For anyone who stayed with me through my first article series, I wanted to follow up today with a one-stop reference for everything we discussed.
The three articles in this series are available here:
- Part One: Getting Started – An overview of Google’s OAuth2 implementation and the logical process that your application should follow.
- Part Two: Logging In – A detailed description of requesting authorization from the user and getting the user’s data once that authorization is granted.
- Part Three: Validating Integrity – using C#’s RSA PKCS #1 support to validate Google’s digital signature in order to ensure the data hasn’t been corrupted.
I’ve made a downloadable Visual Studio solution that contains all the code you need to implement Google OAuth2 in your own ASP.NET C# applications. I designed this as a demo application to get you started right away. If you have any questions about it or problems with it, please leave a comment!
You can download the solution here: GoogleLogin
Please do not distribute this – instead, link to this article. If any bugs or problems come up with this solution, I’ll make sure that this download is kept updated.
Additionally, below is a list of the different nonstandard C# classes that are needed for this solution to work, along with a link to the relevant MSDN article. I’ve also included links to the documentation for the JWT spec and Google’s OAuth2 information.
- Official JWT specification
- Encrypting and decrypting SHA-256 JWT signatures
- Google’s Public Certificates
- Decoding Base64-encoded Text
- MSDN RSA PKCS #1 signature verification example
- Google Documentation
Members of System.IO
- File: Facilitates working with files (creating, deleting, etc.). This is used to write Google’s public certificates to your server’s local disk.
- StreamReader: An implementation of TextReader for reading text from a byte stream. This is used to read Google’s JSON-formatted response.
- StreamWriter: An implementation of TextWriter for writing text to a byte stream. This is used to send the contents of the POST request to Google.
Members of System.Net
- HTTPWebRequest: An implementation of WebRequest that uses HTTP. This is used to send a POST request to Google to obtain authorization to use the user’s credentials.
- HTTPWebResponse: An implementation of WebResponse that uses HTTP. This is uses to download Google’s response once the user authorizes the application.
- WebRequest: Used to send data streams through the Internet. This is used to request Google’s public certificates for caching locally.
- WebResponse: Used to receive data streams through the Internet. This is used to download Google’s public certificates.
Members of System.Security.Cryptography
- RSACryptoServiceProvider: Utilizes the RSA algorithm for asymmetric encryption and decryption. This is used to decrypt the JWT signature using Google’s public key.
- RSAPKCS1SignatureDeformatter: Verifies an RSA PKCS #1 signature. This is used to verify that the JWT signature matches the signed data.
- SHA256: Generates the SHA256 hash for a given input. This is used to generate the hash of the JWT segments signed by Google.
Members of System.Security.Cryptography.X509Certificates
- X509Certificate: Provides a simple set of methods for working with X509 Certificates. This is used to convert the locally-cached Google public certificate into an X509 Certificate object for programmatic use.
- X509Certificate2: An extension of X509Certificate that provides more methods for working with certificates. This is used to extract the public key from the locally-cached Google certificate.
Members of System.Text
- Decoder: Decodes a byte array into a string. This is used with UTF8Encoding (described below).
- UTF8Encoding: Represents UTF-8 encoding of text. This is used with Decoder to convert a byte array into a string in our Base64Decode function.
Members of System.Web.Script.Serialization