My Foray into OAuth with MVC.net is getting more thorough. I quickly came upon a problem in the project as it stood with regards to the signing methods I’d used.I’d grabbed the OAuth base class from the samples available over on [oauth.net](http://www.oauth.net) but quickly found out (well actually not that quickly, I still had to throw away a lot of code) that the signing method is deeply flawed. I personally belive that this file should be either fixed or dumped, it shouldn’t be held up as an example of OAuth.net. I looked at the other libraries available for OAuth and here are my thoughts: * [dotnetopenid/dotnetopenauth](http://github.com/AArnott/dotnetopenid/tree/master): while I think this is a great library for OpenID i think it’s obfuscated a few things too many about the signing process. I found the library really hard to get a handle on what was happening where, I suggest you take a look at this as no doubt it’s a very feature rich library, but it didn’t suit my TDD development process and didn’t give me the understanding I wanted over the process going on * [OAuth Library for .net](http://code.google.com/p/oauth-dot-net/): this seemed promising at first but I found that the library was too rooted in the old ASP.net page lifecycle and would have taken a fair amount of work to rip out all the references to HttpContext, again it just didn’t suit my development processes. * [DevDefined.OAuth library](http://code.google.com/p/devdefined-tools/): While documentation is lacking for this library compared to the others, it’s not hard to get a handle on the code. It’s lightweight and mimics my mental model of the OAuth Provider workflow. I found this the easiest to understand and tweak to my liking. So I settled on DevDefined.OAuth library and made a number of changes to allow it to integrate with my TDD cycle, and had to make a couple of changes to get it to adequately work as a provider. I’ve not fully tested the solution yet but I’m pretty happy that the simple cases are covered. So the codes been fully refactored/rewritten (urgh! A rewrite after only a week!) and I’ve uploaded to [github](http://github.com/buildmaster/oauth-mvc.net/) with the modified DevDefined.OAuth library, I’ve also submitted a patch to [Alex Henderson](http://blog.bittercoder.com) so that the changes I’ve made wont be lost, however they rely on the ASP.net MVC framework (for HttpContextBase and HttpResponseBase) so I’m not sure how that should be handled. I might have to suggest a branch. So grab the code, check the sample (which will allow you to authenticate with a consumer key “key” and consumer secret “secret”) You’ll need to implement your own ITokenStore, IConsumerStore and INonceStore for your own application. I’ll be adding some more changes as we go along but at the moment it supports: * Automagically adding two urls to your site (/oauth/RequestToken, /oauth/AccessToken) which will handle requests for RequestTokens and AccessTokens * An Authorization filter called OAuthSecured just add this to any controllers/actions you want to be secured resources. * A binder to allow you just to take in an IOAuthContext (or IToken or IConsumer as IOAuthContext implements these) as a parameter to your mvc actions. Take a look at the sample and feedback is always welcome.