All code runs without errors, but when I check my Google Drive account I can't find the file I am uploading ("document.txt").
Also it has asked me for Authentication again.
UserCredential credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
new ClientSecrets
{
ClientId = "Here my clientid",
ClientSecret = "client secret",
},
new[] { DriveService.Scope.Drive },
"user",
CancellationToken.None).Result;
// Create the service.
var service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Drive API Sample",
});
File body = new File();
body.Title = "My document";
body.Description = "A test document";
body.MimeType = "text/plain";
byte[] byteArray = System.IO.File.ReadAllBytes("document.txt");
System.IO.MemoryStream stream = new System.IO.MemoryStream(byteArray);
FilesResource.InsertMediaUpload request = service.Files.Insert(body, stream, "text/plain");
request.Upload();
File file = request.ResponseBody;
Questions:
Why cant I find my uploaded file, and how can I get it to remember my authentication.
I think you are forgetting body.Parent so it doesn't know what directory to place the file into.
parents[] list Collection of parent folders which contain this file.
Setting this field will put the file in all of the provided folders.
On insert, if no folders are provided, the file will be placed in the
default root folder.
example:
body.Parents = new List<ParentReference>() { new ParentReference() { Id = 'root' } };
You are getting asked for authentication again because you aren't saving authentication.
//Scopes for use with the Google Drive API
string[] scopes = new string[] { DriveService.Scope.Drive,
DriveService.Scope.DriveFile};
// here is where we Request the user to give us access, or use the Refresh Token that was previously stored in %AppData%
UserCredential credential =
GoogleWebAuthorizationBroker
.AuthorizeAsync(new ClientSecrets { ClientId = CLIENT_ID
, ClientSecret = CLIENT_SECRET }
,scopes
,Environment.UserName
,CancellationToken.None
,new FileDataStore("Daimto.GoogleDrive.Auth.Store")
).Result;
FileDataStore stores the authentication data in the %appdata% directory.
More detailed information can be found in the tutorial Google Drive API with C# .net – Upload
Update For the following error:
"The API is not enabled for your project, or there is a per-IP or
per-Referer restriction configured on your API key and the request
does not match these restrictions. Please use the Google Developers
Console to update your configuration. [403]"
Go to Developer console for your project here Under APIs & auth -> APIs enable Google drive API and sdk. Also go to credentials and make sure you added a product name and email.
Related
I'm trying to upload files using the Google Drive API and am getting a URI mismatch error from Google when clicking the upload button on my page. The URI that Google shows isn't even a part of the website, nor is a URI that I supplied to Google, so I have no idea where it's coming from.
Here is the APIHelper class I created based off of this tutorial (which shows that the code should work on a website)
public class GoogleDriveAPIHelper
{
//add scope
public static string[] Scopes = { DriveService.Scope.Drive };
//create Drive API service.
public static DriveService GetService()
{
//get Credentials from client_secret.json file
UserCredential credential;
//Root Folder of project
var CSPath = System.Web.Hosting.HostingEnvironment.MapPath("~/");
using (var stream = new FileStream(Path.Combine(CSPath, "client_secret.json"), FileMode.Open, FileAccess.Read))
{
string FolderPath = System.Web.Hosting.HostingEnvironment.MapPath("~/");
string FilePath = Path.Combine(FolderPath, "DriveServiceCredentials.json");
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(FilePath, true)).Result;
}
//create Drive API service.
DriveService service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Documents Uploader",
});
return service;
}
//file Upload to the Google Drive.
public static void UploadFile(string folderID, HttpPostedFileBase file)
{
if (file != null && file.ContentLength > 0)
{
//create service
DriveService service = GetService();
string path = Path.Combine(HttpContext.Current.Server.MapPath("~/GoogleDriveFiles"),
Path.GetFileName(file.FileName));
file.SaveAs(path);
var FileMetaData = new Google.Apis.Drive.v3.Data.File
{
Name = Path.GetFileName(file.FileName),
MimeType = MimeMapping.GetMimeMapping(path),
//id of parent folder
Parents = new List<string>
{
folderID
}
};
FilesResource.CreateMediaUpload request;
using (var stream = new FileStream(path, FileMode.Open))
{
request = service.Files.Create(FileMetaData, stream, FileMetaData.MimeType);
request.Fields = "id";
request.Upload();
}
}
}
}
And the post
[HttpPost]
public ActionResult Index(HttpPostedFileBase file)
{
string folderID = "1L9QUUgmtg8KUdNvutQ1yncIwN_uLz4xs";
if (TempData["Success"] == null)
{
// show all fields
ViewBag.ShowForm = true;
ViewBag.ShowButtons = false;
}
else
{
// hide all elements on the page for success message
ViewBag.ShowForm = false;
ViewBag.ShowButtons = true;
}
GoogleDriveAPIHelper.UploadFile(folderID, file);
TempData["Success"] = "File successfully uploaded";
return View();
}
I have heard that the tutorial is referencing code that only works for standalone apps and not web apps, so it's odd that the screenshots in the tutorial are from a website. shrug I'll keep looking for tips and tricks, but in the meantime, I'm posting this to see if anyone else has written a site to upload through the Google drive to a specific folder, not the root. TIA!
Edit: Here are screenshots of the redirect URI I set up in the Google Cloud Console. Prod & localhost
Edit: Startup.Auth.cs - this is used for pass through ADFS authentication and has nothing to do with the Google Drive API
private void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
// TempData and Owin don't get along, use this workaround to force a custom cookie manager
// https://stackoverflow.com/questions/28559237/intermittent-redirection-loops-during-adfs-authentication
CookieManager = new SystemWebCookieManager()
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = ConfigurationManager.AppSettings["ida:Wtrealm"],
MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"]
});
}
The realm matches the URI in the Google console and the metadata is the same xml link I use in all my web apps that use ADFS pass through auth, which has worked flawlessly. Nothing in my web.config file mention the IP address that Google says is my redirect URI either.
The URI that Google shows isn't even a part of the website, nor is a URI that I supplied to Google, so I have no idea where it's coming from.
The redirect uri is built buy the client library you are using. Your app is set to run http not https its running localhost and not hosted so its 127.0.0.1 the port is also either being randomly generated by your app or something that you have set up statically. the /authorize is attached again by the client library.
The redirect uri is the location your code is prepared to accept the response from the authorization server. This URI needs to be configured in Google cloud console. The easiest solution is to copy it exactly and add it as a redirect uri in Google cloud console. Just make sure that your app is set to use a static port if the port changes its not going to work.
This video will show you how to add it. Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
Web applications
public void ConfigureServices(IServiceCollection services)
{
...
// This configures Google.Apis.Auth.AspNetCore3 for use in this app.
services
.AddAuthentication(o =>
{
// This forces challenge results to be handled by Google OpenID Handler, so there's no
// need to add an AccountController that emits challenges for Login.
o.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
// This forces forbid results to be handled by Google OpenID Handler, which checks if
// extra scopes are required and does automatic incremental auth.
o.DefaultForbidScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
// Default scheme that will handle everything else.
// Once a user is authenticated, the OAuth2 token info is stored in cookies.
o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogleOpenIdConnect(options =>
{
options.ClientId = {YOUR_CLIENT_ID};
options.ClientSecret = {YOUR_CLIENT_SECRET};
});
}
I want to download an Excel sheet from Google Drive using ASP.NET Core. The code is working, but the downloaded file doesn't have the same formatting than it has on Drive.
Here is the code:
public async Task<byte[]> DownloadFile(string fileId)
{
using var ms = new MemoryStream();
var url = $"https://docs.google.com/spreadsheets/d/{fileId}";
var scopes = new string[] { DriveService.Scope.Drive, DriveService.Scope.DriveFile, };
//Using Desktop client Approach
var clientId = "my client id";
var clientSecret = "my client secret";
var secrets = new ClientSecrets { ClientId = clientId, ClientSecret = clientSecret };
try
{
var credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets, scopes, "CIS Test Server", CancellationToken.None, new FileDataStore("MyAppsToken")).ConfigureAwait(true);
using var _service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Demo App"
});
var file = _service.Files.Get(fileId);
file.MediaDownloader.Download(url, ms);
}
catch (Exception ex)
{
//log exception
}
return ms.ToArray();
}
Here is the required formatting:
Here is what we're getting:
Also, there is a message shown when we open the downloaded file:
Javascript is not enabled on your browser so this file can't be opened enable and reload.
You are actually downloading the actual page, not the spreadsheet itself.
You cannot download an spreadsheet directly, as it's a Google Docs file. You need to export it into another format (for example CSV). To do that you need to use var request = _service.Files.Export(fileId, "text/csv") and then download it with one of the methods available (for example DownloadAsync). Obviously you can change the MIME type to your needs.
References
FileResource method: Export(String, String) (.NET API reference)
ExportRequest methods (.NET API reference)
I implemented login process successfully in my Xamarin forms app using Xamarin.auth. now I want to connect to Google APIs and upload AppData. here is the Code I tried,
I tread to fetch the GoogleCredential using token and providing this Credential to Google API but it failed.
var store = AccountStore.Create();
var SavedAccount = store.FindAccountsForService(GoogleDriveBackup.Auth.Constants.AppName).FirstOrDefault();
GoogleCredential credential2 = GoogleCredential.FromAccessToken(SavedAccount.Properties["access_token"]);
var driveService = new Google.Apis.Drive.v3.DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential2,
ApplicationName = "myApp",
});
FilesResource.CreateMediaUpload request;
var filePath = Path.Combine(path, filename);
using (var stream = new System.IO.FileStream(filePath,
System.IO.FileMode.Open))
{
request = driveService.Files.Create(
fileMetadata, stream, "application/json");
request.Fields = "id";
request.Upload();
}
var file = request.ResponseBody;
request.ResponseBody is always null. I thought that it has something to do with credentials.
I tried using
var store = AccountStore.Create();
var SavedAccount = store.FindAccountsForService(GoogleDriveBackup.Auth.Constants.AppName).FirstOrDefault();
var flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "xxxx-xxx.apps.googleusercontent.com",
ClientSecret = "xxxxxxxx"
}
});
Google.Apis.Auth.OAuth2.Responses.TokenResponse responseToken = new Google.Apis.Auth.OAuth2.Responses.TokenResponse()
{
AccessToken = SavedAccount.Properties["access_token"],
ExpiresInSeconds = Convert.ToInt64(SavedAccount.Properties["expires_in"]),
RefreshToken = SavedAccount.Properties["refresh_token"],
Scope = DriveService.Scope.DriveAppdata,
TokenType = SavedAccount.Properties["token_type"],
};
var token= SavedAccount.Properties["access_token"];
var credential = new UserCredential(flow, "", responseToken);
But above case requires Client Secret which I don't have as I created "Android App" in the google console and signed in using on ClientId. So I read somewhere that I should create "Others" in the google console and use ClientId and Client Secret from there which makes not much sense to me because I am logged in with different client id's. Anyway, I tried that also but the response was null.
So what is the deal here? How can achieve my goal?
The google .net client library doesn't support xamarin. I am actually surprised you got it working this far. The main issue you are going to have is the authentication as you have already noticed the credential type for the .net client library is going to be either browser, native or api key. The mobile (Android Ios) clients arnt going to work as you dont have a secret the method of authentication is different and the client library doesn't have ability to do this.
The only suggestion i would have would be to work out Oauth2 authentication with xamarin on your own and then build the TokenResponse as you are doing now. You may then be able to feed that token to the Google .net client library if you can get the dlls into your project.
To my knowlage we have no plans to support xamarinwith the Google .net clinet library in the near future please see 984 840 1167
I've programmed to my API has a service account in my application, it works fine, all connection, upload, download and delete stuff, but when I used to use User Service, all files goes to my personal drive, now it goes somewhere, I think it goes to Google Cloud Platform...
The question is, I don't have any account over there, because you need to pay to use that, so, does anyone knows where all these files goes?
Here the code I'm using to make a connection call
public static DriveService Connection(string path, string username, string p12Path)
{
var certificate = new X509Certificate2(p12Path, "XXXXXXXX", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("g service account")
{
Scopes = Scopes
}.FromCertificate(certificate));
DriveService service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName
});
return service;
}
And here the method I'm using to upload a file.
[Authorize]
public static Google.Apis.Drive.v3.Data.File Upload(DriveService service, string uploadFile, string name)
{
var body = new Google.Apis.Drive.v3.Data.File();
body.Name = name;
body.MimeType = GetMimeType(uploadFile);
byte[] byteArray = System.IO.File.ReadAllBytes(uploadFile);
System.IO.MemoryStream stream = new System.IO.MemoryStream(byteArray);
FilesResource.CreateMediaUpload request = service.Files.Create(body, stream, GetMimeType(uploadFile));
request.Upload();
return request.ResponseBody;
}
So, can anyone help me?
As stated in this thread, the code is the same and there is no difference if you are using Oauth2 or a service account. You may check with this tutorial. Also based from this related post, if you want uploaded files to be in your own Drive contents, then you need to use your own account credentials to the Drive SDK. This does not need to involve user interaction. You simply need to acquire a refresh token one time, then use that subsequently to generate the access token for Drive. Hope this helps!
I've been involved with building an internal-use application through which users may upload files, to be stored within Google Drive. As it is recommended not to use service accounts as file owners, I wanted to have the application upload on behalf of a designated user account, to which the company sysadmin has access.
I have created the application, along with a service account. There are two keys created for the service account, as I have tried both the JSON and PKCS12 formats trying to achieve this:
I have downloaded the OAuth 2.0 client ID details, and also have the .json and .p12 files for the service account keys (in that order as displayed above):
I had my sysadmin go through the steps detailed here to delegate authority for Drive API access to the service account: https://developers.google.com/drive/v2/web/delegation#delegate_domain-wide_authority_to_your_service_account
We found that the only thing that worked for the "Client name" in step 4 was the "Client ID" listed for the Web application (ending .apps.googleusercontent.com). The long hexadecimal IDs listed for the Service account keys were not what it required (see below):
Previously to the above, I had code which would create a DriveService instance that could upload directly to the service account, referencing the .json file for the service account keys:
private DriveService GetServiceA()
{
var settings = SettingsProvider.GetInstance();
string keyFilePath = HostingEnvironment.MapPath("~/App_Data/keyfile.json");
var scopes = new string[] { DriveService.Scope.Drive };
var stream = new IO.FileStream(keyFilePath, IO.FileMode.Open, IO.FileAccess.Read);
var credential = GoogleCredential.FromStream(stream);
credential = credential.CreateScoped(scopes);
var service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "MyAppName"
});
return service;
}
That works for listing and uploading, though of course there's no web UI for access to the files, and it seems as though it doesn't handle things like permissions metadata or generation of thumbnails for e.g. PDFs. This is why I'm trying to use a standard account for the uploads.
Once the delegation was apparently sorted, I then attempted to adapt the code shown in the delegation reference linked above, combining with code from elsewhere for extracting the necessary details from the .json key file. With this code, as soon as I try to execute any API command, even as simple as:
FileList fileList = service.FileList().Execute();
I receive an error:
Exception Details: Google.Apis.Auth.OAuth2.Responses.TokenResponseException: Error:"unauthorized_client", Description:"Unauthorized client or scope in request.", Uri:""
The code for that effort is:
private DriveService GetServiceB()
{
var settings = SettingsProvider.GetInstance();
string keyFilePath = HostingEnvironment.MapPath("~/App_Data/keyfile.json");
string serviceAccountEmail = "<account-email>#<project-id>.iam.gserviceaccount.com";
var scopes = new string[] { DriveService.Scope.Drive };
var stream = new IO.FileStream(keyFilePath, IO.FileMode.Open, IO.FileAccess.Read);
var reader = new IO.StreamReader(stream);
string jsonCreds = reader.ReadToEnd();
var o = JObject.Parse(jsonCreds);
string privateKey = o["private_key"].ToString();
var credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes,
User = "designated.user#sameappsdomain.com"
}
.FromPrivateKey(privateKey)
);
var service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "MyAppName"
});
return service;
}
Finally, I created the second service account key to save a .p12 file in order to more closely match the code in the authority delegation documentation, but which results in the same exception:
private DriveService GetServiceC()
{
var settings = SettingsProvider.GetInstance();
string p12KeyFilePath = HostingEnvironment.MapPath("~/App_Data/keyfile.p12");
string serviceAccountEmail = "<account-email>#<project-id>.iam.gserviceaccount.com";
var scopes = new string[] { DriveService.Scope.Drive }; // Full access
X509Certificate2 certificate = new X509Certificate2(
p12KeyFilePath,
"notasecret",
X509KeyStorageFlags.Exportable
);
var credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes,
User = "designated.user#sameappsdomain.com"
}
.FromCertificate(certificate)
);
var service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "MyAppName"
});
return service;
}
The minimial relevant class where this method lives is:
public class GoogleDrive
{
public DriveService Service { get; private set; }
public GoogleDrive()
{
this.Service = this.GetService();
}
private DriveService GetService()
{
// Code from either A, B or C
}
public FilesResource.ListRequest FileList()
{
return this.Service.Files.List();
}
}
And that's used in this fashion:
var service = new GoogleDrive();
FilesResource.ListRequest listRequest = service.FileList();
FileList fileList = listRequest.Execute();
The exception occurs on that last line.
I do not understand why my service account cannot act on behalf of the designated user, which is part of the domain for which the application's service account should have delegated authority. What is it that I've misunderstood here?
I have found the answer myself, and it was configuration, not code. The link I shared with the steps for delegation of authority does not mention an option available when creating the service account: a checkbox saying that the account will be eligible for domain-wide delegation (DwD).
This link describes the service account creation and delegation more accurately: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
I did not know about DwD when I created the service account, and so I had not selected that option. It is possible to go back and edit a service account to select it. Once I did this, I was able to retrieve a correct client ID for use in the "Manage API Client Access" part of the admin console. Using the GetServiceC() method then works as intended, and I am able to retrieve files for users in the same Apps domain.
This is the checkbox that needs to be ticked for a service account to be eligible for domain-wide delegation of authority:
This is the extra information available once you've done that (with a throwaway service account alongside that did not have the box ticked, for comparison):
You may tick the checkbox Enable G Suite Domain-wide Delegation, when you create the service account on the admin panel.
Regards
Most everything looks ok but:
A. Use ServiceC code, not sure if the object typing matters but your line:
var credential = new ServiceAccountCredential...
should be
ServiceAccountCredential credential = new ServiceAccountCredential...
B. Check that the P12 file in ServiceC is the real P12 file you actually uploaded to your environment where you're running this.
C. update your question with the exact runable code you're using to create and invoke your service:filelist:execute code. This way there's more clarity and less assumptions.