DUO Device Management Portal Setup - Almost There!


#1

I have been tasked with setting up the Device Management Portal, and I have little to no coding experience. That being said, here is where I am at:

  • I have an internal web server (Windows 2012 R2 w/ IIS 8.5) up and running properly.
  • I followed these instructions to setup an AD integrated login page - and it works!

https://support.microsoft.com/en-us/help/316748/how-to-authenticate-against-the-active-directory-by-using-forms-authen

  • I am now stuck with how to integrate the DMP code into my code to get the second factor working and open up the DMP page… I am looking at these instructions but I do not believe they reference the way I have coded primary login page - C# with ASP.net 4.5 - Can someone please help. I can show you my code and maybe you can tell me where to place what? I’m so close!

Basically I need to know how to generate an Akey (can i just do this using a password generator?), what the Call sign_request() would look like for an .aspx page, and then how to show the DMP using asp… this is where I am lost and I can find no references.

Thanks!


#2

Hi there!

Did you take a look at the ASP.NET demo code for Duo WebSDK? You are essentially implementing this, just with the ikey and skey of a Device Management Portal application instead of the WebSDK application.

The akey can be generated in any way, even you randomly hitting the keyboard to get a string of at least 40 letter and number characters. It just needs to be a string only known to you, never shared with Duo or exposed to any users.


#3

No I have not, I will take a look and let you know how it goes. Thanks for the quick reply!


#4

I am still stuck here and really could use some help.

based on the instructions here:

https://duo.com/docs/device-management#instructions

how would I implement this into the code I have… I am so lost right now…any advice would be appreciated.

I have created a rudimentary login page that connects to our active directory and performs primary authentication. My question is, where do I place the javascript that is shown in the instructions and since the sign request example is Python, what would it be for C# - and where would i put that code? Does it go in the login.aspx page or somewhere else like the web.config file or the webform1.aspx page. I know I am close but this is where not being a coder is leaving me feeling stupid. The answers I am looking for may be in the repository - I found one for c-sharp but it is much more complex code (and no instructions).

How do I post code on here?


#6

Here is a snippet of my login.aspx code


#7

Here is my web.config file


Setting up Device Management portal
#8

Ok so a quick update… I made a few changes to my environment (for the better). I decided on PHP instead of C# and DUO Dotnet because…well it’s just better. I was able to successfully test the DMP today! I am just adding AD integration to the login page and I will do a full write up on how to get the DMP up and running for Windows IIS 8.5 and Server 2012. If you are using any other environment, you should easily be able to make the necessary edits to get it to work. I am confident I will have the instructions posted by tomorrow afternoon at the latest. Yes I do agree that an installer package would be great, but this forced me to edoomakate myself, so it’s a win. TBC


#9

I’m glad you were successful!


#10

Hi emotnivek, did you get a chance to do a write up on how to get DMP up and running? I’ve been having the same problem, making the connection between an AD login page and the DMP C# code provided.


#12

Hi Emotnivek,

This links appears to be dead. https://support.microsoft.com/en-us/help/316748/how-to-authenticate-against-the-active-directory-by-using-forms-authen

Can you point us to the right link?

Thank you.