Jeremy Hinz Jeremy Hinz - 1 year ago 67
ASP.NET (C#) Question

Require a pin to create an account ASP.NET C#

I am trying to create a basic website that when a person registers with the site they have to have an access pin to complete creating the account. I'm hoping to have the key as a rotating key which has to be provided by our company for people to create an account with us.

I have looked on the internet and several forums and not finding a simple straight forth approach. Any help is appreciated.

Answer Source

The easiest way to create the rotating PIN like you describe would be to figure out the interval that you want it to rotate on (hours, days, weeks, etc), reduce the current date and time to that interval, then hash it down to a shorter, easier to enter number that you can give to users as needed. Whether or not this whole plan is a good idea or not, I'll leave up to you, but it isn't something I would recommend.

As a very simple example, this is a (very poor) method of generating a PIN for a particular date. Please do not use this method in your real program, it is for demonstration purposes only. I'm not responsible if you do use it, and get hacked.

static void Main(string[] args)
{

    Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 26)));
    Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 27)));
    Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 28)));
    Console.WriteLine(GetPinForDate(new DateTime(2017, 7, 29)));

    Console.ReadLine();
}

static string GetPinForDate(DateTime targetDate)
{
    var days = Math.Floor((targetDate - new DateTime(2000, 1, 1)).TotalDays);
    return (days.GetHashCode() << 8).ToString().Substring(6);
}

It produces the following output:

33760
68224
02688
37152

In your real program, you would collect the PIN from the user during registration and compare it to the pin generated by this function for the current date. If they match, allow the user to continue, if not, yell at them. You could have a small program that just displays the PIN for the current date using the same method running at your office, that you give out when someone calls and wants to create an account.


Just to explain, there are 2 main reasons I don't recommend this pattern.

  • The first is that it is just an odd authentication mechanism, it seems inconvenient for you, and is easily bypassed if someone figures out how to generate the PIN pattern.

  • In this particular example, the hashing is very weak, and untested. I came up with it in 30 seconds, and only tested it against 5 dates. There may be (and most likely are) cryptographic weaknesses in it that make guessing the PIN for a particular date fairly trivial.

I better method would be to use the existing authentication mechanisms in MVC. Add an Approved flag to your user accounts that is set to false by default. Let users create an account, and call you to request approval and activation, which is done on your end by modifying the flag through a web interface.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download