Home/ Questions/Q 8934811
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T09:52:00+00:00

I’ve been wrestling with the Twitter API for a few days now but I

  • 0

I’ve been wrestling with the Twitter API for a few days now but I cannot post a message to an authenticated user’s timeline. I’ve got an ASP.NET MVC 4 application that signs a user in via Twitter and saves the access token that comes back from the sign in process. That part works fine. I can see my application with read and write permissions within the authenticated user’s twitter account.

I’m then using that access token, along with the consumer key, consumer secret and oauth token secret associated with my Twitter application, to post to the user’s timeline. I’m getting a 401 unauthorised error every time. I’ve tried using the 1.1 API and the 1 API with the same result.

Most of the code comes from Gary Short’s article here: http://garyshortblog.wordpress.com/2011/02/11/a-twitter-oauth-example-in-c/

Here’s what I’ve got so far. If anyone can spot any clues as to what I’m missing I’d be most grateful.

    public async Task<bool> Push(TwitterMessage twitterMessage)
    {
        const string updateApi = "http://api.twitter.com/1/statuses/update.json";
        const string oauthConsumerKey = "<consumerKey>";
        const string consumerSecret = "<consumerSecret>";
        const string oauthSignatureMethod = "HMAC-SHA1";
        const string oauthTokenSecret = "<tokenSecret>";
        var signingKey = string.Format("{0}&{1}", consumerSecret.Escaped(), oauthTokenSecret.Escaped());

        var postBody = "status=" + Uri.EscapeDataString(twitterMessage.MessageContent);
        var oauthNonce = Convert.ToBase64String(new ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()));
        var oauthToken = "<authenticatedUserToken>";
        var timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
        var oauthTimestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString();

        var message = string.Format("POST {0}?{1} HTTP/1.1", updateApi, postBody.Escaped());
        var hasher = new HMACSHA1(new ASCIIEncoding().GetBytes(signingKey));
        var signatureString = Convert.ToBase64String(hasher.ComputeHash(new ASCIIEncoding().GetBytes(message)));

        ServicePointManager.Expect100Continue = false;

        var request = (HttpWebRequest)WebRequest.Create(updateApi);
        request.KeepAlive = false;

        var authorisationBuilder = new StringBuilder();
        authorisationBuilder.Append("OAuth ");
        authorisationBuilder.AppendFormat("oauth_consumer_key=\"{0}\",", oauthConsumerKey.Escaped());
        authorisationBuilder.AppendFormat("oauth_signature_method=\"{0}\",", oauthSignatureMethod.Escaped());
        authorisationBuilder.AppendFormat("oauth_timestamp=\"{0}\",", oauthTimestamp.Escaped());
        authorisationBuilder.AppendFormat("oauth_nonce=\"{0}\",", oauthNonce.Escaped());
        authorisationBuilder.AppendFormat("oauth_token=\"{0}\",", oauthToken.Escaped());
        authorisationBuilder.AppendFormat("oauth_signature=\"{0}\"", signatureString.Escaped());
        var authorisation = authorisationBuilder.ToString();
        request.Headers.Add("Authorization", authorisation);

        request.Method = "POST";
        request.ContentType = "application/x-www-form-urlencoded";
        using (var stream = await request.GetRequestStreamAsync())
        {
            var bodyBytes = new ASCIIEncoding().GetBytes(postBody);
            stream.Write(bodyBytes, 0, bodyBytes.Length);
        }

        //Allow us a reasonable timeout in case Twitter's busy
        request.Timeout = 3 * 60 * 1000;

        try
        {
            var response = await request.GetResponseAsync() as HttpWebResponse;
            return true;
        }
        catch (WebException)
        {
            return false;
        } 
    }

    public static string Escaped(this string input)
    {
        return Uri.EscapeDataString(input);
    }

UPDATE Looking at this SO post it looks like I can’t use the DotNetOpenAuth twitter client for authorisation, which I had been doing. The suggestion there is to extend the twitter consumer class instead to perform the authorisation, which will allow me to retrieve the user’s token secret (the missing piece of my puzzle I think). Will post another update when I get this working.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So the problem is an issue with DotNetOpenAuth as it currently stands. For Twitter authentication, the DotNetOpenAuth client doesn’t allow for the full authorisation flow (needed for posting to a user’s timeline). Only the access token is retrieved from the initial handshake and not the access token secret. I was using the access token secret associated with my Twitter app, rather than the Twitter user who was signing in, so authorisation was failing every time.

    UPDATE: I’ve finally gone with using Daniel Crenna’s Tweetsharp library, which makes the code a little simpler than writing my own API wrapper would have been:

    public async Task<bool> Push(TwitterAccount account)
{
    var twitterService = new TwitterService(consumerKey, consumerSecret);
    twitterService.AuthenticateWith(account.AccessToken, account.AccessTokenSecret);
    var options = new SendTweetOptions {Status = string.Format("{0} {1}", account.Message.MessageContent, account.Message.ShortLink)};
    var status = twitterService.SendTweet(options);
    return status != null;
}
    • 0