2

I have a .NET 4.0 application and I need to add an OAuth2 authentication with a third tier. And I am little bit confused (hard to find sample and documentation for .NET 4.0).

Could I use Microsoft.AspNet.Membership.OpenAuth (OAuth 2.0) with Asp.net 4.0 (.NET 4.0) ?

The other option I have is to use DotNetOpenAuth, but I have some trouble to found an example with Callback for Webforms in .NET 4.0.

From my understanding I should have an authentication page (login page) :

var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");

// CallBack
var state = new AuthorizationState();
var uri = Request.Url.AbsoluteUri;
uri = RemoveQueryStringFromUri(uri);
state.Callback = new Uri(uri); 
var accessTokenResponse = medOK.ProcessUserAuthorization();
if (accessTokenResponse != null){
    //If you have accesstoek then do something 
} else if (this.AccessToken == null) {
    // If we don't yet have access, immediately request it.
    medOK.PrepareRequestUserAuthorization(state);
    medOK.RequestUserAuthorization();
}

And a callback page (let's say an ashx page) with :

var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");
var response = medOK.GetClientAccessToken();

// Then I get claims

Make sens ? (I tried to be concise and do not write all what I tried, but if needed I can provide more information)

Nerdroid
  • 13,398
  • 5
  • 58
  • 69
rad
  • 1,857
  • 1
  • 20
  • 30

1 Answers1

5

If you are using 4.5 or higher use Owin as described in many website blogpost and if you create an Asp.net project with Visual Studio 2013+ template you will have an example how to implement it, like mentioned here. Or you can use IdentityModel which is simple to use.

For .NET 4.0, I ended to use DotNetOpenAuth, it was not an easy way to find how to call the library, so I will share my finding, the first step id to get a user authorization.

var client = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "client id");
client.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("secrete");

// CallBack
uri = RemoveQueryStringFromUri(callBack);
state.Callback = new Uri(uri);
var accessTokenResponse = client.ProcessUserAuthorization();
if (accessTokenResponse != null){
    //If you have accesstoek then do something 
} else {
    // If we don't yet have access, immediately request it.
    client.PrepareRequestUserAuthorization(state).Send();
}

With GetAuthServerDescription building an AuthorizationServerDescription

And the method for the callback url is a simple post (to get the token) as I didn't found how to send the exact parameters I needed to send to my provider.

Nerdroid
  • 13,398
  • 5
  • 58
  • 69
rad
  • 1,857
  • 1
  • 20
  • 30