How to implement OAuth for my website one and use it for website two

Question

3.00/5 (1 vote)

See more:

I want to implement OAuth/OpenID for Website One and use it in Website Two.

I create Sign Up, Sign In, Sign Out, Profile functionality/Pages for Website One and want to use authentication in Website Two like Facebook or Twitter authentication.

As an additional information if you got interest you can visit trial websites of Website One and Website Two. Please do not expect full or correct functionality because as I said above they are just trials yet.

Posted 26-Jan-13 7:42am

TIKSN Int

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ed Nutting · Accepted Answer · 2013-01-26T23:23:00

Solution 1

Hi there,

Why not Google oAuth and research/read about how oAuth works? I mean really, what are you expecting us to do?
I suggest you spend a while researching how oAuth works and particularly why the authentication/security works. Your website isn't running over HTTPS - it should be! And for oAuth, as far as I'm aware, it HAS to be for the data to be secure! This is too much work for one question and we don't have access to your source code, so we couldn't write anything for you anyway.

Ed

Posted 26-Jan-13 23:23pm

Ed Nutting

Comments

TIKSN Int 28-Jan-13 13:33pm

First thanks for response. I know OAuth concept but I was wondering which classes I have to overload or rewrite? I want to use DotNetOpenAuth lib.

Ed Nutting 28-Jan-13 13:54pm

That is a somewhat different question which perhaps you should have asked in the first place. Anyway, so far as my limited knowledge on the oAuth protocol in particular lets me, I shall try and suggest what you should do.

1. You need to be able to receive/respond to web requests with url params & input/output streams.
2. This is, essentially, the same as a page.
3. You (presumably) have different types of data you want to respond with and different sets of requests for these types of data (else your API is a one-type API but you should still follow this method so you can expand later - expansion is inevitable).
4. On this basis, you want one generic oAuth page class that can be used for multiple types of data.
5. Therefore, create yourself a class called oAuthPage which inherits from Page (see any *.aspx.cs file class declaration for what I mean).
6. In this class, add (static?) methods for handling oAuth authentication etc. and then implement those in a virtual override of the Page_Load event.
7. Add variables to the oAuthPage class for setting the response.
8. In oAuthPage class, override the Page_Unload to clear the response output stream and write the data in the response variables (that you added to the class in step 7).
9. For each request type (data-type in your API), add a new aspx page to a folder called something like "API"
10. Edit the aspx.cs file and change the inheritance from "Page" to "oAuthPage" in each of the new files.
11. You now have a generic oAuth class for any oAuth request and pages that can implement it.

In each oAuth Request Page, simply override the Page_Load event, call the parent classes Page_Load event (base.Page_Load() or something) and then immediately check that the authentication was OK. If it was, process the request. Otherwise, ignore - do not pass back error messages that reveal how your system works!

Hope this helps,
Ed