I’m working on a project that will generate an OAuth querystring in JavaScript, using HTTPS and in internal application, so security is not a major concern at this point (figured I’d mention that up front )
The JavaScript querystring is used to call a C# script on a different server and domain, essentially to pass data from the internal application to the C# application, and allow to verification that a) the query comes from the right source, and b) the query is valid and hasn’t expired, etc.
OAuthSimple gives me a signed URL like this:
http://www.myremotesite.com/mycodepath/mycodefile.aspx?firstname=Kevin&lastname=Blount&oauth_consumer_key=ThisIsTheConsumerKey&oauth_nonce=nuOoM&oauth_signature=DAoaSxD5SvVFTTDNSxiTbANzGlc%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1313162452
My question is, one the C# side of things.. what do I do next? I’ve two thoughts, but I can’t work out which I need to explore:
- using C# generate a new signed URL and compare the two (or just compare the oauth_signature values)
- take the querystring and somehow decrypt/decode it and verify it.
I’m told that DotNetOpenAuth is the standard to use, but I can’t figure out my next step using it.
Can I get some advice on what I need to look into, or articles that explain how I should proceed?
Read the instructions on DotNetOpenAuth and make sure you understand it. I haven’t used it previously, but have heard good things about it.
The oAuth server will do several steps: