Phone Number Validation (without two-factor authentication)

[khaledelmahdi]

I am trying to validate that the user entered a valid email address and phone number. I don't want to use them for two-factor authentication, just to confirm that we have both valid email and mobile.

The email part is working fine. My issue is with the phone part.

This is what I am doing:

1. The user register and I insert the data as follow:

var user = new User {
    FirstName = model.FirstName,
    LastName = model.LastName,
    UserName = model.Email,
    Email = model.Email,
    PhoneNumber = model.Mobile
};
var result = await _userManager.CreateAsync(user, model.Password);

2. Email verification happen.

3. When the user login, I check if the user.PhoneNumberConfirmed is true (all fine continue) if false (the user didn't verify the phone number) i have this code:

if (!user.PhoneNumberConfirmed)
{
    var code = await _userManager.GenerateChangePhoneNumberTokenAsync(user, user.PhoneNumber);
    await _smsSender.SendSmsAsync(user.PhoneNumber, "Your security code is: " + code);
    return RedirectToAction(nameof(VerifyPhoneNumber), new { PhoneNumber = user.PhoneNumber });
}

I do get an SMS to the registered phone number, but the security code seems as if it is for the email verification not the phone. Sample of the sms:

Your security code is: CfDJ8KHDKnJMUoZDqp45kWWHlYUmeKZC/NdiL6Qssar+Yj00N+CK09pftakRBcU+KXDYrXLbngH5v+5FHrHMUvHiYZke5WeJw2Pefp2tr6RlmwVX3fJ124av9WkPiY0CfK9NMH9njWcEfe7oMSF.....

Any idea how to fix this?

I am using .NET 2.0.0-preview2-006497

[wdominik]

Got the same issue with 2.0.0 final. I migrated to the new way of 2FA but I still need SMS for urgent user communication and phone verification is required for obvious reasons.

I suggest to either change this back to 6 digits code which are more reasonable in this case (imho) or provide a way to configure the behavior.

Thanks!

[blowdart]

Dupe of #1388