Let me introduce you to a little friend called OAuth. OAuth is an open authentication framework designed for use by web service providers allowing you to give access to applications without giving them access to user credentials.
I’ve been working on an OAuth library to turn an ASP.net MVC site into an OAuth Provider (a service that can accept incoming requests from OAuth Consumer applications)
So far it consists of the following:
OAuthController has endpoints for RequestToken and AccessToken http requests.
OAuthSecuredAttribute is an action filter to stop access to an action if the requester isn’t authenticated via OAuth
OAuthService has intermediary services for the attibute and controller for:
- Building an OAuth request (Access, Access Token and Request Token Requests)
- Generating Request Tokens
- Generating Access Tokens
- Getting a saved Request Token
- Authorising a Request Token
OAuthRequest is a state wrapper to quickly examine if the current OAuth Request is valid
You are left to your own devices to implement the following:
IRequestToken Token objects that need to be saved and have a token string and a secret string also have some other elements
IConsumer contracts for consumers of your service, should be able to return a secret key, a TimeStamp of the last request the consumer made (and integer, see the OAuth Specs), a list of valid request/access tokens, save a nonce for current TimeStamp value, determine weather a nonce is valid (hasn’t been used with the current TimeStamp)
ITokenGenerator generate new request and access tokens, setting the secret and token strings
I’ve used the OAuthBase class available in the OAuth sample code
There’s a sample project so people can see how it should be used.
So head over to the project and check it out. oauth-mvc.net
PS. I’m not saying that MVC is the best way to build services, just that it’s the framework I needed to use, Alex Henderson has done some work on using OAuth with WCF projects
Do you know if there is a library somewhere for ASP.NET MVC to consume such providers?
So you want to get an http://asp.net” rel=”nofollow”>asp.net mvc site to connect to an API that is securedby OAuth? Currently no there isn’t such a thing, I would suggest gettinghold of my project and looking at the OAuthBase and how it’s used, thesigning is the same on both ends (the server re-enacts the signing processand then checks that the signatures are equal) that should give yousomewhere to start.I’m going to write a couple of test client libraries but they’re a week ormore away.O2009/2/20 Disqus <>
do you know about dotnetopenid library?http://blog.nerdbank.net/2009/02/dotnetopenid-v30-beta-1-released.html” rel=”nofollow”>http://blog.nerdbank.net/2009/02/dotnetopenid-v…
I do, but only just realised that it supports OAuth, I’d actually only just recently come accross it to run with openid, I’ll take a bigger look at it.CheersOwen
[...] OAuth on ASP.net MVC Projects – Owen Evans shares his work on implementing OAuth authentication on ASP.NET MVC [...]
Different point of view from that post. Interesting to say the least.
Different point of view from that post. Interesting to say the least.
btw none of your URLs work on this post http://tiny.ly/OixZ Please fix paths. Crazy urls in your post. Aso too less detail