C# Application to Firebase – Working with Authentication

Authenticating a connection to the Firebase database through use of a C# application.

Keep your project safe and allow only those you want to have permission to access data within your database. In this post we will be going through one of the ways we can have some form authentication implemented in to any project. Within our project we are first setting up some authentication rules for read and write permission to the firebase database. This means that any requests made to the database will be denied unless unauthorised. In order to have these requests authorised the databases secret key will need to be made use of within the HTTP request.

To set the authentication rules, first head in to the firebase project and click on the database button. Select then the rules tab, by default if you have created your project in test mode both the read and write functions will be set to true and will be something similar to that seen in the below .

"rules": {
".read": true,

We want to change both of the above read and write to false instead, meaning that no one will have the permission to read or write to the database project, once you have done this your rules should be seen similar to the below.

“rules”: {
“.read”: false,

Firebase includes within all its projects a database secret. Although Firebase no longer promotes its use and states that this feature is now deprecated, it may still be used for personal projects. Firebase now promotes the use of legacy tokens and other methods.

The database secret can be found by clicking on the Settings cog within your project and then selecting Project Setting. We then want to click on the Service accounts tab and select database secrets on the main page. Once this has been clicked on you will be presented with the database secret for your project. The database secret will look something like the below


We then need to copy this database secret and attach it to HTTP web request URL that is being used within our C# application. Without it we can expect a lot of 401 exceptions. There are many ways in which you can have the database secret added to the URL however in this example we are going for the easiest which is pasting it in. Once you have done this your HTTP web request URL should look like the following.


Some example source code has been included in the below to display how this all may come together to form a project. The project we have implemented it in to is the updating of child nodes via use of the current hour, minute and second.

using System;
using System.Text;
using System.Windows.Forms;
using System.Net;
using System.IO;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;

namespace WindowsFormsApplication
public partial class Form1 : Form
public Form1()

while (true)

DateTime date = DateTime.Now;
string hour = date.ToString("HH");
string minutes = date.ToString("mm");
string seconds = date.ToString("ss");

string jsondata = @"{'Time':{'Hour': "+hour+",'Minute': " + minutes + ", 'Second': " + seconds + ", }}";
JObject data = JObject.Parse(jsondata);
string json = JsonConvert.SerializeObject(data);

var request = WebRequest.CreateHttp("https://PROJECT_NAME.firebaseio.com/.json?auth=1I3fI11Lza1pFcQ1eyR7ghJs1JQJno1kaZnruRmD");
request.Method = "PATCH";
request.ContentType = "json";
var buffer = Encoding.UTF8.GetBytes(json);
request.ContentLength = buffer.Length;
request.GetRequestStream().Write(buffer, 0, buffer.Length);
var response = request.GetResponse();
json = (new StreamReader(response.GetResponseStream())).ReadToEnd();


Leave a Reply