2FA - A2F

Owned by Alexandre Bédard
Last updated: Jul 12, 2024 by Veronique
2 min read

System Profile

System Full Name

Two Factor Authentication

System Full Name (French)

Authentification à deux facteurs

NTARS Code

 

Source Code Location (Archived)

https://dev.azure.com/transport-canada/DSD-ASD/_git/2FA

Source Code Location

https://dev.azure.com/transport-canada/DSD-CIVAV Support/_git/2FA

Technology Assessment

Platform Type

Web (External)

Database Platform and Version

Oracle 18c

Development Language and Framework

ASP.NET + C#

Operating System and Version

Windows Server 2016

Additional Dependencies

 

Authentication

 

Environment Access Information

ENV

UNC

WWWFILES

URL

DB

ENV

UNC

WWWFILES

URL

DB

DEV

\\ncrws548\TPwwwroot\eigdev\secure\2FA

 

 

TTSXD

DEV(GART GCKEY)

\\ncrws548\TPwwwroot\eigdev\secure\2FA

 

https://secweb-dev.tc.canada.ca/secure/2FA

TTSXD

PREACC

 

 

 

PREACC_CA

ACC

\\ncrws548\TPwwwroot\eigacc\secure\2FA

 

https://secweb-test.tc.canada.ca/secure/2FA

TTSXA18

PROD

 

 

 

TTSXP18

System Overview

An online tool to allow 2 factor authentication (via SMS) within external Apps.

Used for 2FA for eMER application to Authenticate the user after the first stage authentication is done by GC Key. Users register in GC Key , entering their username and password and once authenticated, the control is passed to 2FA for the second stage of authentication. How the control is passed from GC Key to 2FA and any required configuration will be added later once I found out.

 

2FA does many thing as shown (but not limited to) in the following diagram:

 

 

2FA generates One Time Passcode (OTP) and send it to 2FA web proxy along with the user’s phone number. (please refer to 2FA Web Proxy for more details: 2FA Web Proxy - Proxy Web A2F )

Once the users receive OTP in their phone (through Twilio or GC Notify or any sms service provider), they enter the OTP and 2FA checks and authenticate the user.

A DLL called ToTpHelper is used to get the pin (OTP) , its parameter is created by calling a function within CryptoHelper (another DLL) with parameters such as certificate and other params.

 

At the same time 2FA is responsible regarding many other tasks such as generating OTP and sending it to 2FA Web Proxy, checking if the code is expired (timeout), Get current user using Mbun, clearing the PIN, get user role, Validating PIN, verifying user info, checking if user is locked, checking activation attempts and many others. 2FA stores some user’s information in the database such as stakeholder, stakeholder role, application ID and some other.

2FA is in Gart server (restricted zone) so it cannot directly calls an outside service, this is where 2FA Web Proxy comes to the picture. 2FA Web Proxy is deployed in operational zone so it can consume any external service including Twilio and GC Notify.

https://034gc.sharepoint.com/sites/DSD-CivilAviation/Shared%20Documents/2FA/MicrosoftTeams-image%20(1).png

Good To Know

TCAPPSTEST and WWWAPPSTEST Web Farm

\\tctestmaster\tcappsroot (tcappstest web site code)

\\tctestmaster\wwwappsroot (wwwappstest web site code)

 

\\ncrws488\logfiles (All IIS logs, events, IIS logs, Failed Request, etc.)

\\ncrws488\logfiles\W3SVC4 (wwwappstest IIS logs)

\\ncrws488\wwwfiles (Application Logs)

 

\\ncrws489\logfiles (All IIS logs, events, IIS logs, Failed Request, etc.)

\\ncrws488\logfiles\W3SVC3 (tcappstest IIS logs)

\\ncrws489\wwwfiles (Application Logs)

 

Gart IIS Logs
\\tcwebscripts\GACSIISLogs
Gart Application Logs
\\tcwebscripts\GACSwwwfiles

Decommissioning of GART server in DEV:

The web group is working on decommissioning of GART Server (secweb-dev.tc.canada.ca ), starting with DEV Environment. 2FA is migrated to the new server in DEV, tested and working properly. The link and path are updated accordingly.

How-To and Fixes