Absolutely! You can absolutely add Google account login to your .NET 1.1 ASP.NET project without a full rewrite—here's a practical, step-by-step approach that integrates with your existing system:

We'll use OAuth 2.0 Authorization Code Flow (the most secure method for server-side apps) since .NET 1.1 doesn't have built-in OAuth libraries. This involves adding a few new pages and lightweight logic to interact with Google's APIs, no need to tear down your existing authentication system.

First, you'll need to register your app with Google to get credentials:

• Go to the Google Cloud Console, create a new project (or use an existing one).
• Navigate to APIs & Services > Credentials, then click Create Credentials > OAuth client ID.
• Select Web application as the application type.
• Add your redirect URI (this will be a new page in your project, e.g., https://yourdomain.com/GoogleLoginCallback.aspx).
• Save the generated Client ID and Client Secret—you'll need these later.

Add a "Sign in with Google" button to your existing login page. When clicked, redirect users to Google's authorization endpoint with the required parameters:

protected void btnGoogleLogin_Click(object sender, EventArgs e)
{
    // Generate a random state string to prevent CSRF attacks—store it in session
    string state = Guid.NewGuid().ToString();
    Session["GoogleAuthState"] = state;

    string googleAuthUrl = "https://accounts.google.com/o/oauth2/v2/auth?" +
        "client_id=" + HttpUtility.UrlEncode(ConfigurationSettings.AppSettings["GoogleClientId"]) + "&" +
        "redirect_uri=" + HttpUtility.UrlEncode("https://yourdomain.com/GoogleLoginCallback.aspx") + "&" +
        "response_type=code&" +
        "scope=openid%20email&" + // Request email and basic profile info
        "state=" + state;

    Response.Redirect(googleAuthUrl);
}

Pro tip: Store your Client ID/Secret in web.config's <appSettings> instead of hardcoding them for security.

Create the GoogleLoginCallback.aspx page to handle the response from Google. Here, you'll exchange the authorization code for an access token and ID token:

protected void Page_Load(object sender, EventArgs e)
{
    // Validate CSRF state first
    string returnedState = Request.QueryString["state"];
    string storedState = Session["GoogleAuthState"] as string;
    if (string.IsNullOrEmpty(returnedState) || returnedState != storedState)
    {
        Response.Redirect("Login.aspx?error=invalid_state");
        return;
    }

    // Check for authorization code
    string code = Request.QueryString["code"];
    if (string.IsNullOrEmpty(code))
    {
        // User denied access or an error occurred
        string error = Request.QueryString["error"];
        Response.Redirect($"Login.aspx?error={HttpUtility.UrlEncode(error ?? "access_denied")}");
        return;
    }

    // Exchange code for tokens
    string tokenUrl = "https://oauth2.googleapis.com/token";
    var postData = new Dictionary<string, string>
    {
        {"code", code},
        {"client_id", ConfigurationSettings.AppSettings["GoogleClientId"]},
        {"client_secret", ConfigurationSettings.AppSettings["GoogleClientSecret"]},
        {"redirect_uri", "https://yourdomain.com/GoogleLoginCallback.aspx"},
        {"grant_type", "authorization_code"}
    };

    // Enable TLS 1.2 (Google requires this; .NET 1.1 doesn't support it by default)
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

    // Construct POST request
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(tokenUrl);
    request.Method = "POST";
    request.ContentType = "application/x-www-form-urlencoded";
    
    string postContent = string.Join("&", postData.Select(kv => $"{HttpUtility.UrlEncode(kv.Key)}={HttpUtility.UrlEncode(kv.Value)}"));
    byte[] postBytes = Encoding.UTF8.GetBytes(postContent);
    request.ContentLength = postBytes.Length;

    // Write POST data
    using (Stream requestStream = request.GetRequestStream())
    {
        requestStream.Write(postBytes, 0, postBytes.Length);
    }

    // Get response
    string tokenResponse;
    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    using (StreamReader reader = new StreamReader(response.GetResponseStream()))
    {
        tokenResponse = reader.ReadToEnd();
    }

    // Parse token response (see next step)
    ParseTokenResponse(tokenResponse);
}

The tokenResponse is JSON, and .NET 1.1 doesn't have built-in JSON parsing. Use Newtonsoft.Json.NET v3.5 (the last version supporting .NET 1.1) to deserialize it, or manually parse the string if you want to avoid external libraries.

Once you have the id_token (a JWT), decode its payload to get the user's email and basic info:

• Split the JWT into three parts by .—the middle part is the payload.
• Decode it from Base64Url to a string, then parse the JSON to get email, email_verified, and other fields.

Example parsing snippet (using Newtonsoft.Json):

private void ParseTokenResponse(string tokenResponse)
{
    dynamic json = JsonConvert.DeserializeObject(tokenResponse);
    string idToken = json.id_token;

    // Decode JWT payload
    string[] tokenParts = idToken.Split('.');
    string payloadBase64 = tokenParts[1].Replace('-', '+').Replace('_', '/');
    // Pad with '=' to make Base64 valid
    payloadBase64 = payloadBase64.PadRight(payloadBase64.Length + (4 - payloadBase64.Length % 4) % 4, '=');
    
    string payloadJson = Encoding.UTF8.GetString(Convert.FromBase64String(payloadBase64));
    dynamic userInfo = JsonConvert.DeserializeObject(payloadJson);

    string userEmail = userInfo.email;
    bool isEmailVerified = userInfo.email_verified;

    // Proceed to integrate with your user system (next step)
    AuthenticateUser(userEmail);
}

Now that you have the user's verified email:

1. Check your database if an existing user is linked to this email.
2. If yes: Log them in using your existing authentication logic (e.g., FormsAuthentication.SetAuthCookie(userName, false)).
3. If no: Redirect the user to a page where they can link their Google account to an existing account, or create a new account automatically (based on your business rules).

• Error Handling: Make sure to handle cases where the user denies access, the authorization code expires, or network errors occur.
• TLS 1.2 Support: As mentioned earlier, .NET 1.1 doesn't enable TLS 1.2 by default—you must set ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072 before making requests to Google's APIs.
• Security: Always validate the state parameter to prevent CSRF attacks, and never expose your Client Secret to the client-side.

This approach adds minimal code to your existing project and doesn't require rewriting your core authentication system—perfect for a legacy .NET 1.1 app!

内容的提问来源于stack exchange，提问作者Jonathan Barbara