 Working with databases online has become much easier over the recent years. The emergence of databases as a service, specifically Firebase, makes quick integrations much easier. It's important to keep application user data separate from personally identifiable information, especially in this day and age. When using a third-party auth provider like Octa, it becomes a lot easier to store user information like a name or an email address directly in their system benefiting from their oversight and protection. For transaction heavy applications with requirements like logging, sign-in timestamps, real-time messaging, or even monetary purchases, using a secondary database can assist with that and be set up quite rapidly. While there are many, many configurations that Firebase can support, this tutorial will cover a loose integration into your ASPnet MVC application. Let's get started! First, you will create a new project in Firebase. Visit firebase.google.com and click on Get Started and sign in with your Google account if you have not signed in already. Select Add Project and we're going to name this Firebase MVC Octa sample. Click Continue and create the project. This will take a couple of seconds to a couple of minutes to do. Your new project is ready. Perfect. Click Continue. Now that you will land directly onto the Firebase Console dashboard, expand the Develop menu on the left-hand side and select Database. Scroll down to the real-time database option and click Create Database. Now you'll be presented with security rules for this new database. Select Start in Test Mode and click Enable. You will land on the real-time database with your initial node set to null, because you haven't added any data yet. Copy the link to your Firebase database. This will allow you to get up and running quickly for the tutorial. Google gives you a warning about the security rules and this is a good thing. For the purposes of this tutorial, you can leave the rules unrestricted for this proof-of-concept integration because Octa is going to handle that security. Open Visual Studio 2019 and select Create a New Project. Choose ASPnet MVC Web Application. Click Next. Name the project Firebase MVC Octa App. Make sure the .NET framework is selected and then click Create. Select MVC, leave all the defaults and select Create. Notice you will leave authentication to no authentication because Octa will handle that on their side. Now that you have the default MVC .NET app started, you'll need to create an object that will represent what will be saved inside of your Firebase database for each user that you interact with. Right-click on the Models folder. Add a new class called LoginData.cs. Add the following property inside of the class called Timestamp UTC. Now you'll need to add a library to handle database access. Right-click on the project, select Manage NuGet Packages, and install FirebaseDatabase.NET. Once that's installed, go back to the Home Controller and add the following references to the Using section. We're going to add Firebase Database, Firebase Database Query, System.Link, and System Threading Tasks. Now replace the About Action results with the following function. Go ahead and resolve to System Threading Tasks and use the new model. Let's go over what that means. First, we're going to simulate the test user data and the login timestamp. Then we're going to save non-identifying data to Firebase by setting a variable to the timestamp by newing up that object, creating a new Firebase client with our project URL, and then setting a results object to the post async. Once we're done with that, then we'll retrieve the data from Firebase, set that timestamp to a list, convert the JSON data to the original data type, and pass the data to the view. Remember to replace your Firebase project URL with the one that we just created. Let's test out the database read and write visually by updating the About View of your MVC application. Expand the Views folder, openabout.cshtml, openabout.cshtml, open the About page, and replace it with the code below. All we're doing is adding a list of timestamps inside of your login's object. Build and launch your application in a browser. Take a look at your Firebase database at the same time. To go back, click on the About navigation link. The act of launching the view will add a timestamp to the page. Now look at your Firebase console tab. Expand the nodes to see how the data was saved in the JSON format style. Notice that there is a randomly generated session node the timestamp is inside of. That is built into the PostAsync method in the Firebase database library for the final child object that we said previously. If you navigate to the Home page, and then back to the About page, you will see an additional entry not only in the View, but in the database as well. Congratulations, you've put non-identifying data into a database with ease. If you haven't already, go to developer.doctor.com and create a free account to get started and continue with the following steps. Login to your octa.org. Visit the developer console under Users and People. Select Add Person. We're going to manually add a fake user for this text. I have a couple of additional fields that I have to add, but we don't need them for this tutorial. Make sure you select Set by Admin and then fill out a password for them. If you leave the box User Must Check Password on first login intact, then that means that the user will be sent an email and it will be set to expired. This is expected for admin-created users, as it will guide them through their reset password flow during the first login to your site without any additional work on your part. But for now, I'm going to uncheck that box as I'm just going to use this as an example. Click Save. This will also enforce password requirements. Now that you have some users in your database, set up the specific application within octa. Click Applications in the main menu and on the application screen, click Add Application. Select Web and then Next. We're going to name the application Firebase MVC OctaApp. Select Implicit in addition to the pre-selected authorization code and click Done. One more step, select Edit and add the URI Account Post Logout set to whatever your current local host is. My port is set to 51883 but yours could also be set to 8080. Select Save. Scroll down and you'll notice you'll have access to the client ID and client secret. Keep these on hand to add to your application's web config later on. Now your app is good to go and all configured for octa. It's time to revise your application, hand off the user login and allow octa to generate the object that will give you that ID that you will pass to Firebase to save additional data. Right click on the project and select Properties. Go to the Web tab and set the project URL to reflect the application settings in octa's portal. Next, right click on the project and select Manage New Get Packages and install Microsoft, OIN, Host System Web, Microsoft.OIN.Security.Cookies and last but not least, octa.asp net. Once all of that is installed, add the octa account access to your web config. Add the keys below for the octa client ID, secret, and domain. Make sure that you replace the values with the ones from your particular octa org. In order to handle OIN, we need to do that from a startup class. Right click on the project, select Add OIN startup class which will now show up because we have installed that NuGet package. And call it startup without the one. Click OK. Now replace the configuration function with this code. Because this is a claims aware application, we need to indicate where to get user identity information from. So now we need to open your global ASAC's cs file. Add the following easy. Replace the application start method with the code below to match the name of claim type name in this case from the JSON web token that you're receiving from octa in order to set your user's identifier within the anti-forgery config inside of .NET. Now go to views shared and click on the layout. Beneath the unordered list of action links, add the code below. This will add the user's name and toggle the login and logout button based on the state of the identity provider. Now you need to handle the login and logout functionality. Right click on the controllers folder and add a new MVC5 controller called account controller. Add the following easy and add this code below inside of the account controller class to handle the action results for this controller that we set up in octa. Inside of the login method, the login action result checks to see whether or not the user is already authenticated or not and then redirects accordingly. Under the HTTP post method for logout, it also checks to see if these are authenticated or not and whether to sign them out. Notice in the post logout it just does a redirect to index and home. This is something that we set up within the octa app and this is how we would handle it within the MVC application. Now open the home controller and add the authorized attribute to the very top of the about action result. This will ensure that this function will only be accessed by authenticated users and will redirect to the octa login process if they are not authenticated. That's all you need to set up the user login to redirect to octa. Now you can finally update your about function and use the octa provided user claims to retrieve the unique identifier for Firebase and update the current user to their email. Now we're going to replace our about function once more with the code below to finish this. Remembering to change the Firebase client to your Firebase project URL. Let's take a look at what it does. This gets the octa user data sets the identity within .NET takes a look at the claims that are provided claims which means the key value pairs that are sent along inside the JSON web token. I'm setting specific claims to a variable so that I can use within the program. In this case user email an octa ID maybe a current login time that I'm going to save the non identifying data the timestamp itself to Firebase. Retrieve the data from Firebase once more create a new timestamp list variable and convert the JSON data to the original data type and pass the data into the view on the list of logins for that current user. Build it and run the app in the browser. If you didn't fill out any of your domains then you're going to get a system argument exception. Set the client ID, the client secret. To set your octa domain remove the admin and the dash from your URL in the console. Remember the redirect URI and the post like a redirect URI has to match in here what it does inside of the octa application. Go back to edit and change this local host to 8080 so everything matches. If you do that though you're going to need to go back into your properties and make sure that the project URL is also set to 8080 so when you run the code it will also match. Now build and run your app in the browser. You will notice that there is a login click it and it should take you automatically through the octa process as indicated by the redirect. Sign in as the fake user that you added and now you'll see that you have a fake user set right here. If you click about the current user is displayed along with their login. If you go back to home and then click about again it does the same thing. Log into your Firebase console and go to your database. Notice that instead of the user ID being manually set it's now populated by the octa user ID from the principal identity claims that octa passed into it. If you log in and log out as a completely different user it will automatically create the data node for them in Firebase without you having to do a different call to create it. That's it. You have successfully implemented both octa and Firebase into an ASP net MVC application.