Reputation: 1937
Implement OAuth2 with Asp.net 4.0
I have a .NET 4.0 application and I need to add an OAuth2 authentication with a third tier. And I am little bit confused (hard to find sample and documentation for .NET 4.0).
Could I use Microsoft.AspNet.Membership.OpenAuth (OAuth 2.0) with Asp.net 4.0 (.NET 4.0) ?
The other option I have is to use DotNetOpenAuth, but I have some trouble to found an example with Callback for Webforms in .NET 4.0.
From my understanding I should have an authentication page (login page) :
var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");
// CallBack
var state = new AuthorizationState();
var uri = Request.Url.AbsoluteUri;
uri = RemoveQueryStringFromUri(uri);
state.Callback = new Uri(uri);
var accessTokenResponse = medOK.ProcessUserAuthorization();
if (accessTokenResponse != null){
//If you have accesstoek then do something
} else if (this.AccessToken == null) {
// If we don't yet have access, immediately request it.
medOK.PrepareRequestUserAuthorization(state);
medOK.RequestUserAuthorization();
}
And a callback page (let's say an ashx page) with :
var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");
var response = medOK.GetClientAccessToken();
// Then I get claims
Make sens ? (I tried to be concise and do not write all what I tried, but if needed I can provide more information)
Upvotes: 2
Views: 10420
Answers (1)
Reputation: 1937
If you are using 4.5 or higher use Owin as described in many website blogpost and if you create an Asp.net project with Visual Studio 2013+ template you will have an example how to implement it, like mentioned here. Or you can use IdentityModel which is simple to use.
For .NET 4.0, I ended to use DotNetOpenAuth, it was not an easy way to find how to call the library, so I will share my finding, the first step id to get a user authorization.
var client = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "client id");
client.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("secrete");
// CallBack
uri = RemoveQueryStringFromUri(callBack);
state.Callback = new Uri(uri);
var accessTokenResponse = client.ProcessUserAuthorization();
if (accessTokenResponse != null){
//If you have accesstoek then do something
} else {
// If we don't yet have access, immediately request it.
client.PrepareRequestUserAuthorization(state).Send();
}
With GetAuthServerDescription building an AuthorizationServerDescription
And the method for the callback url is a simple post (to get the token) as I didn't found how to send the exact parameters I needed to send to my provider.
Upvotes: 5
Related Questions
- How can I get the client's IP address in ASP.NET MVC?
- Could not load file or assembly ... An attempt was made to load a program with an incorrect format (System.BadImageFormatException)
- What is the purpose of the implicit grant authorization type in OAuth 2?
- Implementing DotNetOpenAuth (oAuth2) for WCF (Rest Service) Framework 4.0
- Simple Spring Oauth2 flow using Postman
- OWIN Security - How to Implement OAuth2 Refresh Tokens
- DotNetOpenAuth OAuth2 Accessing Extra Data
- Do I need to implement OpenID as well as OAuth 2 to provide OAuth-style API authentication and authorisation?
- OAuth2 different client authentication methods