2

Lets say I have a web client (i.e. MVC 4 client) that authenticates users using an oAuth provider (i.e. Facebook, Google etc). I want to call another web service in my client logic, and that web service also authenticates with oAuth providers.

What would the web service request look like from the client? What do I need to pass to the web service?

Jezz Santos
  • 355
  • 4
  • 15

1 Answers1

2

I suggest you review this question, How do I authorize access to ServiceStack resources using OAuth2 access tokens via DotNetOpenAuth?. The poster provided his final solution, including a link to a sample solution, which he has graciously open sourced. The client side code, for his solution, looks like this: 

// Create the ServiceStack API client and the request DTO
var apiClient = new JsonServiceClient("http://api.mysite.com/");
var apiRequestDto = new Shortlists { Name = "dylan" };

// Wire up the ServiceStack client filter so that DotNetOpenAuth can 
// add the authorization header before the request is sent
// to the API server
apiClient.LocalHttpWebRequestFilter = request => {
    // This is the magic line that makes all the client-side magic work :)
    ClientBase.AuthorizeRequest(request, accessTokenTextBox.Text);
}

// Send the API request and dump the response to our output TextBox
var helloResponseDto = apiClient.Get(apiRequestDto);

Console.WriteLine(helloResponseDto.Result);

A similar solution is provided here: https://stackoverflow.com/a/13791078/149060 which demonstrates request signing as per OAuth 1.0a

var client = new JsonServiceClient (baseUri);

client.LocalHttpWebRequestFilter += (request) => {
    // compute signature using request and a previously obtained
    //  access token 
    string authorization_header = CalculateSignature (request, access_token);

    request.Headers.Add ("Authorization", authorization_header);
};
var response = client.Get<MySecuredResponse> ("/my/service");

You will, of course, need to adjust to fit the requirements of your OAuth providers, i.e. signing, token, etc.

Community
  • 1
  • 1
Pauli Price
  • 4,187
  • 3
  • 34
  • 62
  • Thanks for the pointer but there are still two details that are hard to resolve. Firstly, how to obtain the 'access_token' referenced above (from where and how), and secondly how to 'calculate the signature', with what algorithm/library. – Jezz Santos Oct 01 '13 at 06:39
  • Obtaining the 'access_token' and how to 'calculate the signature' will be implementation specific. [ServiceStack includes support for some common OAuth and OAuth2 providers](https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization). If your provider of choice is not included, you'll have to consult their documentation and implement accordingly. – Pauli Price Oct 01 '13 at 15:03
  • I see, so there is no common way to do this (for any subset of providers i.e. FaceBook, Twitter, Google) with ServiceStack, is what I hear you saying? – Jezz Santos Oct 04 '13 at 06:50
  • There is pre-built support for Twitter, Facebook and Yammer OAuth. Also supported are Google, Yahoo, MyOpenId and generic OpenID. Did you read the page I linked to in my previous comment? – Pauli Price Oct 04 '13 at 15:12
  • I did, and have read every other post about ServiceStack on Stackoverflow and elsewhere. What I am lacking is either basic understanding of how ServiceStack does its authorization, or I am not believing that there are not libraries to reuse for what seems to be a very simple and common scenario (i.e. MVC 4.0 talking to a ServiceStack web service). What I really need is a full example of this scenario where the front end is a standalone MVC application calling a secured and standalone ServiceStack web service, and where the user is authenticated in the MVC application. – Jezz Santos Oct 05 '13 at 00:08