Lesson 5: Implementing User Authentication with Firebase in .NET
Meta Description
Learn how to integrate Firebase Authentication into a .NET backend. This step-by-step guide covers dynamically handling Firebase credentials, user registration, login, and token validation securely.
Why Use Firebase Authentication?
Firebase Authentication provides a secure and scalable way to authenticate users using: ✅ Email and Password Authentication
✅ OAuth with Google, Facebook, and Apple
✅ Multi-Factor Authentication (MFA)
✅ Secure Token-Based Authentication (JWT)
✅ Cloud-Managed User Accounts
By integrating Firebase with a .NET backend, you can handle authentication requests dynamically, making it scalable across multiple applications.
Step 1: Install Firebase Admin SDK in .NET
Firebase Admin SDK allows your backend to manage authentication securely.
Installation Steps:
- Open a terminal and navigate to your backend project (
CGZAPI). - Run the following command:
dotnet add package FirebaseAdmin --version 2.2.0 - Verify the package installation by checking your
CGZAPI.csprojfile.
Step 2: Create FirebaseRequest.cs Model
Since we will dynamically handle Firebase credentials, we need a model to accept requests.
Create FirebaseRequest.cs in the Models Folder:
namespace CGZAPI.Models
{
public class FirebaseRequest
{
public string EncryptedFirebaseJson { get; set; }
public string Email { get; set; }
public string Password { get; set; }
}
}
Explanation:
EncryptedFirebaseJson: The encrypted Firebase Admin SDK JSON file, sent by the client.Email: User email for authentication.Password: User password for authentication.
Step 3: Secure Firebase Credentials with Encryption
Since Firebase credentials will be sent via API requests, we must encrypt them to prevent exposure.
Create EncryptionHelper.cs in the Utilities Folder:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace CGZAPI.Utilities
{
public static class EncryptionHelper
{
private static readonly string EncryptionKey = "MySuperSecureKey123!"; // Change this to a strong key
public static string Encrypt(string plainText)
{
byte[] keyBytes = Encoding.UTF8.GetBytes(EncryptionKey);
using (Aes aes = Aes.Create())
{
aes.Key = keyBytes;
aes.GenerateIV();
using (var encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
{
using (var ms = new MemoryStream())
{
ms.Write(aes.IV, 0, aes.IV.Length);
using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
using (var writer = new StreamWriter(cs))
{
writer.Write(plainText);
}
}
return Convert.ToBase64String(ms.ToArray());
}
}
}
}
public static string Decrypt(string encryptedText)
{
byte[] fullCipher = Convert.FromBase64String(encryptedText);
byte[] keyBytes = Encoding.UTF8.GetBytes(EncryptionKey);
using (Aes aes = Aes.Create())
{
aes.Key = keyBytes;
byte[] iv = new byte[aes.BlockSize / 8];
Array.Copy(fullCipher, iv, iv.Length);
aes.IV = iv;
using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
{
using (var ms = new MemoryStream(fullCipher, iv.Length, fullCipher.Length - iv.Length))
{
using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
using (var reader = new StreamReader(cs))
{
return reader.ReadToEnd();
}
}
}
}
}
}
}
}
What This Script Does:
Encrypt(string plainText): Encrypts Firebase credentials before sending them.Decrypt(string encryptedText): Decrypts Firebase credentials in the backend before loading them.
Step 4: Create FirebaseManager.cs to Handle Authentication
Inside your .NET backend project, create a new folder named Services (if it does not exist), then add a file FirebaseManager.cs:
using FirebaseAdmin;
using FirebaseAdmin.Auth;
using Google.Apis.Auth.OAuth2;
using System.Collections.Generic;
using CGZAPI.Utilities;
namespace CGZAPI.Services
{
public static class FirebaseManager
{
private static Dictionary<string, FirebaseApp> firebaseApps = new Dictionary<string, FirebaseApp>();
public static FirebaseApp InitializeFirebase(string encryptedFirebaseJson)
{
string firebaseJson = EncryptionHelper.Decrypt(encryptedFirebaseJson);
if (!firebaseApps.ContainsKey(firebaseJson))
{
var credentials = GoogleCredential.FromJson(firebaseJson);
var appOptions = new AppOptions()
{
Credential = credentials
};
firebaseApps[firebaseJson] = FirebaseApp.Create(appOptions, firebaseJson);
}
return firebaseApps[firebaseJson];
}
}
}
Explanation:
InitializeFirebase(string encryptedFirebaseJson): Decrypts Firebase credentials and initializes Firebase.
Step 5: Create AuthController.cs to Handle API Requests
Inside your .NET backend project, create a new folder named Controllers (if it does not exist), then add a file AuthController.cs:
using Microsoft.AspNetCore.Mvc;
using FirebaseAdmin.Auth;
using CGZAPI.Services;
using CGZAPI.Models;
namespace CGZAPI.Controllers
{
[Route("api/auth")]
[ApiController]
public class AuthController : ControllerBase
{
[HttpPost("register")]
public async Task<IActionResult> RegisterUser([FromBody] FirebaseRequest request)
{
var firebaseApp = FirebaseManager.InitializeFirebase(request.EncryptedFirebaseJson);
var auth = FirebaseAuth.GetAuth(firebaseApp);
var user = await auth.CreateUserAsync(new UserRecordArgs
{
Email = request.Email,
Password = request.Password,
});
return Ok(user.Uid);
}
}
}
Explanation of Key Concepts:
[Route("api/auth")]→ Defines the base URL for this controller (api/auth).[HttpPost("register")]→ Defines an HTTP POST request atapi/auth/register.[FromBody]→ Extracts the JSON request body.
Next Steps
What We Covered:
✅ Installed Firebase Admin SDK in .NET.
✅ Implemented AES encryption for Firebase credentials.
✅ Created Controllers folder and added AuthController.cs.
✅ Explained [Route], [ApiController], [HttpPost], and [FromBody].
✅ Sent an encrypted authentication request from the frontend.
