Menu
I have an ASP.NET Core project in Visual Studio 2017 Community on Windows 10. I am using Razor Pages as the programming model. I would like to enable external OAuth 2.0 authentication using Google or Facebook as the authentication providers so that users can sign in using their Google or Facebook accounts.
How do I enable Google or Facebook authentication in this type of project?
935
It should be made clear that ASP.NET Core is not ASP.NET and that Razor Pages is not the traditional MVC model. If you want to know more about the difference between ASP.NET Core Razor Pages and ASP.NET Core MVC, please see this Q & A.
The very first thing you will need is a Google account in order to consume the required API in your app. You will need to create a new Google Cloud Platform project if you don't have one already. You will then need to create OAuth credentials for the project. These credentials consist of an ID and a secret. These are API equivalents to a username and password. Google refers to these as Client ID and Client secret. Be sure to protect these, and do not share them with anyone.
When creating the project, you should select the ASP.NET Core Web Application template. On the dialog box that follows, you need to select Web Application and Individual User Accounts option in order to add ASP.NET Core Identity.
Migrations are enabled by default for ASP.NET Core apps, but you need to add the initial migration and update the database using Package Manager Console.
Add-Migration Initial
Update-Database
OAuth 2.0 requires that you use a secure channel HTTPS protocol. So you need to enable SSL/TLS for your project. This is configured automatically for you if you use the Web Application template and you add ASP.NET Core Identity as explained above.
There are at least three ways to ensure that HTTPS is used in your app.
You can add the [RequireHttps] attribute to controllers, methods or Razor pages but you have to remember to add the attribute when you create new controllers, methods or Razor pages.
Another way is to redirect all HTTP requests to HTTPS. To do that, you can navigate to the Configure(IApplicationBuilder app, IHostingEnvironment env) method in the Startup.cs file in the root of the project and add the following Rewrite option in its body.
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options);
A third way is to enforce HTTPS globally in your app. This requires all requests to us HTTPS, and therefore all HTTP requests are ignored. Requiring HTTPS globally is a security best practice and this approach is recommended.
Startup.cs file in the root of the project.Navigate to the ConfigureServices(IServiceCollection services)
method and add the following filter in its body.
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
Microsoft.AspNetCore.Mvc namespace.If you don't have a Google account you will need to create one. If you have never visited the Google Cloud Platform before you will be prompted to create your first project.
https://localhost:44324 so make sure to remove any trailing
forward slash.https://localhost:44324/signin-google
You need to enable the Google+ API for the Google Cloud Platform project.
Once you have enabled the API and you have the credentials, you need to add them to your app. There are two ways to do that in an ASP.NET Core project.
In an ASP.NET Core project the secrets are stored outside of the solution folder using the Secret Manager. It stores the secrets in a JSON file found in the AppData folder. You can easily locate this file by right-clicking on the project name in the Solution Explorer and then selecting Manage User Secrets.
Even though JSON files are just plain text files and can be manually edited, they are really meant for data exchange between applications and should be generated and consumed by applications. Therefore, the recommended approach is to use the command line to store the secrets. Unless you have made a mistake and need to edit it out manually. One common mistake is to set the secret as the ID and the ID as the secret. So be sure to paste the correct string when you copy and paste from the credentials page.
You need to open a command line window at the root of the project or the solution in order to successfully execute the following commands. The easiest way is to right-click on the project name in Solution Explorer and selecting Open Command Line and then PowerShell or CMD.
Run the following two commands, replacing id and secret with your actual values.
dotnet user-secrets set Authentication:Google:ClientId id
dotnet user-secrets set Authentication:Google:ClientSecret secret
ASP.NET Core projects rely on OWIN middleware for external authentication.
Startup.cs file.Navigate to the ConfigureServices(IServiceCollection services)
method and add the following code to its body.
services.AddAuthentication().AddGoogle(googleOptions =>
{
googleOptions.ClientId = Configuration["Authentication:Google:ClientId"];
googleOptions.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
});
The very first thing you will need is a Facebook account in order to consume the required API in your app. You will need to create a new Facebook App project if you don't have one already. You will then need to create OAuth credentials for the project. These credentials consist of an ID and a secret. These are API equivalents to a username and password. Facebook refers to these as App ID and App Secret. Be sure to protect these, and do not share them with anyone.
When creating the project, you should select the ASP.NET Core Web Application template. On the dialog box that follows, you need to select Web Application and Individual User Accounts option in order to add ASP.NET Core Identity.
Migrations are enabled by default for ASP.NET Core apps, but you need to add the initial migration and update the database using Package Manager Console.
Add-Migration Initial
Update-Database
OAuth 2.0 requires that you use a secure channel HTTPS protocol. So you need to enable SSL/TLS for your project. This is configured automatically for you if you use the Web Application template and you add ASP.NET Core Identity as explained above.
There are at least three ways to ensure that HTTPS is used in your app.
You can add the [RequireHttps] attribute to controllers, methods or Razor pages but you have to remember to add the attribute when you create new controllers, methods or Razor pages.
Another way is to redirect all HTTP requests to HTTPS. To do that, you can navigate to the Configure(IApplicationBuilder app, IHostingEnvironment env) method in the Startup.cs file in the root of the project and add the following Rewrite option in its body.
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options);
A third way is to enforce HTTPS globally in your app. This requires all requests to us HTTPS, and therefore all HTTP requests are ignored. Requiring HTTPS globally is a security best practice and this approach is recommended.
Startup.cs file in the root of the project.Navigate to the ConfigureServices(IServiceCollection services)
method and add the following filter in its body.
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
Microsoft.AspNetCore.Mvc namespace.
services.AddAuthentication().AddFacebook(facebookOptions =>
{
facebookOptions.AppId = Configuration["Authentication:Facebook:AppId"];
facebookOptions.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
});
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With