I have been trying for hours now to get OAuth working on with an API that I am working on, and obviously my approach must be wrong, because I constantly hit dead ends.

What I have got:
– An API that is implemented in .NET MVC, which returns a data result as either XML or JSON.
– It requires an API Key to be able to use the API.
– A website (X) as backend for managing the API keys.
– Another website (Y) with loads of data which this API extracts data from.

What I am supposed to get:
– The ability to let the API Keys access data on users from the website (Y), if they allow it themselves via OAuth (1.0A).

What I have tried:
– So far, my approach has been to use the DotNetOpenAuth library, but it is almost all about how to implement OpenId, and some classes in the OAuth namespace even seem hardcoded towards OpenId functionality. So I have been trying to see what is going on in the examples that are using OpenId, and see if I can use parts of that to implement OAuth without OpenId.
– Various approaches includes, on the server side, to read an “UnauthorizedTokenRequest” and return it via calling the ServiceProvider.Channel.PrepareResponse(unauthorizedTokenRequest).AsActionResult(), which for some reason tries to add two values of nonce and timestamp to the response which crashes, and skipping that, it still returns a response that I am not able to read on the client end.

So I guess, my question really is:

1. Is there a guide/documentation that tells you what parts of the DotNetOpenAuth library I should be using on the server side, and when in the process they should be used, in order to implement OAuth on a MVC server that is not hardcoded to OpenId, as neither of the websites (X nor Y) supports OpenId?
2. Should I rather use another library if I am not going to use OpenId as DotNetOpenAuth seems to be focusing the most on?
3. Any other approaches that would fit my need better are very welcome.

Thank you in advance!
– Johny, Denmark