Proof of concept for integrating OpenID Connect authentication with a .NET application.
- .NET 6.0 SDK or higher
Microsoft.AspNetCore.Authentication.OpenIdConnectNuGet packageMicrosoft.AspNetCore.Authentication.CookiesNuGet package
- Clone the repository:
git clone https://github.com/nermiin/POC-OpenId.git. - Open the solution in Visual Studio or your preferred IDE.
- Create a project in the Google Cloud Console and enable the OpenID Connect API. See these instructions.
- Configure the OpenID Connect options in
appsettings.json:Authority: the authorization server endpoint.CallbackPath: the callback path for the OpenID Connect middleware.
- Manage user secrets by adding secret file to the project
secret.json, to do that right click on the csproj file then select manage user secrets, this will create a secret file. Then Add this section to it:{ "OpenId": {ClientId: "Your client Id",ClientSecret: "Your client secret" } } - Start the application.
- Navigate to the home page and click the "Login" button.
- You will be redirected to the Google login page. Enter your credentials to authenticate.
- Upon successful authentication, you will be redirected back to the application's home page.
To protect against request forgery attacks, this POC generates a unique session token that holds state between the application and the user's client. This token is often referred to as a cross-site request forgery (CSRF) token.
The token is generated using the RandomNumberGenerator class and has a length of 32 characters.