├── .gitignore
├── AspNetCoreFirebaseAuthSample.sln
├── README.md
└── src
└── AspNetCoreFirebaseAuthSample.WebApi
├── AspNetCoreFirebaseAuthSample.WebApi.csproj
├── Controllers
└── ValuesController.cs
├── Program.cs
├── Startup.cs
└── appsettings.json
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.suo
8 | *.user
9 | *.userosscache
10 | *.sln.docstates
11 |
12 | # User-specific files (MonoDevelop/Xamarin Studio)
13 | *.userprefs
14 |
15 | # Build results
16 | [Dd]ebug/
17 | [Dd]ebugPublic/
18 | [Rr]elease/
19 | [Rr]eleases/
20 | x64/
21 | x86/
22 | bld/
23 | [Bb]in/
24 | [Oo]bj/
25 | [Ll]og/
26 |
27 | # Visual Studio 2015/2017 cache/options directory
28 | .vs/
29 | # Uncomment if you have tasks that create the project's static files in wwwroot
30 | #wwwroot/
31 |
32 | # Visual Studio 2017 auto generated files
33 | Generated\ Files/
34 |
35 | # MSTest test Results
36 | [Tt]est[Rr]esult*/
37 | [Bb]uild[Ll]og.*
38 |
39 | # NUNIT
40 | *.VisualState.xml
41 | TestResult.xml
42 |
43 | # Build Results of an ATL Project
44 | [Dd]ebugPS/
45 | [Rr]eleasePS/
46 | dlldata.c
47 |
48 | # Benchmark Results
49 | BenchmarkDotNet.Artifacts/
50 |
51 | # .NET Core
52 | project.lock.json
53 | project.fragment.lock.json
54 | artifacts/
55 | **/Properties/launchSettings.json
56 |
57 | # StyleCop
58 | StyleCopReport.xml
59 |
60 | # Files built by Visual Studio
61 | *_i.c
62 | *_p.c
63 | *_i.h
64 | *.ilk
65 | *.meta
66 | *.obj
67 | *.pch
68 | *.pdb
69 | *.pgc
70 | *.pgd
71 | *.rsp
72 | *.sbr
73 | *.tlb
74 | *.tli
75 | *.tlh
76 | *.tmp
77 | *.tmp_proj
78 | *.log
79 | *.vspscc
80 | *.vssscc
81 | .builds
82 | *.pidb
83 | *.svclog
84 | *.scc
85 |
86 | # Chutzpah Test files
87 | _Chutzpah*
88 |
89 | # Visual C++ cache files
90 | ipch/
91 | *.aps
92 | *.ncb
93 | *.opendb
94 | *.opensdf
95 | *.sdf
96 | *.cachefile
97 | *.VC.db
98 | *.VC.VC.opendb
99 |
100 | # Visual Studio profiler
101 | *.psess
102 | *.vsp
103 | *.vspx
104 | *.sap
105 |
106 | # Visual Studio Trace Files
107 | *.e2e
108 |
109 | # TFS 2012 Local Workspace
110 | $tf/
111 |
112 | # Guidance Automation Toolkit
113 | *.gpState
114 |
115 | # ReSharper is a .NET coding add-in
116 | _ReSharper*/
117 | *.[Rr]e[Ss]harper
118 | *.DotSettings.user
119 |
120 | # JustCode is a .NET coding add-in
121 | .JustCode
122 |
123 | # TeamCity is a build add-in
124 | _TeamCity*
125 |
126 | # DotCover is a Code Coverage Tool
127 | *.dotCover
128 |
129 | # AxoCover is a Code Coverage Tool
130 | .axoCover/*
131 | !.axoCover/settings.json
132 |
133 | # Visual Studio code coverage results
134 | *.coverage
135 | *.coveragexml
136 |
137 | # NCrunch
138 | _NCrunch_*
139 | .*crunch*.local.xml
140 | nCrunchTemp_*
141 |
142 | # MightyMoose
143 | *.mm.*
144 | AutoTest.Net/
145 |
146 | # Web workbench (sass)
147 | .sass-cache/
148 |
149 | # Installshield output folder
150 | [Ee]xpress/
151 |
152 | # DocProject is a documentation generator add-in
153 | DocProject/buildhelp/
154 | DocProject/Help/*.HxT
155 | DocProject/Help/*.HxC
156 | DocProject/Help/*.hhc
157 | DocProject/Help/*.hhk
158 | DocProject/Help/*.hhp
159 | DocProject/Help/Html2
160 | DocProject/Help/html
161 |
162 | # Click-Once directory
163 | publish/
164 |
165 | # Publish Web Output
166 | *.[Pp]ublish.xml
167 | *.azurePubxml
168 | # Note: Comment the next line if you want to checkin your web deploy settings,
169 | # but database connection strings (with potential passwords) will be unencrypted
170 | *.pubxml
171 | *.publishproj
172 |
173 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
174 | # checkin your Azure Web App publish settings, but sensitive information contained
175 | # in these scripts will be unencrypted
176 | PublishScripts/
177 |
178 | # NuGet Packages
179 | *.nupkg
180 | # The packages folder can be ignored because of Package Restore
181 | **/[Pp]ackages/*
182 | # except build/, which is used as an MSBuild target.
183 | !**/[Pp]ackages/build/
184 | # Uncomment if necessary however generally it will be regenerated when needed
185 | #!**/[Pp]ackages/repositories.config
186 | # NuGet v3's project.json files produces more ignorable files
187 | *.nuget.props
188 | *.nuget.targets
189 |
190 | # Microsoft Azure Build Output
191 | csx/
192 | *.build.csdef
193 |
194 | # Microsoft Azure Emulator
195 | ecf/
196 | rcf/
197 |
198 | # Windows Store app package directories and files
199 | AppPackages/
200 | BundleArtifacts/
201 | Package.StoreAssociation.xml
202 | _pkginfo.txt
203 | *.appx
204 |
205 | # Visual Studio cache files
206 | # files ending in .cache can be ignored
207 | *.[Cc]ache
208 | # but keep track of directories ending in .cache
209 | !*.[Cc]ache/
210 |
211 | # Others
212 | ClientBin/
213 | ~$*
214 | *~
215 | *.dbmdl
216 | *.dbproj.schemaview
217 | *.jfm
218 | *.pfx
219 | *.publishsettings
220 | orleans.codegen.cs
221 |
222 | # Including strong name files can present a security risk
223 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
224 | #*.snk
225 |
226 | # Since there are multiple workflows, uncomment next line to ignore bower_components
227 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
228 | #bower_components/
229 |
230 | # RIA/Silverlight projects
231 | Generated_Code/
232 |
233 | # Backup & report files from converting an old project file
234 | # to a newer Visual Studio version. Backup files are not needed,
235 | # because we have git ;-)
236 | _UpgradeReport_Files/
237 | Backup*/
238 | UpgradeLog*.XML
239 | UpgradeLog*.htm
240 | ServiceFabricBackup/
241 |
242 | # SQL Server files
243 | *.mdf
244 | *.ldf
245 | *.ndf
246 |
247 | # Business Intelligence projects
248 | *.rdl.data
249 | *.bim.layout
250 | *.bim_*.settings
251 | *.rptproj.rsuser
252 |
253 | # Microsoft Fakes
254 | FakesAssemblies/
255 |
256 | # GhostDoc plugin setting file
257 | *.GhostDoc.xml
258 |
259 | # Node.js Tools for Visual Studio
260 | .ntvs_analysis.dat
261 | node_modules/
262 |
263 | # Visual Studio 6 build log
264 | *.plg
265 |
266 | # Visual Studio 6 workspace options file
267 | *.opt
268 |
269 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
270 | *.vbw
271 |
272 | # Visual Studio LightSwitch build output
273 | **/*.HTMLClient/GeneratedArtifacts
274 | **/*.DesktopClient/GeneratedArtifacts
275 | **/*.DesktopClient/ModelManifest.xml
276 | **/*.Server/GeneratedArtifacts
277 | **/*.Server/ModelManifest.xml
278 | _Pvt_Extensions
279 |
280 | # Paket dependency manager
281 | .paket/paket.exe
282 | paket-files/
283 |
284 | # FAKE - F# Make
285 | .fake/
286 |
287 | # JetBrains Rider
288 | .idea/
289 | *.sln.iml
290 |
291 | # CodeRush
292 | .cr/
293 |
294 | # Python Tools for Visual Studio (PTVS)
295 | __pycache__/
296 | *.pyc
297 |
298 | # Cake - Uncomment if you are using it
299 | # tools/**
300 | # !tools/packages.config
301 |
302 | # Tabs Studio
303 | *.tss
304 |
305 | # Telerik's JustMock configuration file
306 | *.jmconfig
307 |
308 | # BizTalk build output
309 | *.btp.cs
310 | *.btm.cs
311 | *.odx.cs
312 | *.xsd.cs
313 |
314 | # OpenCover UI analysis results
315 | OpenCover/
316 |
317 | # Azure Stream Analytics local run output
318 | ASALocalRun/
319 |
320 | # MSBuild Binary and Structured Log
321 | *.binlog
322 |
323 | # NVidia Nsight GPU debugger configuration file
324 | *.nvuser
325 |
--------------------------------------------------------------------------------
/AspNetCoreFirebaseAuthSample.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26124.0
5 | MinimumVisualStudioVersion = 15.0.26124.0
6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{8A41A824-2B67-4382-AB8B-885BB8228CEB}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AspNetCoreFirebaseAuthSample.WebApi", "src\AspNetCoreFirebaseAuthSample.WebApi\AspNetCoreFirebaseAuthSample.WebApi.csproj", "{B9837F37-583A-42A7-9A81-5AF1362D65E5}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|Any CPU = Debug|Any CPU
13 | Debug|x64 = Debug|x64
14 | Debug|x86 = Debug|x86
15 | Release|Any CPU = Release|Any CPU
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
23 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
24 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|Any CPU.Build.0 = Debug|Any CPU
25 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|x64.ActiveCfg = Debug|x64
26 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|x64.Build.0 = Debug|x64
27 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|x86.ActiveCfg = Debug|x86
28 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Debug|x86.Build.0 = Debug|x86
29 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|Any CPU.ActiveCfg = Release|Any CPU
30 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|Any CPU.Build.0 = Release|Any CPU
31 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|x64.ActiveCfg = Release|x64
32 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|x64.Build.0 = Release|x64
33 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|x86.ActiveCfg = Release|x86
34 | {B9837F37-583A-42A7-9A81-5AF1362D65E5}.Release|x86.Build.0 = Release|x86
35 | EndGlobalSection
36 | GlobalSection(NestedProjects) = preSolution
37 | {B9837F37-583A-42A7-9A81-5AF1362D65E5} = {8A41A824-2B67-4382-AB8B-885BB8228CEB}
38 | EndGlobalSection
39 | EndGlobal
40 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Firebase authentication with ASP.NET Core sample
2 |
3 | The project defines one controller called `SampleController` with two endpoints:
4 |
5 | - `/api/sample/public`: accessible without any authentication
6 | - `/api/sample/protected`: only accessible if a correct OAuth token is provided
7 |
8 | We can access the public endpoint with a simple `GET` request without any token:
9 |
10 | ```
11 | GET http://localhost:5000/api/sample/public HTTP/1.1
12 | ```
13 |
14 | And we get
15 |
16 | ```
17 | HTTP/1.1 200 OK
18 | ```
19 |
20 | However, if we try to reach the second endpoint without a token:
21 |
22 | ```
23 | GET http://localhost:5000/api/sample/protected HTTP/1.1
24 | ```
25 |
26 | We get
27 |
28 | ```
29 | HTTP/1.1 401 Unauthorized
30 | ```
31 |
32 | In order to access the protected endpoint, we need to provide the OAuth token in the `Authorization` header:
33 |
34 | ```
35 | GET http://localhost:5000/api/sample/protected HTTP/1.1
36 | Authorization: Bearer [OAUTH_TOKEN]
37 | ```
38 |
--------------------------------------------------------------------------------
/src/AspNetCoreFirebaseAuthSample.WebApi/AspNetCoreFirebaseAuthSample.WebApi.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp2.0
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/src/AspNetCoreFirebaseAuthSample.WebApi/Controllers/ValuesController.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Threading.Tasks;
5 | using Microsoft.AspNetCore.Authorization;
6 | using Microsoft.AspNetCore.Mvc;
7 |
8 | namespace AspNetCoreFirebaseAuthSample.WebApi.Controllers
9 | {
10 | [Route("api/sample")]
11 | public class SampleController : Controller
12 | {
13 | [HttpGet("public")]
14 | public string Public()
15 | {
16 | return "This endpoint is public.";
17 | }
18 |
19 | [Authorize]
20 | [HttpGet("protected")]
21 | public string Protected()
22 | {
23 | return "This endpoint is protected.";
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/AspNetCoreFirebaseAuthSample.WebApi/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Linq;
5 | using System.Threading.Tasks;
6 | using Microsoft.AspNetCore;
7 | using Microsoft.AspNetCore.Hosting;
8 | using Microsoft.Extensions.Configuration;
9 | using Microsoft.Extensions.Logging;
10 |
11 | namespace AspNetCoreFirebaseAuthSample.WebApi
12 | {
13 | public class Program
14 | {
15 | public static void Main(string[] args)
16 | {
17 | BuildWebHost(args).Run();
18 | }
19 |
20 | public static IWebHost BuildWebHost(string[] args) =>
21 | WebHost.CreateDefaultBuilder(args)
22 | .UseStartup()
23 | .Build();
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/AspNetCoreFirebaseAuthSample.WebApi/Startup.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Threading.Tasks;
5 | using Microsoft.AspNetCore.Authentication.JwtBearer;
6 | using Microsoft.AspNetCore.Builder;
7 | using Microsoft.AspNetCore.Hosting;
8 | using Microsoft.Extensions.Configuration;
9 | using Microsoft.Extensions.DependencyInjection;
10 | using Microsoft.Extensions.Logging;
11 | using Microsoft.Extensions.Options;
12 | using Microsoft.IdentityModel.Tokens;
13 |
14 | namespace AspNetCoreFirebaseAuthSample.WebApi
15 | {
16 | public class Startup
17 | {
18 | public Startup(IConfiguration configuration)
19 | {
20 | Configuration = configuration;
21 | }
22 |
23 | public IConfiguration Configuration { get; }
24 |
25 | // This method gets called by the runtime. Use this method to add services to the container.
26 | public void ConfigureServices(IServiceCollection services)
27 | {
28 | services.AddMvc();
29 |
30 | services
31 | .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
32 | .AddJwtBearer(options =>
33 | {
34 | options.Authority = "https://securetoken.google.com/[FIREBASE-PROJECT]";
35 | options.TokenValidationParameters = new TokenValidationParameters
36 | {
37 | ValidateIssuer = true,
38 | ValidIssuer = "https://securetoken.google.com/[FIREBASE-PROJECT]",
39 | ValidateAudience = true,
40 | ValidAudience = "[FIREBASE-PROJECT]",
41 | ValidateLifetime = true
42 | };
43 | });
44 | }
45 |
46 | // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
47 | public void Configure(IApplicationBuilder app, IHostingEnvironment env)
48 | {
49 | if (env.IsDevelopment())
50 | {
51 | app.UseDeveloperExceptionPage();
52 | }
53 |
54 | app.UseAuthentication();
55 |
56 | app.UseMvc();
57 | }
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/src/AspNetCoreFirebaseAuthSample.WebApi/appsettings.json:
--------------------------------------------------------------------------------
1 | {
2 | "Logging": {
3 | "IncludeScopes": false,
4 | "Debug": {
5 | "LogLevel": {
6 | "Default": "Warning"
7 | }
8 | },
9 | "Console": {
10 | "LogLevel": {
11 | "Default": "Warning"
12 | }
13 | }
14 | }
15 | }
16 |
--------------------------------------------------------------------------------