Introduction
OAuth is an open standard for authorization. It allows users to approve application to act on their behalf without sharing their password.
In this article, I am going to provide details about doing 2-Legged OAuth authentication in C# using OAuth.net library. You can read the full
OAuth specification at: http://oauth.net/.
You could find a lot of examples and sample code on how to do it in Java. But I did not find a good enough example to do it in .NET.
During one of my assignments, I had to spend considerable time to perform this, so I decided to write this article.
Background
OAuth provides two ways of authentication: 3 –Legged or 2–Legged authentication.
2- Legged authentication means that customer already has access to valid set of OAuth Consumer credentials (key & secret).
You need to create a User’s OAuth Token request by signing the request as described in the OAuth Consumer Request Specification.
The following OAuth article provides a very extensive detail about what all is required to perform an OAuth Consumer Request.
http://oauth.net/core/1.0/#sig_base_example
The main advantage of 2 legged authentication is that the user experience is seamless since no additional User interactions are required to initiate an API session.
Using the code
The code is self explanatory. Use the attached ServiceProvider
class to instantiate an OAuth Request. You can use
PostData
\GetData
methods to perform
POST\GET requests, respectively.
ServiceProvider provider = new ServiceProvider(serviceUrl, consumerKey, secret);
The GenerateRequest function shows how to sign an OAuth Request.
private HttpWebRequest GenerateRequest(string contentType, string requestMethod)
{
var ts = UnixTime.ToUnixTime(DateTime.Now);
var param = new OAuthParameters() {
ConsumerKey = _consumerKey,
SignatureMethod = SigningProvider.SignatureMethod,
Version = Constants.Version1_0,
Nonce = NonceProvider.GenerateNonce(ts),
Timestamp = ts.ToString(),
};
var signatureBase = SignatureBase.Create(requestMethod.ToUpper(), _serviceProviderUri, param);
param.Signature = SigningProvider.ComputeSignature(signatureBase, _consumerSecret, null);
var httpWebRequest = (HttpWebRequest)WebRequest.Create(_serviceProviderUri);
httpWebRequest.Method = requestMethod;
httpWebRequest.ContentType = contentType;
httpWebRequest.Timeout = RequestTimeOut;
httpWebRequest.Headers.Add(Constants.AuthorizationHeaderParameter, param.ToHeaderFormat());
return httpWebRequest;
}
Dependencies
The code is dependent on OAuth.Net library (http://code.google.com/p/oauth-dot-net/).
You will need to add a reference to the OAuth libraries to compile the code.