Oauth for Restful Service in c#

What is OAuth? 

OAuth is an open authorization protocol based on token exchange to secure client application access to server resources.

Get method is usually exposed to every client, so anyone can see data returned by the GET type service API. OAuth authorization protocol can help you protect your sensitive data. You can implement OAuth for GET, POST, PUT etc type service API.

I have uploaded OAuth project on my Google Drive. You can download it from this link –

https://drive.google.com/folderview?id=0B–H79LXUyHyWGdRNUVZVWJqdkE&usp=sharing 

I have used OAuth.cs file to implement OAuth in POST and GET type service API.

For more reference you can read the following link –

http://www.codeproject.com/Tips/372422/Secure-WCF-RESTful-service-using-OAUTH

There are two issues with code sample shown on the above link –

  1. Inconsistent Authentication – If you try to test your API for 10 times, it may fail for more than 3 times.

REASON –  Whenever you send signature from client to service, if + is present in signature it would be replaced by blank character.

For eg –

If Client Signature is 6523+kjnk330+njnj

Signature recieved on the service will be 6523 kjnk330 njnj

So, on the service side you have to replace blank character with +.

2.     Authentication problem due to URL – If you call service using localhost(eg – http://localhost:65020/WebClient.aspx), it would run without any problem. But, if you use IP address instead of localhost it would always fail.

REASON – WebOperationContext.Current.IncomingRequest used in service does not read the IP address of request from client. So, Authentication fails if IP address is used in request from client.

Both the issues have been resolved in the project mentioned here.

Advertisements

3 thoughts on “Oauth for Restful Service in c#

  1. vivekkumar11432 says:

    OAuth 1.0 (One Leg) has been implemented in the above blog.

    1. Application sends a signed request to the Service giving it:
      • oauth_token Empty String
      • oauth_consumer_key
      • oauth_timestamp
      • oauth_nonce
      • oauth_signature
      • oauth_signature_method
      • oauth_version Optional
    2. Service Validates and Grants Access to Resources.
    3. Application Utilizes Requested Resources

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s