Skip to main content

Using GAE OData from C#: Authentication

The last post about ODATA in the Google App Engine (python) allowed anyone to create, update or delete the models. Google App Engine (GAE) can authenticate Google users or users of you Google Apps domain. Using this feature, we can authenticate users of our C# application and use the authentication token when submitting calls to our OData service. The following class is based on the work found in here.
 class GAEAuthentication
    {
       
        public string Authenticate(string gaeAppBaseUrl, string googleUserName, String googlePassword, string yourClientApp, string is_admin, bool is_dev_env)
        {
            string googleCookie;
            String gaeAppLoginUrl = gaeAppBaseUrl + "_ah/login";
            String yourGaeAuthUrl = gaeAppBaseUrl + "odata.svc/";
            
            String googleLoginUrl;
            if (is_dev_env)
            {
                googleLoginUrl = gaeAppLoginUrl;
            }
            else
            {
                googleLoginUrl = "https://www.google.com/accounts/ClientLogin";
            }

            // prepare the auth request
            HttpWebRequest authRequest = (HttpWebRequest)HttpWebRequest.Create(googleLoginUrl);
            if (is_dev_env)
            { 
                // prepare the data we will post to the login page
                String queryData = "email=" + HttpUtility.UrlEncode(googleUserName) + "&" +
                  
                                  "admin=" + HttpUtility.UrlEncode(is_admin) + "&" +
                                  "action=login"  + "&" +
                                  "continue=" + HttpUtility.UrlEncode(yourGaeAuthUrl);

                authRequest = (HttpWebRequest)HttpWebRequest.Create(googleLoginUrl + "?" + queryData);

                authRequest.Method = "GET";
                authRequest.AllowAutoRedirect = false;
                
                // get the response
                HttpWebResponse authResponse = (HttpWebResponse)authRequest.GetResponse();

                googleCookie = authResponse.Headers["Set-Cookie"].Split(';')[0];
                //authRequest.AllowAutoRedirect = false;
            }
            else
            {
                authRequest.Method = "POST";
                authRequest.ContentType = "application/x-www-form-urlencoded";
                authRequest.AllowAutoRedirect = false;

                // prepare the data we will post to the login page
                String postData = "Email=" + HttpUtility.UrlEncode(googleUserName) + "&" +
                                  "Passwd=" + HttpUtility.UrlEncode(googlePassword) + "&" +
                                  "service=" + HttpUtility.UrlEncode("ah") + "&" +
                                  "admin=" + HttpUtility.UrlEncode(is_admin) + "&" +

                                  "source=" + HttpUtility.UrlEncode(yourClientApp) + "&" +
                                  "accountType=" + HttpUtility.UrlEncode("HOSTED_OR_GOOGLE");
                byte[] buffer = Encoding.ASCII.GetBytes(postData);
                authRequest.ContentLength = buffer.Length;

                // submit the request
                Stream postDataStr = authRequest.GetRequestStream();
                postDataStr.Write(buffer, 0, buffer.Length);
                postDataStr.Flush();
                postDataStr.Close();

                // get the response
                HttpWebResponse authResponse = (HttpWebResponse)authRequest.GetResponse();
                Stream responseStream = authResponse.GetResponseStream();
                StreamReader responseReader = new StreamReader(responseStream);

                // look through the response for an auth line
                String authToken = null;
                String nextLine = responseReader.ReadLine();
                while (nextLine != null)
                {
                    if (nextLine.StartsWith("Auth="))
                    {
                        // remove the 'Auth=' from the start
                        //  of the string
                        // because when we give it back to
                        //  google it needs to be 'auth='
                        //  (lower-case 'a') and it is
                        //  case-sensitive
                        authToken = nextLine.Substring(5);
                    }
                    nextLine = responseReader.ReadLine();
                }

                // cleanup
                responseReader.Close();
                authResponse.Close();

                // prepare the redirect request
                String cookieReqUrl = gaeAppLoginUrl + "?" +
                                      "continue=" + HttpUtility.UrlEncode(yourGaeAuthUrl) + "&" +
                                      "auth=" + HttpUtility.UrlEncode(authToken);

                // prepare our HttpWebRequest
                HttpWebRequest cookieRequest = (HttpWebRequest)WebRequest.Create(cookieReqUrl);
                cookieRequest.Method = "GET";
                cookieRequest.ContentType = "application/x-www-form-urlencoded";
                cookieRequest.AllowAutoRedirect = false;

                // retrieve HttpWebResponse with the google cookie
                HttpWebResponse cookieResponse = (HttpWebResponse)cookieRequest.GetResponse();
                googleCookie = cookieResponse.Headers["Set-Cookie"];
            }
           

            return googleCookie;
        }
    }
The class above authenticates the user and then returns token cookie. To allow the built-in authentication in GAE to work with our client program, we need to store the cookie containing that token and use it in each call to the OData service. We accomplish that by using the SendingRequest event to set the Cookie. The following code uses the GAEAuthentication to authenticate as an admin in a developer instance:
class Program
    {
        private static string _cookie;
        static void Main(string[] args)
        {
            GAEAuthentication authenticator = new GAEAuthentication();
            _cookie = authenticator.Authenticate("http://localhost:8080/", "test@example.com", "", "odata", "True", true);

            GAEODATAService.model.default_container proxy = new GAEODATAService.model.default_container(new Uri("http://localhost:8080/odata.svc"));
            proxy.SendingRequest += new EventHandler(proxy_SendingRequest);
         
            proxy.AddToCashTransaction(new CashTransaction() { key = "0", amount_cents = 12098, date = DateTime.Now, description = "Online Bill" }); //must be one of set(['bird', 'dog', 'cat'])
            proxy.SaveChanges();

            var all_pets = proxy.Pet;
            foreach (var pet in all_pets)
            {
                Console.Out.WriteLine("Pet {0}, weight: {1}, type: {2}", pet.name, pet.weight_in_pounds, pet.type);
            }
            Console.ReadLine();
        }

        /// 
        /// Intercept proxy's SendingRequest so that we can add the Google authentication cookie to the request.
        /// 
        /// 


        /// 


        private static void proxy_SendingRequest(object sender, SendingRequestEventArgs evt)
        {
            evt.RequestHeaders["Cookie"] = _cookie;
        }
    }
You will need to configure your GAE app as well to require authentication (See this). One simple example is to allow only admins to add, update or delete by changing your app.yaml to read:
- url: /odata.svc(/.*)
  script: odata-gae.py
  login: admin

Comments

Post a Comment

Popular posts from this blog

Power Automate: SFTP action "Test connection failed"

When I added an SFTP create file action to my Power Automate flow ( https://flow.microsoft.com ) , I got the following error in the action step, within the designer: "Test connection failed" To troubleshoot the Power Automate connection, I had to: go the Power Automate portal then "Data"->"Connections"  the sftp connection was there, I clicked on the ellipsis, and entered the connection info It turns out, that screen provides more details about the connection error. In my case, it was complaining that "SSH host key finger-print xxx format is not supported. It must be in 'MD5' format". I had provided the sha fingerprint that WinScp shows. Instead, I needed to use the MD5 version of the fingerprint. To get that, I had to run in command line (I was in a folder that had openssh in it): ssh -o FingerprintHash=md5 mysftpsite.com To get the fingerprint in MD5 format. I took the string (without the "MD5:" part of the string) and put ...
Post a Comment
Read more

How to create online multiplayer HTML5 games in Contruct2

  Construct2 can use websockets to send and receive messages between games. By using socket-io , we can use a Node.js script as the server and my modification to the socket-io plugin for Construct2 to allow the games to synchronize data between them in real-time. There are two parts to this design: the Node.js server and the Construct2 clients (the games playing). The main part of building an online multiplayer HTML5 game is to plan: how the clients will communicate how often and what to communicate how much of the logic will go into the server and how much to the client. In my sample game, I chose to have each client own a player and have the server just relay messages: Use string messages in the form TypeOfMessage, Parameter1, Paremeter2, Parater3, etc to communicate. Have the clients send their player position about 16 times a second. Whenever their player shoots, the client needs to send a message immediately. Almost all of the game logic will...
9 comments
Read more

How to use Windows SSO with OpenXava

One of the nice things about the .NET web environment is the dead easy way to implement Single Sign On in your web apps through Active Directory authentication. In the Java world there are multiple alternatives to use Windows’ Single Sign On with Java based web apps. One of those alternatives is Waffle . Waffle allows your Java web app to authenticate against Active Directory groups (and users). The only caveat is that your web server needs to be running in Windows, which kind of makes sense. In this article, you will learn the steps required to have your OpenXava web application use Waffle to authenticate your Windows users. The first step is to download Waffle from their site and then copy the JAR files outlined in https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatSingleSignOnValve.md to the OpenXava’s tomcat server. In your OpenXava project, create servlets.xml in the Web-inf, containing the following: <!-- the role name (the domain gorup) must be e...
Post a Comment
Read more