Two-factor authentication for Smartsite Manager

Access to the Smartsite manager can be secured more fully using two-factor authentication. In this process, the user is sent an access code. Smartsite 7.10 ships with two built-in providers:

  • EmailTwoFactorProvider
  • SmsTwoFactorProvider

Enable two-factor authentication by adding the application settingĀ 

<add key="security.twofactor.provider" value="Smartsite.Manager.{providerName}, Smartsite.Manager" />

to the WWWMgr web.config.

Email

Sends an email to the user attempting to log in through the standard configured SMTP server, from the configured DefaultSenderAddress. The subject and message body are read from the localized string resources "LOGIN_2_FACTOR_EMAIL_SUBJECT" and "LOGIN_2_FACTOR_EMAIL_BODY". These can be overriden as needed through the Localization Strings manager action. The body text supports the placeholders {confirmationcode}, {username} and {sitename}.

Note that users who do not have an email address configured will no longer be able to log in to the Smartsite manager.

SMS text message

Sends an sms text message through MessageBird.com, which requires an account. The account is selected through the application setting "security.twofactor.sms.senderaddress". The message text is read from the localized string resource "LOGIN_2_FACTOR_SMS_MESSAGE". The message text supports the placeholdersĀ {confirmationcode} and {sitename}.

Note that users who do not have a PhoneMobile configured will no longer be able to log in to the Smartsite manager.