Home/ Questions/Q 3950268
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T01:35:31+00:00

I’m trying to use Oauth to connect to salesforce from a .NET app. I’m

  • 0

I’m trying to use Oauth to connect to salesforce from a .NET app. I’m using DotNetOpenAuth at the moment, and having no luck. I can get twitter / google etc to work fine, but when I create a new consumer service for Salesforce, it just gives me an error (400 / Bad Request)

I’m using the InMemoryTokenManager, but before I get shouted at, let me re-iterate that twitter et al work fine this way. I do intent to replace the inmemorytoken manager with a database implentation, but for now I just want to get it working.

The strange thing is, if I manually create the URL – https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=%5Bconsumer_key%5D&redirect_uri=%5Bredirect_url%5D and enter it in the browser I end up at a salesforce page to authorise the app to access my account – the one I expect to see should everything work.

Is this expected behaviour? It seems like a security hole, but maybe I’m not understanding everything correctly.

Any ideas where I’m going wrong?

ConsumerCode – (well, the important part at least)

public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
    RequestTokenEndpoint = 
        new MessageReceivingEndpoint(
        "https://login.salesforce.com/services/oauth2/authorize", 
        HttpDeliveryMethods.GetRequest | 
        HttpDeliveryMethods.AuthorizationHeaderRequest),
    UserAuthorizationEndpoint = 
        new MessageReceivingEndpoint(
        "https://login.salesforce.com/services/oauth2/authorize", 
        HttpDeliveryMethods.GetRequest | 
        HttpDeliveryMethods.AuthorizationHeaderRequest),
    AccessTokenEndpoint = 
        new MessageReceivingEndpoint(
        "https://login.salesforce.com/services/oauth2/token", 
        HttpDeliveryMethods.GetRequest | 
        HttpDeliveryMethods.AuthorizationHeaderRequest),
    TamperProtectionElements = 
    new ITamperProtectionChannelBindingElement[] { 
    new HmacSha1SigningBindingElement() },
};

OAuthController.cs

if (this.SFTokenManager != null)
{
    var SF = new WebConsumer(SFConsumer.ServiceDescription, this.SFTokenManager);
    // Is Twitter calling back with authorization?
    var accessTokenResponse = SF.ProcessUserAuthorization();
    if (accessTokenResponse != null)
    {
        this.SFAccessToken = accessTokenResponse.AccessToken;
    }
    else if (this.SFAccessToken == null)
    {
        // If we don't yet have access, immediately request it.
        SF.Channel.Send(SF.PrepareRequestUserAuthorization());                    
    }
    return View("SFIn");
}
else
{
    return View("SFOut");
}

The line I get my 400 at is 

// If we don't yet have access, immediately request it.
SF.Channel.Send(SF.PrepareRequestUserAuthorization());
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    DotNetOpenAuth says its oAuth support is 1.0 & 1.0a, while you’re trying to access the oAuth 2.0 service at salesforce, the 2 protocols are not compatible.

    • 0