Thursday, September 25, 2008

Sign In Using Google Account

This post explains about allowing your website users to login using google account without registering with your website. Thus it makes your website users to avoid multiple registration and also remembering multiple login credentials.

The below picture shows you the steps involved in the signin using google process:

Authentication Process
Prerequisites:

First you need to register your website with google for secured communication and transfer of users from your website to google for authentication. Use the below link to register your website with google:


Once you have registered your website with the google using the steps stated in the above link, the users of your website will be redirected to your website from google without a warning.

You can go to the below URL directly to signup with google and manage the domains:


You may require the following dlls for implementing this sample code:
  • Google.GData.Client.dll

  • Google.GData.Contacts.dll

  • Google.GData.Extensions.dll

The above dlls can be downloaded from the following URL:

Lets see the example for this implementation:

Create a web page named "GoogleSignIn.aspx". Consider this as the login page of your website.

Put the below Code in your aspx page:
<asp:HyperLink ID="GotoAuthSubLink" runat="server" />

Put the below code in page load of the page:
//Initially keep the hyperlink as visible false.
GotoAuthSubLink.Visible = false;

//This portion is executed when the users comes back without logging out
if (Session["token"] != null)
{
GetUserDetails();
}
//This portion is executed when the users are redirected to your website from the google after the authentication is success. When the users redirected to your website from google, you'll get a token as a querystring which acts as a authorized token. Then this has to be sent to google to get access token, which is used to get the user details like name, emailid, etc.,
else if (Request.QueryString["token"] != null)
{
String token = Request.QueryString["token"];
Session["token"] = AuthSubUtil.exchangeForSessionToken(token, null).ToString();
Response.Redirect(Request.Url.AbsolutePath, true);
}
//This Part executes when the user comes to your website for the first time and before the user is directed to google for authentication.
else //no auth data, print link
{
GotoAuthSubLink.Text = "Login to your Google Account";
GotoAuthSubLink.Visible = true;
//The parameters for the method getRequestUrl are the target page to which the user has to be redirected once the user is authenticated, google url, secure, session
GotoAuthSubLink.NavigateUrl = AuthSubUtil.getRequestUrl(Request.Url.ToString(),
"http://www.google.com/m8/feeds/contacts", false, true);
}

void GetUserDetails()
{
GAuthSubRequestFactory authFactory = new GAuthSubRequestFactory("mywebsite", "mywebsite");
authFactory.Token = (String)Session["token"];
Google.GData.Contacts.ContactsService service = new Google.GData.Contacts.ContactsService(authFactory.ApplicationName);
service.RequestFactory = authFactory;
Google.GData.Contacts.ContactsQuery query = new Google.GData.Contacts.ContactsQuery(Google.GData.Contacts.ContactsQuery.CreateContactsUri("default"));
try
{
Google.GData.Contacts.ContactsFeed feed = service.Query(query);
Response.Write(feed.Authors[0].Name);
Response.Write(feed.Authors[0].Email);
foreach (Google.GData.Contacts.ContactEntry entry in feed.Entries)
{
Response.Write("\t" + entry.Title.Text);
foreach (EMail email in entry.Emails)
{
Response.Write("\t" + email.Address);
}
}
}
catch (GDataRequestException gdre)
{
HttpWebResponse response = (HttpWebResponse)gdre.Response;
//bad auth token, clear session and refresh the page
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
Session.Clear();
Response.Redirect(Request.Url.AbsolutePath, true);
}
else
{
Response.Write("Error processing request: " + gdre.ToString());
}
}
}

After you have done with the above steps, you need to map the email-id with the user suggested name.

The good example of this implemenation is zoho. Look at http://www.zoho.com/, which uses the concept of signin using google.

4 comments:

Prabhu said...

Prasad, the topic posted by u is nice. Keep posting like this advanced topics....

vivek said...

Nice prasad..Keep posting..

Kiquenet said...

OAuth 1.0 deprecated ? any new sample using OAuth 2.0 ?

Sameer Pantvaidya said...

Hi Prasad the article is very good.
I have one dought when we redirect to google login page.. there our application name is not appearing in my case.. any help??
How it will recognize our registered application without providing app key or any other application related unique ID(in this case Client ID)