So, I'm new to the whole OWIN/Katana/Identity framework paradigm thing...im used to SQLMembership provider but, im being forced to bolt on 2FA onto an old Asp.Net Webforms application from like 2005....

with that said, i can't seem to wrap my mind around how 2FA fully works in Webforms built on .Net 4.5.1 ...im trying to make it so that it's an application level "feature"...but it seems like the out of the box Identity framework does it at the user level?

Is there a way, where if you have a 1:1 Application to Database setup, and you have it create all the ASPNet* tables needed for Identity (via the magical EntityFramework code that runs behind the scenes), that you can then choose whether or not to turn on/off 2FA, for the application, as desired via a config setting?

Or do you always have to do it at the user level, via the boolean property on the [AspNetUsers].[TwoFactorEnabled] column?