Skip to main content

Using GAE OData from C#: Authentication

The last post about ODATA in the Google App Engine (python) allowed anyone to create, update or delete the models. Google App Engine (GAE) can authenticate Google users or users of you Google Apps domain. Using this feature, we can authenticate users of our C# application and use the authentication token when submitting calls to our OData service. The following class is based on the work found in here.
 class GAEAuthentication
    {
       
        public string Authenticate(string gaeAppBaseUrl, string googleUserName, String googlePassword, string yourClientApp, string is_admin, bool is_dev_env)
        {
            string googleCookie;
            String gaeAppLoginUrl = gaeAppBaseUrl + "_ah/login";
            String yourGaeAuthUrl = gaeAppBaseUrl + "odata.svc/";
            
            String googleLoginUrl;
            if (is_dev_env)
            {
                googleLoginUrl = gaeAppLoginUrl;
            }
            else
            {
                googleLoginUrl = "https://www.google.com/accounts/ClientLogin";
            }

            // prepare the auth request
            HttpWebRequest authRequest = (HttpWebRequest)HttpWebRequest.Create(googleLoginUrl);
            if (is_dev_env)
            { 
                // prepare the data we will post to the login page
                String queryData = "email=" + HttpUtility.UrlEncode(googleUserName) + "&" +
                  
                                  "admin=" + HttpUtility.UrlEncode(is_admin) + "&" +
                                  "action=login"  + "&" +
                                  "continue=" + HttpUtility.UrlEncode(yourGaeAuthUrl);

                authRequest = (HttpWebRequest)HttpWebRequest.Create(googleLoginUrl + "?" + queryData);

                authRequest.Method = "GET";
                authRequest.AllowAutoRedirect = false;
                
                // get the response
                HttpWebResponse authResponse = (HttpWebResponse)authRequest.GetResponse();

                googleCookie = authResponse.Headers["Set-Cookie"].Split(';')[0];
                //authRequest.AllowAutoRedirect = false;
            }
            else
            {
                authRequest.Method = "POST";
                authRequest.ContentType = "application/x-www-form-urlencoded";
                authRequest.AllowAutoRedirect = false;

                // prepare the data we will post to the login page
                String postData = "Email=" + HttpUtility.UrlEncode(googleUserName) + "&" +
                                  "Passwd=" + HttpUtility.UrlEncode(googlePassword) + "&" +
                                  "service=" + HttpUtility.UrlEncode("ah") + "&" +
                                  "admin=" + HttpUtility.UrlEncode(is_admin) + "&" +

                                  "source=" + HttpUtility.UrlEncode(yourClientApp) + "&" +
                                  "accountType=" + HttpUtility.UrlEncode("HOSTED_OR_GOOGLE");
                byte[] buffer = Encoding.ASCII.GetBytes(postData);
                authRequest.ContentLength = buffer.Length;

                // submit the request
                Stream postDataStr = authRequest.GetRequestStream();
                postDataStr.Write(buffer, 0, buffer.Length);
                postDataStr.Flush();
                postDataStr.Close();

                // get the response
                HttpWebResponse authResponse = (HttpWebResponse)authRequest.GetResponse();
                Stream responseStream = authResponse.GetResponseStream();
                StreamReader responseReader = new StreamReader(responseStream);

                // look through the response for an auth line
                String authToken = null;
                String nextLine = responseReader.ReadLine();
                while (nextLine != null)
                {
                    if (nextLine.StartsWith("Auth="))
                    {
                        // remove the 'Auth=' from the start
                        //  of the string
                        // because when we give it back to
                        //  google it needs to be 'auth='
                        //  (lower-case 'a') and it is
                        //  case-sensitive
                        authToken = nextLine.Substring(5);
                    }
                    nextLine = responseReader.ReadLine();
                }

                // cleanup
                responseReader.Close();
                authResponse.Close();

                // prepare the redirect request
                String cookieReqUrl = gaeAppLoginUrl + "?" +
                                      "continue=" + HttpUtility.UrlEncode(yourGaeAuthUrl) + "&" +
                                      "auth=" + HttpUtility.UrlEncode(authToken);

                // prepare our HttpWebRequest
                HttpWebRequest cookieRequest = (HttpWebRequest)WebRequest.Create(cookieReqUrl);
                cookieRequest.Method = "GET";
                cookieRequest.ContentType = "application/x-www-form-urlencoded";
                cookieRequest.AllowAutoRedirect = false;

                // retrieve HttpWebResponse with the google cookie
                HttpWebResponse cookieResponse = (HttpWebResponse)cookieRequest.GetResponse();
                googleCookie = cookieResponse.Headers["Set-Cookie"];
            }
           

            return googleCookie;
        }
    }
The class above authenticates the user and then returns token cookie. To allow the built-in authentication in GAE to work with our client program, we need to store the cookie containing that token and use it in each call to the OData service. We accomplish that by using the SendingRequest event to set the Cookie. The following code uses the GAEAuthentication to authenticate as an admin in a developer instance:
class Program
    {
        private static string _cookie;
        static void Main(string[] args)
        {
            GAEAuthentication authenticator = new GAEAuthentication();
            _cookie = authenticator.Authenticate("http://localhost:8080/", "test@example.com", "", "odata", "True", true);

            GAEODATAService.model.default_container proxy = new GAEODATAService.model.default_container(new Uri("http://localhost:8080/odata.svc"));
            proxy.SendingRequest += new EventHandler(proxy_SendingRequest);
         
            proxy.AddToCashTransaction(new CashTransaction() { key = "0", amount_cents = 12098, date = DateTime.Now, description = "Online Bill" }); //must be one of set(['bird', 'dog', 'cat'])
            proxy.SaveChanges();

            var all_pets = proxy.Pet;
            foreach (var pet in all_pets)
            {
                Console.Out.WriteLine("Pet {0}, weight: {1}, type: {2}", pet.name, pet.weight_in_pounds, pet.type);
            }
            Console.ReadLine();
        }

        /// 
        /// Intercept proxy's SendingRequest so that we can add the Google authentication cookie to the request.
        /// 
        /// 


        /// 


        private static void proxy_SendingRequest(object sender, SendingRequestEventArgs evt)
        {
            evt.RequestHeaders["Cookie"] = _cookie;
        }
    }
You will need to configure your GAE app as well to require authentication (See this). One simple example is to allow only admins to add, update or delete by changing your app.yaml to read:
- url: /odata.svc(/.*)
  script: odata-gae.py
  login: admin

Comments

Post a Comment

Popular posts from this blog

Powershell script for converting JPG to TIFF

The following Powershell script will convert a batch of JPEG files to TIFF format: #This Code is released under MIT license [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") $files_folder = 'C:\path-where-your-jpg-files-are\' $pdfs = get-childitem $files_folder -recurse | where {$_.Extension -match "jpg"} foreach($pdf in $pdfs) { $picture = [System.Drawing.Bitmap]::FromFile( $pdf.FullName ) $tiff = $pdf.FullName.replace('.PDF','').replace('.pdf','').replace('.jpg','').replace('.JPG','') + '.tiff' $picture.Save($tiff) }
Post a Comment
Read more

Power Automate: SFTP action "Test connection failed"

When I added an SFTP create file action to my Power Automate flow ( https://flow.microsoft.com ) , I got the following error in the action step, within the designer: "Test connection failed" To troubleshoot the Power Automate connection, I had to: go the Power Automate portal then "Data"->"Connections"  the sftp connection was there, I clicked on the ellipsis, and entered the connection info It turns out, that screen provides more details about the connection error. In my case, it was complaining that "SSH host key finger-print xxx format is not supported. It must be in 'MD5' format". I had provided the sha fingerprint that WinScp shows. Instead, I needed to use the MD5 version of the fingerprint. To get that, I had to run in command line (I was in a folder that had openssh in it): ssh -o FingerprintHash=md5 mysftpsite.com To get the fingerprint in MD5 format. I took the string (without the "MD5:" part of the string) and put
Post a Comment
Read more

Alert if file missing using Powershell

The following Powershell script can be used to send an email alert when a file is missing from a folder or it is the same file from a previous check: $path_mask = "yourfile_*.txt" $previous_file_store = "lastfileread.txt" $script_name = "File Check" ###### Functions ########## Function EMailLog($subject, $message) {    $emailTo = "juanito@yourserver.com"    $emailFrom = "alert@yourserver.com"    $smtpserver="smtp.yourserver.com"       $smtp=new-object Net.Mail.SmtpClient($smtpServer)    $smtp.Send($emailFrom, $emailTo, $subject, $message) } Try {    #get files that match the mask    $curr_file = dir $path_mask |  select name    if ($curr_file.count -gt 0)    {        #file found        #check if the file is different from the previous file read        $previous_file = Get-Content $previous_file_store        $curr_file_name = $curr_file.Item(0).Name        if ($
Post a Comment
Read more