Authenticator Verification

This is available if user has enabled two factor authentication in his/her profile. You can enable it in profile page:

Enable two factor authenticator app

Then user can scan the QR code with an authenticator app (like Google Authenticator) and enter the code in the next page:

Authenticator verification

Then user can see his/her recovery codes:

Authenticator recovery codes

That's it. Now user use authenticator app to verify himself/herself.

Authenticator enabled

You can also disable two factor authentication and view the recovery codes again:

Disable two factor authenticator app

Twilio Integration

In order to enable Twilio integration, just uncomment the following line in your CoreModule (in your .Core project):


You also need to configure AccountSid, AuthToken and SenderNumber in appsetting.json file.


In this document