Download Source Code
I am going to describe here, how to implement google oauth in asp.net app.
after that, a dialog box will appear.Write your project name and click on create.
now you have successfuly created a project.
1.Click on credential
2.Click on down arrow button near the create credential button.Clicking the down arrow button will open a drop down box ,from the drop down box click on Oauth client ID.
3.Click on Configure Consent Screen
4.Fill all the details and click on save
5. Again you will be redirected to credential screen.Click on Web Application and name your web app and click on Create button.For the time being ignore the other text box, i will explain those later in this article.
6. You will get your client id and client secret in a pop up. Copy the client id and client secret and keep it somewhere safe (Dont worry if you lost this code,you can get this code later from developer console).
I am creating a web form project, but you can create any asp.net project like asp.net mvc or any other.
2. Add a web form inside the project with name – GoogleCallBack. This will be used as redirect url. Don’t worry, you will understand it later.
3.Add a web form inside the project with name -Authorize and paste the following html code inside the form –
i am creating a page, where i will send the user id to the server.The server will determine, whether the user is authorized or not and if not authorized it will authorized the user. 4. Put the client id and client secret in web.config under “appSettings”, so that you can change this value later and it can be globally available for any page -
5. Remember , we have left some setup of project on google developer console.Its time to complete, otherwise google will decline the authorization. So perform the following steps in serial order-
6. Create a database with any name and inside the database - create the table having below design or you can also paste the below code in order to create the table.
7.Add connection string in web.config .Sorry, I am not going to this describe this.I assume you know how to do this one. 8.it’s time to write code for authorizing user – For Authorizing the user by google, you will have to redirect the user to google authorizing url with following query string –
So, what the above code is doing -
What the above code is doing -
Now, we have refresh token so the next question will be how to use the refresh token to get the access token?
Now inside the GetEmail.aspx.cs copy the below code under partial class –
What the above code is doing -
Finally, We have successfully implemented the Oath2.o authrization for Google.
Introduction
Now a days, security is a major concern for every service provider like Google, Yahoo, Microsoft etc. and that’s why every service provider which is providing some external service to another app is following the protocol defined by Oauth.I am going to describe here, how to implement google oauth in asp.net app.
Prerequisites
You should have basic knowledge of- C#
- Asp.net
Steps for implementing
For implementing Oauth we will have to follow series of steps –- Create a project on google console.
- Get the client id and client secret from the project.
- Writing code for authorizing the user by google.
- Writing code for exchanging the authorization code for refresh token.
- Writing code for exchanging refresh token for access token.
Let’s Start
1.Create a Project on Google console
Goto https://console.developers.google.com and click on project -> new projectafter that, a dialog box will appear.Write your project name and click on create.
now you have successfuly created a project.
2. Getting client id and client secret
Follow the steps as shown in screenshot –1.Click on credential
2.Click on down arrow button near the create credential button.Clicking the down arrow button will open a drop down box ,from the drop down box click on Oauth client ID.
3.Click on Configure Consent Screen
4.Fill all the details and click on save
5. Again you will be redirected to credential screen.Click on Web Application and name your web app and click on Create button.For the time being ignore the other text box, i will explain those later in this article.
6. You will get your client id and client secret in a pop up. Copy the client id and client secret and keep it somewhere safe (Dont worry if you lost this code,you can get this code later from developer console).
3.Writing code for authorizing the user by google
1. Let’s create an asp.net project –I am creating a web form project, but you can create any asp.net project like asp.net mvc or any other.
2. Add a web form inside the project with name – GoogleCallBack. This will be used as redirect url. Don’t worry, you will understand it later.
3.Add a web form inside the project with name -Authorize and paste the following html code inside the form –
<form id="form1" runat="server" method="get">
<div>
Enter User Id:
<input type="text" name="UserId">
</div>
<p>
<button type="submit">Submit</button>
</p>
</form>
i am creating a page, where i will send the user id to the server.The server will determine, whether the user is authorized or not and if not authorized it will authorized the user. 4. Put the client id and client secret in web.config under “appSettings”, so that you can change this value later and it can be globally available for any page -
5. Remember , we have left some setup of project on google developer console.Its time to complete, otherwise google will decline the authorization. So perform the following steps in serial order-
-
Run the project
- Open the Google developer console
- Go to credential
- Click on edit Oauth client
- Now copy project url and paste in textbox of authorized javascript origin and keep it open.
- Open the googlecallback.aspx in browser and copy the url.
- Paste the url in authorized redirect uri.
6. Create a database with any name and inside the database - create the table having below design or you can also paste the below code in order to create the table.
create table Member ( UserId int primary key, RefreshToken varchar(200), GmailId varchar(200) )
7.Add connection string in web.config .Sorry, I am not going to this describe this.I assume you know how to do this one. 8.it’s time to write code for authorizing user – For Authorizing the user by google, you will have to redirect the user to google authorizing url with following query string –
- client_id – you will have to pass the client id that you got from google console by creating an project.
- redirect_uri – you will have to pass an absolute url. Google will redirect the user to this url after authorization with some value as ‘code’ or ‘error’ if any error occurred.
- access_type – this will be used by google to know what type of access you want.There are two values – ‘online’ or ‘offline’.Default value is ‘online’,but we set it as ‘offline’, because we want the user authenticate one time and use the service again and again.
- state – you can set any value.The same value will be returned by google after authorization. This is used to know the user details or any other things.You will understand this later.
- login_hint- this value will be automatically filled by google in email text box.
- scope – this value will be used by google to know what type of service an app is requesting for the user. e.g – gmail, calendar, google or user info etc. you can pass multiple values separated by space.
protected void Page_Load(object sender, EventArgs e)
{
//Get the user id from query string
string UserId = Request.QueryString["UserId"];
if (UserId != null) //check whether user is null or not
{
if (IsAuthorized(UserId)) //check whether user is already authorized
{
string EmailId = GetGmailId(UserId); //Get the email id from database
//show the email id in alert
ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('" + EmailId + "')", true);
}
else
{
AuthorizeUser(UserId); //authorize the user
}
}
}
///
/// Return gmail id from database. it will saved in the database after successful authentication.
///
///
///
///
///
///
///
So, what the above code is doing -
- When the page will load it will retrieve the user id from query string.
- if we found the user id from query string, it will check whether user is already authorized or not.
- if user is already authorized, then we will fetch the email from database and show it to the user.
- if user is not authorised, we will authorise the user by following steps -
- we will create an authorization url - this includes creating query string with client id,scope and all other things that i mentioned earlier.
- we will redirect the user to the created url.
4.Writing code for exchanging the authorization code
After successful authorization, Google will call this page with an authorization code which is temporary – that means it will expire after few hour ,probably an hour. But we want the user to authenticate one time and use the service again and again.So what to do? By using authorization code, we can get refresh token which is valid for lifetime but it is not used for getting any service.So again the question will be, then what is the meaning of refresh token ?. By using refresh token, we can get access token which is used for getting service and again access token is temporary. So every time you want to use any service, you will have to get access token. i think now you understand the whole flow.So basically we will have to perform following steps-- Get the authorization code.
- Exchange the authorization code for refresh token.
- save the refresh token in database.
- Exchange refresh token for access token.
- Use access token for getting any service.
public partial class GoogleCallBack : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//you will get this, when any error will occur while authorization otherwise null
string Error = Request.QueryString["error"];
//authorization code after successful authorization
string Code = Request.QueryString["code"];
if (Error != null)
{
}
else if (Code != null)
{
//Remember, we have set userid in State
string UserId = Request.QueryString["state"];
//Get AccessToken
int Id = Convert.ToInt32(UserId);
string AccessToken = string.Empty;
string RefreshToken = ExchangeAuthorizationCode(Id, Code, out AccessToken);
//saving refresh token in database
SaveRefreshToken(Id, RefreshToken);
//Get Email Id of the authorized user
string EmailId = FetchEmailId(AccessToken);
//Saving Email Id
SaveEmailId(UserId, EmailId);
//Redirect the user to Authorize.aspx with user id
string Url = "Authorize.aspx?UserId=" + UserId;
Response.Redirect(Url, true);
}
}
private string ExchangeAuthorizationCode(int userId, string code, out string accessToken)
{
accessToken = string.Empty;
string ClientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string ClientId = ConfigurationManager.AppSettings["ClientId"];
//get this value by opening your web app in browser.
string RedirectUrl = "http://localhost:52403/GoogleCallBack.aspx";
var Content = "code=" + code +
"&client_id=" + ClientId +
"&client_secret=" + ClientSecret +
"&redirect_uri=" + RedirectUrl +
"&grant_type=authorization_code";
var request = WebRequest.Create("https://accounts.google.com/o/oauth2/token");
request.Method = "POST";
byte[] byteArray = Encoding.UTF8.GetBytes(Content);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
using (Stream dataStream = request.GetRequestStream())
{
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
}
var Response = (HttpWebResponse)request.GetResponse();
Stream responseDataStream = Response.GetResponseStream();
StreamReader reader = new StreamReader(responseDataStream);
string ResponseData = reader.ReadToEnd();
reader.Close();
responseDataStream.Close();
Response.Close();
if (Response.StatusCode == HttpStatusCode.OK)
{
var ReturnedToken = JsonConvert.DeserializeObject(ResponseData);
if (ReturnedToken.refresh_token != null)
{
accessToken = ReturnedToken.access_token;
return ReturnedToken.refresh_token;
}
else
{
return null;
}
}
else
{
return string.Empty;
}
}
private void SaveRefreshToken(int userId, string refreshToken)
{
SqlConnection Con = new SqlConnection(ConfigurationManager.ConnectionStrings["DbConnection"].ConnectionString);
string Query = "insert into Member (UserId,RefreshToken) values(" + userId + ",'" + refreshToken + "')";
SqlCommand Cmd = new SqlCommand(Query, Con);
Con.Open();
int Result = Cmd.ExecuteNonQuery();
Con.Close();
}
private string FetchEmailId(string accessToken)
{
var EmailRequest = "https://www.googleapis.com/userinfo/email?alt=json&access_token=" + accessToken;
// Create a request for the URL.
var Request = WebRequest.Create(EmailRequest);
// Get the response.
var Response = (HttpWebResponse)Request.GetResponse();
// Get the stream containing content returned by the server.
var DataStream = Response.GetResponseStream();
// Open the stream using a StreamReader for easy access.
var Reader = new StreamReader(DataStream);
// Read the content.
var JsonString = Reader.ReadToEnd();
// Cleanup the streams and the response.
Reader.Close();
DataStream.Close();
Response.Close();
dynamic json = JValue.Parse(JsonString);
return json.data.email;
}
private bool SaveEmailId(string userId, string emailId)
{
SqlConnection Con = new SqlConnection(ConfigurationManager.ConnectionStrings["DbConnection"].ConnectionString);
string Query = "update Member set GmailId='" + emailId + "'where UserId='" + userId + "'";
SqlCommand Cmd = new SqlCommand(Query, Con);
Con.Open();
int Result = Cmd.ExecuteNonQuery();
Con.Close();
return Result > 0 ? true : false;
}
}
public class Token
{
public string access_token { get; set; }
public string token_type { get; set; }
public string expires_in { get; set; }
public string refresh_token { get; set; }
}
What the above code is doing -
- We have two things that will be returned by google either error or code.so we will check first if error is not null.if error is null, that means some error has occured while authorizing.
- If error is null then we will check for code and if code is not null that means we have a token and user is authorized successfully. Now, we have got the temporary token, so we will have to use it to get the refresh token.we will call the exchange "authorizationcode" which will exchange the authorization code and will return refreshtoken and access token.(At the time of exchanging authorization code, the google also return access token, so we should use this access token instead of another http call to get the access token.)
- Save the refresh token in database.
- Get the email id using access token.
- Save the email id in database.
- Redirect the user to authorize.aspx with query string user id and now the user is authorized so we will get an alert with the user gmail id.
Testing Implementation
Perform the following steps –- Run the project
- Navigate to Authorize.aspx
- Enter any user id which should be number
- Click on Submit – If the user will be present inside the db then you will get the email id of the user in alert box, otherwise the user will be redirected to google authrization site.
- An allow screen will appear, where user can see – what type of access, he/she is giving access to the app.Click on allow button. After clicking on allow button, the refresh token and gmail id will be saved to your DB and the user will be redirected to the authorize page.
Now, we have refresh token so the next question will be how to use the refresh token to get the access token?
5. Writing code for exchanging refresh token
Let’s create a web form with name GetEmail. It will be same like Authorize.aspx but instead of getting the email from database, we will fetch the email from Google using access token. So copy the html code from Authorize.aspx.Now inside the GetEmail.aspx.cs copy the below code under partial class –
protected void Page_Load(object sender, EventArgs e)
{
string UserId = Request.QueryString["UserId"];
if (UserId != null)
{
string RefreshToken = string.Empty;
if (IsAuthorized(UserId, out RefreshToken))
{
//Get Access token using Refresh token
string AccessToken = GetAccessToken(RefreshToken);
//Get Gmail Id using access token
string EmailId = GetGmailId(AccessToken);
ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('" + EmailId + "')", true);
}
else
{
string ErrorMsg = "You are not authorized";
ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('" + ErrorMsg + "')", true);
}
}
}
private bool IsAuthorized(string userId, out string refreshToken)
{
SqlConnection Con = new SqlConnection(ConfigurationManager.ConnectionStrings["DbConnection"].ConnectionString);
string Query = "select RefreshToken from Member where UserId=" + userId;
SqlCommand Cmd = new SqlCommand(Query, Con);
Con.Open();
var Result = Cmd.ExecuteScalar();
Con.Close();
refreshToken = Result != null ? Result.ToString() : string.Empty;
return refreshToken.Length > 0 ? true : false;
}
private string GetGmailId(string accessToken)
{
if (accessToken.Length > 0)
{
string GmailId = FetchUsersEmail(accessToken);
return GmailId;
}
else
{
return string.Empty;
}
}
private string GetAccessToken(string refreshToken)
{
string ClientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string ClientId = ConfigurationManager.AppSettings["ClientId"];
var Content = "refresh_token=" + refreshToken +
"&client_id=" + ClientId +
"&client_secret=" + ClientSecret +
"&grant_type=refresh_token";
WebRequest request = WebRequest.Create("https://accounts.google.com/o/oauth2/token");
request.Method = "POST";
byte[] byteArray = Encoding.UTF8.GetBytes(Content);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
using (Stream dataStream = request.GetRequestStream())
{
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
}
var Response = (HttpWebResponse)request.GetResponse();
Stream responseDataStream = Response.GetResponseStream();
StreamReader reader = new StreamReader(responseDataStream);
string ResponseData = reader.ReadToEnd();
reader.Close();
responseDataStream.Close();
Response.Close();
if (Response.StatusCode == HttpStatusCode.OK)
{
var ReturnedToken = JsonConvert.DeserializeObject(ResponseData);
return ReturnedToken.access_token;
}
else
{
return string.Empty;
}
}
private string FetchUsersEmail(string accessToken)
{
var EmailRequest = @"https://www.googleapis.com/userinfo/email?alt=json&access_token=" + accessToken;
// Create a request for the URL.
var Request = WebRequest.Create(EmailRequest);
// Get the response.
var Response = (HttpWebResponse)Request.GetResponse();
// Get the stream containing content returned by the server.
var DataStream = Response.GetResponseStream();
// Open the stream using a StreamReader for easy access.
var Reader = new StreamReader(DataStream);
// Read the content.
var JsonString = Reader.ReadToEnd();
// Cleanup the streams and the response.
Reader.Close();
DataStream.Close();
Response.Close();
dynamic json = JValue.Parse(JsonString);
return json.data.email;
}
What the above code is doing -
- We will first check whether user is authorized or not.if authorize the "IsAuthorized" function will return RefreshToken as out parameter.
- We will use that refresh token to get the access token.
- After that by using access token, we will get the email id.
Finally, We have successfully implemented the Oath2.o authrization for Google.
Appreciating the persistence you put into your blog and detailed information you provide. Best Selenium Training in Bangalore
ReplyDeleteThanks @shri
Deletewhen data type is number it throws error, can u give example where data type is used as number
ReplyDeleteI think you are asking about wrong article ? you mean article on jsstore right ?
DeleteIt is really a great work and the way in which u r sharing the knowledge is excellent.Thanks for your informative article.
ReplyDeleteSelenium Training in chennai | Selenium Training in annanagar | Selenium Training in omr | Selenium Training in porur | Selenium Training in tambaram | Selenium Training in velachery
Thanks merlin, now i write at medium. You can read more awesome article there. Here is my medium profile - https://medium.com/@ujjwalgupta_57939
Delete