bgeek.net

Featured

Behaviour Driven Development

Posted by Owen Evans on Thursday, October 22nd, 2009

Last night I had a lot of fun presenting at the Wellington .net User Group on Behaviour Driven Development.

Below are the slides from the talk.

Bahaviour Driven DevelopmentView more presentations from buildmaster. Sphere: Related Content

continue reading

TechEd 2009 Day 2

Posted by Owen Evans on Tuesday, September 15th, 2009

Day 2 seems a bit thinner on the ground for dev talks.

Challenging the role of Software Architect by Kevin Fancis Not so much challenging as saying we need them more, which I disagree with, had personal disagreements with the content of the talk and for the first time at TechEd I felt compelled to leave the [...]

continue reading

TechEd 2009 Day 1

Posted by Owen Evans on Monday, September 14th, 2009

Well day one is coming to a close, so before I forget I need to get my thought’s down on paper…. well virtual paper..

keynote

I really think MS need to rethink inviting politicians to TechEd, it really adds very little value for people in the audience, in the end it’s a gathering of IT professionals and [...]

continue reading

OAuth MVC.net Revisited

Posted by Owen Evans on Tuesday, March 3rd, 2009

My Foray into OAuth with MVC.net is getting more thorough. I quickly came upon a problem in the project as it stood with regards to the signing methods I’d used.

I’d grabbed the OAuth base class from the samples available over on oauth.net but quickly found out (well actually not that quickly, I still had to throw away a lot of code) that the signing method is deeply flawed. I personally belive that this file should be either fixed or dumped, it shouldn’t be held up as an example of OAuth.net.

I looked at the other libraries available for OAuth and here are my thoughts:

  • dotnetopenid/dotnetopenauth: while I think this is a great library for OpenID i think it’s obfuscated a few things too many about the signing process. I found the library really hard to get a handle on what was happening where, I suggest you take a look at this as no doubt it’s a very feature rich library, but it didn’t suit my TDD development process and didn’t give me the understanding I wanted over the process going on

  • OAuth Library for .net: this seemed promising at first but I found that the library was too rooted in the old ASP.net page lifecycle and would have taken a fair amount of work to rip out all the references to HttpContext, again it just didn’t suit my development processes.

  • DevDefined.OAuth library: While documentation is lacking for this library compared to the others, it’s not hard to get a handle on the code. It’s lightweight and mimics my mental model of the OAuth Provider workflow. I found this the easiest to understand and tweak to my liking.

So I settled on DevDefined.OAuth library and made a number of changes to allow it to integrate with my TDD cycle, and had to make a couple of changes to get it to adequately work as a provider.

I’ve not fully tested the solution yet but I’m pretty happy that the simple cases are covered.

So the codes been fully refactored/rewritten (urgh! A rewrite after only a week!) and I’ve uploaded to github with the modified DevDefined.OAuth library, I’ve also submitted a patch to Alex Henderson so that the changes I’ve made wont be lost, however they rely on the ASP.net MVC framework (for HttpContextBase and HttpResponseBase) so I’m not sure how that should be handled. I might have to suggest a branch.

So grab the code, check the sample (which will allow you to authenticate with a consumer key “key” and consumer secret “secret”)

You’ll need to implement your own ITokenStore, IConsumerStore and INonceStore for your own application.

I’ll be adding some more changes as we go along but at the moment it supports:

  • Automagically adding two urls to your site (/oauth/RequestToken, /oauth/AccessToken) which will handle requests for RequestTokens and AccessTokens

  • An Authorization filter called OAuthSecured just add this to any controllers/actions you want to be secured resources.

  • A binder to allow you just to take in an IOAuthContext (or IToken or IConsumer as IOAuthContext implements these) as a parameter to your mvc actions.

Take a look at the sample and feedback is always welcome.

Sphere: Related Content

Posted in: [|].

kick it on DotNetKicks.com

Shout it

  • joshka
    Re: HttpContextBase / ResponseBase. These are .Net 3.5 SP1, not ASP.Net specific
  • Thanks for the correction Josh, The HttpContextBase and ResponseBase classes are in 3.5sp1, originally they were in the work done for ASP.net MVC which led to my erroneous comment in the post.

    I'll correct the post and we'll see if the patch is in Alex Henderson's repository.
  • First off, thanks for rolling this code. I'm using OAuth in an MVC app (or trying to, anyway). I prefer to have access to the source, so I downloaded the source DevDefined.OAuth repo and am trying to meld your code with it. So, I'm curious what changes you made to that library to support MVC specifically. I'm running into an issue with the library even running correctly, so just thought I'd ask. =) Specifically, the request headers are read-only, so when a request comes in that doesn't have any auth information, some of the code that binds properties to a header value fails to write a temp value. Or something along those lines. :)
  • Hi David,
    the easiest thing for me to do would be to supply you with the patch file for my changes to the devdefined oauth library.

    http://cloud.github.com/downloads/buildmaster/o...

    apply it against the repository at http://devdefined-tools.googlecode.com/svn/trun...

    cheers
    Owen
  • franksalinas
    First of all I join the other commenters in thanking you for your effort creating this implementation of OAuth for MVC. It's just what I was looking for. However, I tried the sample MVC project but it does not have the SignIn controller. Is this just not checked in to github?

    Thanks
blog comments powered by Disqus

Copyright © 2008 - Owen Evans [bgeek.net]
Brought to you by Smashing Magazine - Smashing Jobs