Tim Van Wassenhove home

What good is a TimeOTP client if you don’t have anything to use it with? Last week i have implemented a MembershipProvider that uses Time-based One-Time Password to validate the user credentials. Basically, it is a wrapper around an existing MembershipProvider, you get to choose which one via the providerType attribute in the configuration, and requires that it can access the password of users. Here is an example configuration that relies on the SqlMembershipProvider

<?xml version="1.0"?>
<configuration>
	<connectionStrings>
		<add name="MyDatabase" connectionString="xxxxx" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	
	<system.web>
		<membership defaultProvider="OTPMembershipProvider"> <providers> <add connectionStringName="MyDatabase" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/DemoOTP" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="OTPMembershipProvider" type="Be.Timvw.Framework.Web.Security.OneTimePasswordMembershipProvider, Be.Timvw.Framework.Web" providerType="System.Web.Security.SqlMembershipProvider, System.Web" /> </providers> </membership>
		<authentication mode="Forms" />
		<authorization>
			<allow users="timvw"/>
			<deny users="*"/>
		</authorization>
	</system.web>
</configuration>

While i was writing unittests i ran into a couple of issues

Anyway, you can find the implementation of the MembershipProvider in BeTimvwFramework and download the demo webapplication.