Code download available at the bottom of the post
In this post i would like to share my experience with Google Authentication with Asp.net membership (Forms Authentication)
High level google authentication work flow with ASP.NET membership
1. Your application requests access and gets an unauthorized request token from Google's authorization server.
2. Google asks the user to grant you access to the required data.
3. Your application gets an authorized request token from the authorization server.
4. You exchange the authorized request token for an access token.
5. You use the access token to request data from Google's service access servers.
Step 1:
I am using forms authentication for my application. When the user tries to access the application, system will check whether the user is authenticated or not. If the user is unauthenticated he will be redirected to the login screen as shown below.
Step 2:
When
your application initially requests access to a user's data, Google issues an
unauthorized request token to your application.
If
the user is not already logged in, Google prompts the user to log in. Google
then displays an authorization page that allows the user to see what Google
service data your application is requesting access to.
/// Step 1: Get a Request Token
private void MakeRequestForToken() {
string consumerKey = "anonymous";
string consumerSecret = "anonymous";
// Google requires an additional "scope" parameter that identifies one of the google applications
string requestTokenEndpoint = "https://www.google.com/accounts/OAuthGetRequestToken?scope=https://www.googleapis.com/auth/userinfo#email";
string requestTokenCallback = GetRouteableUrlFromRelativeUrl("GoogleAuth/oAuth/GoogleValidation.aspx/authorizeToken/google/");
string authorizeTokenUrl = "https://www.google.com/accounts/OAuthAuthorizeToken";
// Step 1: Make the call to request a token
var oAuthConsumer = new OAuthConsumer();
var requestToken = oAuthConsumer.GetOAuthRequestToken(requestTokenEndpoint, realm, consumerKey, consumerSecret, requestTokenCallback);
PersistRequestToken(requestToken);
// Step 2: Make a the call to authorize the request token
Response.Redirect(authorizeTokenUrl + "?oauth_token=" + requestToken.Token);
}
Step 3:
If the
user approves your application's access request, Google issues an authorized
request token. Each request token is valid for only one hour. Only an
authorized request token can be exchanged for an access token, and this
exchange can be done only once per authorized request token.
private void HandleAuthorizeTokenResponse()
{
string consumerKey = "anonymous";
string consumerSecret = "anonymous";
string token = Request.QueryString["oauth_token"];
string verifier = Request.QueryString["oauth_verifier"];
string accessTokenEndpoint = "https://www.google.com/accounts/OAuthGetAccessToken";
// Exchange the Request Token for an Access Token
var oAuthConsumer = new OAuthConsumer();
var accessToken = oAuthConsumer.GetOAuthAccessToken(accessTokenEndpoint, realm, consumerKey, consumerSecret, token, verifier, GetRequesttoken().TokenSecret);
// Google Only - This method will get the email of the authenticated user
var responseText = oAuthConsumer.GetUserInfo("https://www.googleapis.com/userinfo/email", realm, consumerKey, consumerSecret, accessToken.Token, accessToken.TokenSecret);
NameValueCollection nvc = StringToNameValueCollection(responseText);
if (nvc["email"] != "")
{
FormsAuthentication.RedirectFromLoginPage(nvc["email"].ToString(), false);
}
}
Step 4:
By
default, access tokens are long-lived. Each access token is specific to the
user account specified in the original request for authorization, and grants
access only to the services specified in that request. Your application should
store the access token securely, because it's required for all access to a
user's data.
