Generate OTP Code for Authentication in C#

Here in this blog post, we will demonstrate how to generate OTP code in .NET C# that can be used for muti factor authentication same as google doing for 2 factor authentication using Google Authenticator app.

Generate OTP Code for Authentication in C#

What is OTP Code

OTP code generally known as TOTP stands for Time-Based One-Time Password. It's a type of (2FA) Two-Factor-Authentication method used to improve the security of logins by generating short-lived, one-time code.

It is one-time secret and shared key, generally has 6-8 digits one time number that changes every 30 seconds which is usually establishes when you set up 2 factor authentication.

Use of OTP Code

1. OTP authentication adds a second layer of security beyond just a password.
2. Even if someone steals your password, they still need access to your TOTP-generating device to log in.

Common TOTP Apps:

1. Google Authenticator
2. Microsoft Authenticator
3. Authy
4. 1Password
5. FreeOTP

Generate TOTP Code in C#

In C#, you can implement TOTP using the OATH algorithm (RFC 6238). The easiest way to do this is with a library like Otp.NET, which handles TOTP/HOTP generation and verification.

To use the Otp.Net library you need to install it. Install the library using Visual Studio's NuGet Package Manager or NuGet Package Manager Console.

Instal Via NuGet Package Manager

1. Right-click on the project in Solution Explorer.
2. Select Manage NuGet Packages.
3. Go to the Browse tab.
4. Search for Otp.NET.
5. Select the correct package (usually by kspearrin)
6. Click Install and accept any license prompts.

Instal Via NuGet Package Manager Console

1. Open Tools > NuGet Package Manager > Package Manager Console.
2. Run this command:

    Install-Package Otp.NET  
   

Generating and Verifying a TOTP

 using OtpNet;  
 using System;  
 class Program  
 {  
   static void Main()  
   {  
     // Generate a random 20-byte secret key (or load one from your user DB)  
     var key = KeyGeneration.GenerateRandomKey(20);  
     // Convert to base32 for user to scan with authenticator app (e.g., Google Authenticator)  
     var base32Secret = Base32Encoding.ToString(key);  
     Console.WriteLine("Secret (Base32): " + base32Secret);  
     // Generate the current TOTP  
     var totp = new Totp(key);  
     var code = totp.ComputeTotp(); // code valid for 30 seconds  
     Console.WriteLine("Current TOTP: " + code);  
     // Validate a code  
     Console.Write("Enter the TOTP to verify: ");  
     var userInput = Console.ReadLine();  
     bool isValid = totp.VerifyTotp(userInput, out long timeStepMatched, VerificationWindow.RfcSpecifiedNetworkDelay);  
     Console.WriteLine("Is valid: " + isValid);  
   }  
 }  

A short explanation about 2FA authentication

Two-Factor Authentication (2FA) is a security process that requires two different types of verification to prove your identity when logging into an account. It is something like your password.

Summary

TOTP or OTP code is a one-time secret and shared key used in 2FA authentication, which provides an extra layer of security. It can be implemented in C# using the Otp.NET library. I hope you now have a clear idea about OTP codes and how to implement them in C#

Thanks