Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / C#

2-Legged OAuth Authentication in .NET (C#)

4.92/5 (8 votes)
5 Jul 2012CPOL1 min read 98.7K   3.4K  
2-Legged OAuth Authentication in .NET (C#)

Introduction

OAuth is an open standard for authorization. It allows users to approve application to act on their behalf without sharing their password. In this article, I am going to provide details about doing 2-Legged OAuth authentication in C# using OAuth.net library. You can read the full OAuth specification at: http://oauth.net/.

You could find a lot of examples and sample code on how to do it in Java. But I did not find a good enough example to do it in .NET. During one of my assignments, I had to spend considerable time to perform this, so I decided to write this article.

Background

OAuth provides two ways of authentication: 3 –Legged or 2–Legged authentication.

2- Legged authentication means that customer already has access to valid set of OAuth Consumer credentials (key & secret). You need to create a User’s OAuth Token request by signing the request as described in the OAuth Consumer Request Specification. The following OAuth article provides a very extensive detail about what all is required to perform an OAuth Consumer Request.

http://oauth.net/core/1.0/#sig_base_example

The main advantage of 2 legged authentication is that the user experience is seamless since no additional User interactions are required to initiate an API session.

Using the code

The code is self explanatory. Use the attached ServiceProvider class to instantiate an OAuth Request. You can use PostData\GetData methods to perform POST\GET requests, respectively.

C#
ServiceProvider provider = new ServiceProvider(serviceUrl, consumerKey, secret);
//Perform a POST requestString response = provider.PostData("application/json", data);

The GenerateRequest function shows how to sign an OAuth Request.   

private HttpWebRequest GenerateRequest(string contentType, string requestMethod)
{
    var ts = UnixTime.ToUnixTime(DateTime.Now);
    //Create the needed OAuth Parameters.
    //Refer - http://oauth.net/core/1.0/#sig_base_example
    var param = new OAuthParameters() {
    ConsumerKey = _consumerKey,
        SignatureMethod = SigningProvider.SignatureMethod,
        Version = Constants.Version1_0,
        Nonce = NonceProvider.GenerateNonce(ts),
        Timestamp = ts.ToString(),
    };
    //Generate Signature Hash
    var signatureBase = SignatureBase.Create(requestMethod.ToUpper(), _serviceProviderUri, param);
    //Set Signature Hash as one of the OAuth Parameter
    param.Signature = SigningProvider.ComputeSignature(signatureBase, _consumerSecret, null);
    var httpWebRequest = (HttpWebRequest)WebRequest.Create(_serviceProviderUri);
    httpWebRequest.Method = requestMethod;
    httpWebRequest.ContentType = contentType;
    httpWebRequest.Timeout = RequestTimeOut;
    //Add the OAuth Parameters to Authorization Header of Request
    httpWebRequest.Headers.Add(Constants.AuthorizationHeaderParameter, param.ToHeaderFormat());
    return httpWebRequest;
}

Dependencies

The code is dependent on OAuth.Net library (http://code.google.com/p/oauth-dot-net/). You will need to add a reference to the OAuth libraries to compile the code.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)