Authenticate (LOGIN) with Google Security System


I develop an ASP.NET WebForms application and I need that if the user has authenticated in the browser with a Google account he can access the page otherwise.

asked by Efrain Mejias C 17.06.2016 в 17:56

3 answers

     public void GoogleAutentificacion()
        GoogleConnect.ClientId = Valor.GoogleClientId ();
        GoogleConnect.ClientSecret = Valor.GoogleClientSecret ();
        GoogleConnect.RedirectUri = Request.Url.AbsoluteUri.Split('?')[0];
        if (!String.IsNullOrEmpty(Request.QueryString["code"]))
            String code = Request.QueryString["code"];
            String json = GoogleConnect.Fetch("me", code);
            Controller.DataGoogle.GoogleProfile perfil = new JavaScriptSerializer().Deserialize<Controller.DataGoogle.GoogleProfile>(json);
            Session["PerfilID"] = perfil.Id;
            Session["PerfilNombre"] = perfil.DisplayName;
            Session["PerfilEmail"] = perfil.Emails.Find(email => email.Type == "account").Value;
            Session["PerfilSexo"] = perfil.Gender;
            Session["PerfilTipo"] = perfil.ObjectType;
            Session["PerfilImagen"] = perfil.Image.Url.ToString();
        if (Session["PerfilEmail"] != null) 
            if (Sub.ValidarMail(Session["PerfilEmail"].ToString().ToLower()))
                String ScriptAct = "<script language='javascript'>" + "NoAutenticadoStaGema();" + "</script>";
                ClientScript.RegisterStartupScript(this.GetType(), "NoAutenticadoStaGema();", ScriptAct);
answered by 01.08.2016 / 00:13

You can use the google credentials in your application, but you must specifically implement the login that requests the credentials, there is no automatic auto-login.

You'll have to use OAuth

OAuth for ASP.NET Google

Google API Client Libraries OAuth 2.0

As you will see, you need the call to an api that uses a Client ID to authorize the authentication and return a token that you will use in your development.

Maybe if another application has already been authenticated previously the credentials data is persisted and the new authentication is something direct, but you also need to implement the OAuth infrastructure and make the call.

answered by 18.06.2016 в 03:17

Strictly what you ask for I do not think it can be done.

Google is quite strict with its security policy, so you can not simply use browser authentication to use it in your application. That would give you access, for example, to the user's email address which is strictly forbidden by Google. (counter-example, your application could be an email capturer without users knowing)

What you can do is log in to your application with the google account, but the user must admit the strict permissions of what you are using in the application.

For this you must use the OAuth 2.0 protocol to login. You can find more information on the official google page: link

If you have doubts about how to use OAuth you should ask a new question as it will have nothing to do with it.

answered by 17.06.2016 в 20:53