Blog of Denis VOITURON

for a better .NET world

AspNetCore WebAPI - Google Authentication

Posted on 2019-08-09

More and more projects have sections secured by Google, Twitter or Microsoft identities. For example, for Google, you must create an ID and specify the return URL. Then you must activate the Google Authentication service and secure your methods via [Authorize]. The first call of a secure method automatically redirects you to the Google page.

Create a Google ID

The first step is to configure Google API to create a project ID, to be used in our application:

  1. Go to Integrating Google Sign-In into your web app and configure a project.
  2. Select the OAuth authentication, using a Web server.
  3. Add your local URL, in the field Authorized redirect URIs: https://localhost:5001/signin-google (the port 5001 corresponds to the default configuration of Visual Studio: see below).
  4. Copy the ClientID and the Client Secret generated.

More detail in the Microsoft documentation.

Once the configuration is complete, you can view or modify it via Google Console.

Google Authentication

Enable WebAPIs security

In your ASP.NET Core WebAPI project, add the services Identity, Authentication and Google as follows.

public void ConfigureServices(IServiceCollection services)
    services.AddIdentity<IdentityUser, IdentityRole>();
    services.AddAuthentication(options =>
                options.DefaultAuthenticateScheme = GoogleDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
            .AddGoogle(options =>
                options.ClientId = "[MyGoogleClientId]";
                options.ClientSecret = "[MyGoogleSecretKey]";

Then enable authentication via UseAuthentication().

public void Configure(IApplicationBuilder app, 
                      IHostingEnvironment env)

Finally, add the attribute [Authorize()] to the APIs you want to secure. And start your website to call the secure API.

public ActionResult<string> Get(int id)
    return this.User.Identity.Name;

Once Google has approved the authentication, you can manage your own security (roles, lifespan,…) using JWT tokens, for example.




Follow me

Recent posts