Two Factor Authentication

Sample code showing how to do two factor authentication using PowerBuilder

Bruce, I confirm that QR identification works fine for me in both PB2019/PS2020 and PB2021/PS2021 environments. Thanks, George

Hi Bruce,

We were able to make it work in PS 2020. The issue was related to the Encode function and not related to the QR Code. We created a DLL to encompass Encode function and call it from Powerbuilder and it resolved our issues on web. This was suggested to us by Appeon ....see below

---

For base32 encoding, please package it as DLL according to the source code online and then call it in PB. It should work on web too. Please refer to the
article below for details.
gist.github.com/BravoTango86/2a085185c3b9bd8383a1f956600e515f
social.msdn.microsoft.com/Forums/en-US/d...-code?forum=netfxbcl

---

I just tried it with PowerServer 2021 and it worked fine. Of course, that one doesn't attempt to generate a web application. I really can't speak to how it works with PowerServer 2020.

Hi Bruce,

I downloaded this sample and implemented in client-server without any issues using PB 2019 R2. But when we build this into web and deploy it on PowerServer 2020 and try to scan the QR code we get the following error "Error: Key not recognized". We tried to increase the width of the picture object but don't think that is an issue. Does this work on Appeon PowerServer 2020 because to us we think the QR code image might be getting messed on the web. Do you know what we could try to fix it?

Bruce

I deploy to localhost, i.e., to the same server where I ran my C/S application that works fine. But after your message, I checked system time on my server and it is exactly the same as on my IPhone. Moreover, I ran the modified generatepin() function triple:

Pin1 = generatepin ( key, CurrentInterval - 1)
Pin2 = generatepin ( key, CurrentInterval )
Pin3 = generatepin ( key, CurrentInterval + 1)

for previous, current and next 30 seconds but none of the Pins matched with the token on my IPhone.

Thank you very much for your help!

I will let you know if find a solution,

George

Verify that the time and timezone are correct on the server you're deploying to. If it's off by more than 30 seconds, you likely won't get the correct PIN values because they use the current UTC unix epoch time as part of the calculation. Part of the powerscript code is calculating that value based on the date/time/timezone of the machine the code is running on.

Bruce,
I created both these functions and call them in generatepin(key, counter) function instead of longtobytearray() and counterBlob():

//Convert the counter to byte array and then to blob

of_copylongtobytes( counter, counterBytes )
counterBlob = of_blob( counterBytes )
//longtobytearray ( counter, counterBytes )
//counterBlob = Blob ( counterBytes )

After this generatepin() began return 6-digits pin instead of '000000' but each time these 6 digits are the same and doesn't match digits in DioMobile on my IPhone, At the same, hashBytes array is popuilated with 20 elements.

In C/S application with longtobytearray() and counterBlob() functions everything worked fine. By the way, I have the latest PowerServer 2020.

I would be very appreciated for any ideas,

George

Thank you a lot Bruce,

I will try this workarounds,

George

Read the comments by Rob Stevens on the comment thread on the blog article. There are workarounds for the CopyLongToBytes and Blob functions that don't work the same in web PowerServer.

community.appeon.com/index.php/articles-...uilder#comment-403,0

Dear Bruce,

Thank you for your great job! I used your twofactorauth.pbl and its objects work without any problems in C/S version of my application. However, when I deployed it as web application, your u_google_authenticator.generatepin() function began to return '000000' instead of real pin.

Is this a problem that can be fixed or your PBL cannot work in web applications?

Best regards,

George Mikhailovsky