We already have a single authentication process using Active Directory for our home made web sites (simple login and password). Our AD is also on Azure (everything is synchronized).
Now we want 2 factors authentification using this: (Microsoft Authenticator) https://www.microsoft.com/en-us/account/authenticator
I've been searching for an exemple for a while, but most of the tutorials I found are about MVC CORE; I'm not using core, just regular MVC .Net Framework. Furthermore, the only tutorials I found using .Net framework were for Google authenticator, not Microsoft's one.
The intended behavior would be the same as when I connect to office 365, first I enter my password in the web site, then I receive a notification on my cell phone (for exemple), by approving the connection, I can have access to web content.
I'm still trying to figure out if this is even allowed, is Microsoft Authenticator only meant to be used for Microsoft developers or can we random developers use this app for our 2FA needs? Or is there a way to trigger the office 365 authentication windows?
If yes, they don't seem eager to share any code or tutorial for MVC .net Framework. (I'm still searching)
EDIT for comments:
Microsoft auth .Net Core documentation:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/mfa?view=aspnetcore-5.0
Google auth with .Net framework documentation:
https://medium.com/@henryhdelgado/2fa-with-google-authenticator-in-asp-mvc-4788c79c47
EDIT / Solution :
In case someone didn't borther reading the answer's comments, here's what I was actually looking for : https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-asp-webapp
In short: you don't need to do anything (provided that your application authenticates users using OIDC, which it will do if you're using Azure Active Directory or Office 365 with your application). Just flip the switch in your organization's O365 or AAD settings to require TOTP/2FA.
However, if your application is actually authenticating against on-prem AD (whether using Kerberos via the browser shell, or with "Forms authentication") and you can't make your web-application authenticate against AAD/O365 (not on-prem AD) and you don't have AD Federation working, then you're in for a world of pain because getting on-prem 2FA working is a massive undertaking that requires just as much work from your sysadmins as it does from you (and then your question would be closed for being "too broad", sorry!)
Authenticating against AAD/O365 can be done using any OIDC client library, though Microsoft does make a purpose-built library available on NuGet which works in .NET Framework applications in addition to .NET Core: https://www.nuget.org/packages/Microsoft.Identity.Client/ (formerly https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/ )
"Azure Active Directory" (AAD) is a misnomer btw, as it has very little to do with on-prem Active Directory. That said, if you're using Office 365 within your enterprise then you will already have AAD up-and-running - just be aware that it's still completely unrelated to Active Directory (as far as technology is concerned).
Using AAD/O365 for SSO basically means using OIDC (whereas on-prem AD is Kerberos, not OIDC) - so any OIDC library can be used with AAD/O365. The TOTP/2FA part is handled entirely by AAD/O365 so you don't actually need to do anything in your own application to handle TOTP/2FA.