This library provides some "tools" for dealing with authentication like MVC attributes to add another authentication factor when accessing specific MVC actions.
The purpose of this project is to provide tools for an MVC application developer to ease some tasks in the field of authentication and authorization.
What problems does it solve?
In web applications you face issues like getting a 2nd factor of authentication for specific actions or preventing the usage of attack tools like havij. This library provides you with easy to use ASP.Net MVC attributes to handle such challenges.
Current feature list:
Attribute based additional authentication factor for MVC controller actions
The attribute "YubikeyCheck" validates a YubiKey (http://www.yubico.com/) token string and redirects to a specific page if the token is not valid (list of users that are allowed to authenticate via YubiKey can be configured inside an XML file). If you have a different 2nd factor, you can inherit from an abstract base class “AuthenticationCheck” that does provide some of the “infrastructure” for such a check.
Attribute based throttling of requests from one client
The attribute "MinimumRequestTimeDistance" allows to set a minimum of time between two requests from a single client for a specific controller action. With the attribute "FastRequestsProtection" you can specify how many requests per second can be issued from one client (this allows the client to issue "n" requests simultaneously, but then the client has to wait). Both attributes will lower the effectiveness of automated attack tools that mostly rely on a mass of requests issued in short time.
Install-Package Sem.Authentication -Version 1.0.0
dotnet add package Sem.Authentication --version 1.0.0
<PackageReference Include="Sem.Authentication" Version="1.0.0" />
paket add Sem.Authentication --version 1.0.0
- YubicoDotNetClient (>= 1.0.0)
This package is not used by any popular GitHub repositories.