bgeek.net

Featured

Behaviour Driven Development

Posted by Owen Evans on Thursday, October 22nd, 2009

Last night I had a lot of fun presenting at the Wellington .net User Group on Behaviour Driven Development.

Below are the slides from the talk.

Bahaviour Driven DevelopmentView more presentations from buildmaster. Sphere: Related Content

continue reading

TechEd 2009 Day 2

Posted by Owen Evans on Tuesday, September 15th, 2009

Day 2 seems a bit thinner on the ground for dev talks.

Challenging the role of Software Architect by Kevin Fancis Not so much challenging as saying we need them more, which I disagree with, had personal disagreements with the content of the talk and for the first time at TechEd I felt compelled to leave the [...]

continue reading

TechEd 2009 Day 1

Posted by Owen Evans on Monday, September 14th, 2009

Well day one is coming to a close, so before I forget I need to get my thought’s down on paper…. well virtual paper..

keynote

I really think MS need to rethink inviting politicians to TechEd, it really adds very little value for people in the audience, in the end it’s a gathering of IT professionals and [...]

continue reading

OAuth on ASP.net MVC Projects

Posted by Owen Evans on Wednesday, February 18th, 2009

Let me introduce you to a little friend called OAuth. OAuth is an open authentication framework designed for use by web service providers allowing you to give access to applications without giving them access to user credentials.

I’ve been working on an OAuth library to turn an ASP.net MVC site into an OAuth Provider (a service that can accept incoming requests from OAuth Consumer applications)

So far it consists of the following:

OAuthController = has endpoints for RequestToken and AccessToken http requests.

OAuthSecuredAttribute = is an action filter to stop access to an action if the requester isn’t authenticated via OAuth

OAuthService = has intermediary services for the attibute and controller for:

  • Building an OAuth request (Access, Access Token and Request Token Requests)
  • Generating Request Tokens
  • Generating Access Tokens
  • Getting a saved Request Token
  • Authorising a Request Token

OAuthRequest = is a state wrapper to quickly examine if the current OAuth Request is valid

You are left to your own devices to implement the following:

IAccessToken

IRequestToken= Token objects that need to be saved and have a token string and a secret string also have some other elements

IConsumer = contracts for consumers of your service, should be able to return a secret key, a TimeStamp of the last request the consumer made (and integer, see the OAuth Specs), a list of valid request/access tokens, save a nonce for current TimeStamp value, determine weather a nonce is valid (hasn’t been used with the current TimeStamp)

ITokenGenerator = generate new request and access tokens, setting the secret and token strings

I’ve used the OAuthBase class available in the OAuth sample code

There’s a sample project so people can see how it should be used.

So head over to the project and check it out. oauth-mvc.net

PS. I’m not saying that MVC is the best way to build services, just that it’s the framework I needed to use, Alex Henderson has done some work on using OAuth with WCF projects

Sphere: Related Content

Posted in: [|].

kick it on DotNetKicks.com

Shout it

  • Do you know if there is a library somewhere for ASP.NET MVC to consume such providers?
  • So you want to get an asp.net mvc site to connect to an API that is secured
    by OAuth? Currently no there isn't such a thing, I would suggest getting
    hold of my project and looking at the OAuthBase and how it's used, the
    signing is the same on both ends (the server re-enacts the signing process
    and then checks that the signatures are equal) that should give you
    somewhere to start.
    I'm going to write a couple of test client libraries but they're a week or
    more away.

    O

    2009/2/20 Disqus <>
  • do you know about dotnetopenid library?
    http://blog.nerdbank.net/2009/02/dotnetopenid-v...
  • I do, but only just realised that it supports OAuth, I'd actually only just recently come accross it to run with openid, I'll take a bigger look at it.

    Cheers
    Owen
blog comments powered by Disqus

Copyright © 2008 - Owen Evans [bgeek.net]
Brought to you by Smashing Magazine - Smashing Jobs