Wednesday, August 21, 2013

Use Google OpenID Authentication In Your ASP.NET With DotNetOpenAuth

Use Google OpenID Authentication In Your ASP.NET With DotNetOpenAuthTo secure websites, we usually create user database and develop a login page to authenticate the user. If you have several websites, creating separate user login for each site is time consuming and not favorable to your users because they have to login to each site separately. OpenID was developed to solved such authentication hassles. It is an open standard for developers that enables them to authenticate their users in a decentralized manner. For end-users, OpenID allows them to consolidate their digital identities. Major web services that supports OpenID are Google, Yahoo and Facebook. If you use OpenID with your website, you allow users to login to your site using their Google, Yahoo or Facebook accounts. The authentication will be hosted by the OpenID provider, so no need to maintain the user details on your side except the Identifier returned by the provider.

On this article, I will show you a ASP.NET sample code I made that use OpenID Authentication to verify Google Account. To accomplish the authentication, I used the C# library called DotNetOpenAuth. Here is the step-by-step procedure to implement it on your ASP.NET application.

1. Download the DotNetOpenAuth Libraries. Choose the most appropriate version for development platform.
2. Extract the downloaded compressed file on your hard drive.
3. On your project, Add Reference to "DotNetOpenAuth.dll"
4. On your login page's HTML Code, paste the following.
view plainprint?
  1. <form id="form1" runat="server">  
  2.     <div id="loginform">  
  3.         <div id="NotLoggedIn" runat="server">  
  4.             Log in with <img src="http://www.google.com/favicon.ico" />  
  5.                 <asp:Button ID="btnLoginToGoogle" Runat="server" Text="Google" OnCommand="OpenLogin_Click"  
  6.                     CommandArgument="https://www.google.com/accounts/o8/id" />  
  7.             <p /><asp:Label runat="server" ID="lblAlertMsg" />  
  8.         </div>  
  9.     </div>  
  10. </form>  


Take note of the URL: https://www.google.com/accounts/o8/id - this is the unique OpenID URL of Google Account.

5. Include the following namespaces on your "Using" directive.
view plainprint?
  1. using DotNetOpenAuth.OpenId;  
  2. using DotNetOpenAuth.OpenId.RelyingParty;  


6. On the Page_Load & OpenLogin_Click, use the following codes.

view plainprint?
  1. protected void Page_Load(object sender, EventArgs e)  
  2. {         
  3.     OpenIdRelyingParty rp = new OpenIdRelyingParty();  
  4.     var r = rp.GetResponse();  
  5.     if (r != null)  
  6.     {  
  7.         switch (r.Status)  
  8.         {  
  9.             case AuthenticationStatus.Authenticated:  
  10.                 NotLoggedIn.Visible = false;  
  11.                 Session["GoogleIdentifier"] = r.ClaimedIdentifier.ToString();  
  12.                 Response.Redirect("Main.aspx"); //redirect to main page of your website  
  13.                 break;  
  14.             case AuthenticationStatus.Canceled:  
  15.                 lblAlertMsg.Text = "Cancelled.";  
  16.                 break;  
  17.             case AuthenticationStatus.Failed:  
  18.                 lblAlertMsg.Text = "Login Failed.";  
  19.                 break;  
  20.         }  
  21.     }  
  22.   
  23. protected void OpenLogin_Click(object src, CommandEventArgs e)  
  24. {  
  25.     string discoveryUri = e.CommandArgument.ToString();  
  26.     OpenIdRelyingParty openid = new OpenIdRelyingParty();  
  27.     var b = new UriBuilder(Request.Url) { Query = "" };  
  28.     var req = openid.CreateRequest(discoveryUri, b.Uri, b.Uri);  
  29.     req.RedirectToProvider();  
  30. }  


7. Run the project. It should look like the following screens.

a. Login page

b. Main Page (showing the returned identifier by Google)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)