I'm using a library to get an 'oAuth_token' and 'oAuth_token_secret'.
If I make a request to a REST web service how are those two keys leveraged to verify authentication?
Providing a C# example is a little difficult because there are a number of variables i.e. the signature method being used, additional parameters the service might be expecting etc. which would affect the complexity of the example.
I've developed an open source OAuth library for .Net and posted an article on beginning to use OAuth that might help to get you started - I tried to find a developers page / API specification to brightkite - but because it's a beta service I don't have access - so perhaps post me a invite to this service via my blog and I can have a go at developing an example brightkite client at which point this answer can be revisited with some concrete example code useful to others.
Related
I am attempting to connect to Yammer using their .NET SDK but I am having a hell of a time managing this... The point of this exercise is to create an application in Azure which periodically - and AUTONOMOUSLY - contacts Yammer and fetches the latest messages from a specific Yammer group.
Does anyone know of the correct way to use the Yammer .NET SDK from, let's say, a console application, which does not rely on a browser (a.k.a. direct user interaction) to successfully connect via OAuth authentication?
What I have tried:
Trying to suss out what to do from the example given on .NET SDK page on developer.yammer.com, you can see under "Standard Process" an example which shows the LaunchSignIn() function with an incorrect signature! The example shows the usage as:
var authResponse = await OAuthUtils.LaunchSignIn(_clientConfig.ClientId, _clientConfig.RedirectUri, ssoEnabled);
whereas the actually signature I get from the dll is:
void OAuthUtils.LaunchSignIn(string clientId, string RedirectUri)
I'll forgive the missing ssoEnabled parameter... but the example claims the function receives a response, from which a Code is then extracted. This is, of course, the piece missing from my attempt to call:
(awaitable) Task<AuthEnvelope> AuthClient.AuthenticateAppAsync(string code)
I have scoured Google for information on the use of the Yammer .NET SDK but have come up empty handed. All manner of examples of connecting to Yammer but none are in any way relevant to the .NET API. The only thing in any way relevant that I have seen is the Yammer .NET API example uploaded, apparently, by the person who developed it, who posted the code on GitHub. I have checked this example but the two parts in it - one for Windows Phone and one for Windows "Modern App" - both rely on a Browser object being available, or something to that effect anyway. There are redirects, I'm supposed to have a RedirectUri for Yammer to direct me... So does this other example - which was the ONLY other example of using the .NET SDK that I could find.
I imagine that the reason the signature is different is because this isn't actually the same function at all. The one I am trying to use is in Yammer.Oss.Api.Utils whereas the example application doesn't even have the letters Utils together other than in the name of the class OAuthUtils... which leads me to believe that it is possibly under Yammer.Oss.Core.WinRT which, as luck would have it, I cannot reference at all... Yammer.Oss.Core only contains Collections, Constants, Extensions and Serialization.
By the way, in the announcement of the .NET SDK (see first link above), the link to documentation for the SDK leads to the Yammer Support page.
Skip the .NET SDK and just do the authorization yourself using the server-side flow. Then make the requests with HttpClient and add the Authorization header. The SDK might be helpful with some Modern Apps but it's overkill for most people. When working with the API manually the worst thing you'll have to deal with is deserializing the JSON responses with JSON.NET, or other JSON library.
You don't say what you are trying to build, but AFAIK WebJobs don't have a UI so you'll need to do the authorization from a console app or website. Then store the resulting OAuth token somewhere that the WebJob can access it. If you have need an OAuth token per user you'll need to store those in a database, but make efforts to protect them because each OAuth token provides access to their Yammer account.
Iam writing a Phone App where the end user should be able to access their own personal messages and other personal content.
Does anyone have some good ideas of how to create a service like this, should i use Soap or Rest, should i simply send the username/password with every request or ?
What would be the best choice for a service i would like to access from all three platforms and that only returns information specific to the authenticate user.
As a suggested alternative to WCF that's at least worth taking a look at, ServiceStack, an open source REST Web Services Framework, is well suited for use in a mobile app and it supports the Mono platforms. It also has built-in support for user authentication. At the very least, it offers a JSON serializer that performs very well.
There's a Wiki for ServiceStack here.
I don't know what the support is like for MonoTouch / MonoDroid, but WCF supports secure services without adding username/password to every request manually (it actually does, but it includes it in the headers).
See this blog post for a great starting point for using WPF Custom Username/Password Validator: http://blogs.msdn.com/b/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx
First time poster so please take it a bit easy on me if I break any posting rules - I have read them and I think I'm right.
I've been searching for a while before posting and can't seem to find a guide on what I am trying to do so I thought I would post here.
I need to write a C# .NET 3.5 program to consume a web service developed in Java. I have practice consuming ASMX web services in .NET using Web References from my experience writing Dynamics CRM plugins and software but this has me stumped.
My first attempt was to use a Web Reference (yes, I know - not WCF) however the web service requires a PasswordDigest (SHA-1 with nonce and created), a username token and timestamp token in the SOAP header and I couldn't find a way to add these to the SOAP header using the Web Reference.
My second attempt was to use a Service Reference (I believe, but I am probably wrong haha, that this is WCF) however I don't have much practice with this and any tutorials I found online were not much help.
Each time when I try to use the WS, I get a rejection from the server for being unable to authenticate.
My question is how do I consume a Web Service with these requirements in C# .NET 3.5?
Thanks.
IIRC, Microsoft WSE (either 2.0 or 3.0) had something called UsernameToken, which you need to stuff somewhere in the outgoing SOAP message and you're all set. Granted, this answer leaves a lot to be desired, so I'll throw a couple links at you and hope you'll wade through:
http://www.codeproject.com/KB/webservices/WS-Security.aspx
http://www.reliablesoftware.com/articles/WSESecurity.html
http://www.devx.com/security/Article/15634
(And this all shows yet again how flawed SOAP and WSDL actually are).
I would like to use oAuth as a system to allow developers access to my API but not require them to pass through the login information.
There does not seem to be any good how-to's or blogs on this topic. Everything I have found is based on consuming an oAuth system such as Facebook or twitter. Wondering if anyone has any links to good instructions or libraries that could get me started. If there are no examples out there perhaps someone could consider writing one, the community really needs it.
Using OAuth to login is actually a side-effect, not the main goal of the protocol. The best place to start with providing an OAuth-protected API is the protocol specification and since this is a new service, you should take a look at OAuth 2.0 1. It is pretty much done and ready for deployment.
To implement OAuth 2.0 you will need to make a few important decisions about which features you are going to support and your scaling needs. There are also a lot of security considerations to go through. I would suggest you start with supporting the authorization code and implicit grant types.
I would look into DotNetOpenAuth. It should work for your needs, but I've only used it for the OpenID stuff.
I'd like to write a console program in C# that posts a Tweet to Twitter. I've never used the Twitter APIs before and don't know anything about how their authentication works. I found an API library called Twitterizer, but it seems geared towards web applications and wants the user to logon with a web browser. All the API docs on Twitter's website seems geared around this scenario as well.
Is it possible to access the Twitter APIs using a console app with no web browser access? I'm perfectly fine hard coding in the name and password for the Twitter user I want to post under as well. Thanks!
Mike
You'll need to use OAuth for authenticating in twitter.
Then use regular HTTP Request to use the twitter JSON-based API.
Here you can find a good article about OAuth, Twitter and console applications.
Also take a loot at linq2twitter lib. From it's documentation;
The Twitter API is built using
Representable State Transfer (REST).
Wikipaedia defines REST as "...a style
of software architecture for
distributed hypermedia systems...",
but I'm going to be so bold as to try
to simplify what that means. In
practice, REST is a Web service
protocol built upon Hypertext Transfer
Protocol (HTTP). You use the REST Web
service by making an HTTP call with a
URL and getting text back in some
form, which is often XML or JSON. So,
if you were to write code that made an
HTTP request with the following URL:
http://api.twitter.com/1/statuses/public_timeline.xml
You would get back an XML document
with all of the Twitter statuses from
the public timeline, which is a
snapshot in time of the last 20 tweets
at the time of your request. Go ahead
and open your browser, copy and paste
the URL above into the address bar,
and see what you get back.
I couldn't find any decent information on the web on how to do this, so I decided to write my own blog post with all the details.. Enjoy!
http://blog.kitchenpc.com/2011/01/22/rise-of-the-twitterbot/
of course you can use anything to connect to Twitter via RESTful api.
you should use oauth, and set up your application in http://dev.twitter.com, then you should read all articles listed in documents, you must specify your app as Client but not Browser so user input a number to get through authentication.
you can use many libraries so that you can save your time, all are listed in the documents
and be CAREFUL, you should not use Twitter's own api console which is buggy (as i know parameters somtimes can't be parsed), you should use APIgee instead which is powerful and stable.
if you want use basic authentication, you should use api proxy (one famous is twip), if you just need only one single C# apps, you must code by yourself:
you should use given username and password to login twitter, parse cookies passed
use normal oauth to get temporaly access token url.
use cookies got from step 1, emulates form submit to allow your apps, capture PIN code
use pin code to finish oauth.
MOST IMPORTANT, you must store access token in client's machine so next time you can bypass above steps
Just wrote a Twitter Bot in C#. This is currently posting tweets to #valuetraderteam.
https://gist.github.com/sdesalas/c82b92200816ecc83af1
The API component in the GIST below is less than 500 lines, only dependency is Json.NET, you'll need to download the latest DLL for either x64 or x86 (depending on what platform you are targetting) and include as a reference in your project.
There is an example at the bottom of the page of how you can make a tweet from a console application
Hopefully this is useful to some other people out there.