Lesson 3: Setting Up Firebase for User Authentication in .NET
Meta Description
Learn how to integrate Firebase Authentication into a .NET backend by dynamically loading Firebase credentials from API requests. This step-by-step guide covers installing the Firebase Admin SDK, securely encrypting Firebase credentials, and implementing authentication logic.
Why Use Firebase for Authentication?
Firebase Authentication is a powerful tool that enables secure user authentication with: ✅ Email & password authentication
✅ Social login (Google, Facebook, etc.)
✅ Multi-Tenant Authentication
✅ JWT token verification
✅ Secure and scalable authentication for mobile and web apps
Step 1: Install Firebase Admin SDK in .NET
Firebase Admin SDK allows your backend to manage authentication securely.
Installation Steps:
- Open a terminal and navigate to your backend project (
CGZAPI). - Run the following command:
dotnet add package FirebaseAdmin --version 2.2.0 - Verify the package installation by checking your
CGZAPI.csprojfile.
Step 2: Secure Firebase Credentials with Encryption
Since we are passing Firebase JSON credentials via API requests, we must encrypt them to prevent exposure.
How It Works:
- The frontend encrypts Firebase credentials before sending them.
- The backend decrypts and loads them dynamically.
- We use AES encryption for secure credential handling.
Create EncryptionHelper.cs
Inside your .NET backend project, create a new folder named Utilities and add a file EncryptionHelper.cs:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace CGZAPI.Utilities
{
public static class EncryptionHelper
{
private static readonly string EncryptionKey = "MySuperSecureKey123!"; // Change this to a strong key
public static string Encrypt(string plainText)
{
byte[] keyBytes = Encoding.UTF8.GetBytes(EncryptionKey);
using (Aes aes = Aes.Create())
{
aes.Key = keyBytes;
aes.GenerateIV();
using (var encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
{
using (var ms = new MemoryStream())
{
ms.Write(aes.IV, 0, aes.IV.Length);
using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
using (var writer = new StreamWriter(cs))
{
writer.Write(plainText);
}
}
return Convert.ToBase64String(ms.ToArray());
}
}
}
}
public static string Decrypt(string encryptedText)
{
byte[] fullCipher = Convert.FromBase64String(encryptedText);
byte[] keyBytes = Encoding.UTF8.GetBytes(EncryptionKey);
using (Aes aes = Aes.Create())
{
aes.Key = keyBytes;
byte[] iv = new byte[aes.BlockSize / 8];
Array.Copy(fullCipher, iv, iv.Length);
aes.IV = iv;
using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
{
using (var ms = new MemoryStream(fullCipher, iv.Length, fullCipher.Length - iv.Length))
{
using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
using (var reader = new StreamReader(cs))
{
return reader.ReadToEnd();
}
}
}
}
}
}
}
}
What This Script Does:
Encrypt(string plainText): Encrypts Firebase credentials before sending them.Decrypt(string encryptedText): Decrypts Firebase credentials in the backend before loading them.
Step 3: Create AuthController.cs to Handle API Requests
In ASP.NET Core, controllers handle HTTP requests.
Creating the Controller Folder:
- Inside your
.NET backend project, create a new folder namedControllers. - Inside the
Controllersfolder, create a new fileAuthController.cs. - Add the following code:
using Microsoft.AspNetCore.Mvc;
using FirebaseAdmin.Auth;
using CGZAPI.Services;
using CGZAPI.Utilities;
namespace CGZAPI.Controllers
{
[Route("api/auth")] // Defines the base route for this controller
[ApiController] // Marks this class as an API Controller
public class AuthController : ControllerBase
{
[HttpPost("register")] // Defines an HTTP POST endpoint at api/auth/register
public async Task<IActionResult> RegisterUser([FromBody] FirebaseRequest request)
{
var firebaseApp = FirebaseManager.InitializeFirebase(request.EncryptedFirebaseJson);
var auth = FirebaseAuth.GetAuth(firebaseApp);
var user = await auth.CreateUserAsync(new UserRecordArgs
{
Email = request.Email,
Password = request.Password,
});
return Ok(user.Uid);
}
}
}
Explanation of Key Concepts:
[Route("api/auth")]→ Defines the base URL for this controller (api/auth).[ApiController]→ Marks this as an API controller, which means it handles HTTP requests.[HttpPost("register")]→ Defines an HTTP POST request atapi/auth/register.[FromBody]→ This tells .NET to extract data from the request body as JSON.IActionResult→ Represents the HTTP response type (e.g., 200 OK for success, 400 Bad Request for errors).
Step 4: Sending an Encrypted Request from the Client
Instead of sending raw Firebase JSON, the frontend encrypts it before sending:
{
"email": "userone@one.com",
"password": "SecurePass123",
"encryptedFirebaseJson": "(encrypted json string)"
}
The backend decrypts it and initializes Firebase dynamically.
Summary & Next Steps
What We Covered:
✅ Installed Firebase Admin SDK in .NET.
✅ Implemented AES encryption for Firebase credentials.
✅ Created Controllers folder and added AuthController.cs.
✅ Explained [Route], [ApiController], [HttpPost], and [FromBody].
✅ Sent an encrypted authentication request from the frontend.
Next Lesson: Implementing AdMob Integration in .NET
Now that authentication is set up securely, in the next lesson, we will integrate Google AdMob for in-app monetization.
➡ Continue to Lesson 4
