2-Legged OAuth Authentication in .NET (C#)


OAuth is an open standard for authorization. It allows users to approve application to act on their behalf without sharing their password. In this article, I am going to provide details about doing 2-Legged OAuth authentication in C# using OAuth.net library. You can read the full OAuth specification at: http://oauth.net/.

You could find a lot of examples and sample code on how to do it in Java. But I did not find a good enough example to do it in .NET. During one of my assignments, I had to spend considerable time to perform this, so I decided to write this article.


OAuth provides two ways of authentication: 3 –Legged or 2–Legged authentication.

2- Legged authentication means that customer already has access to valid set of OAuth Consumer credentials (key & secret). You need to create a User’s OAuth Token request by signing the request as described in the OAuth Consumer Request Specification. The following OAuth article provides a very extensive detail about what all is required to perform an OAuth Consumer Request.


The main advantage of 2 legged authentication is that the user experience is seamless since no additional User interactions are required to initiate an API session.

Using the code

The code is self explanatory. Use the attached ServiceProvider class to instantiate an OAuth Request. You can use PostData\GetData methods to perform POST\GET requests, respectively.

ServiceProvider provider = new ServiceProvider(serviceUrl, consumerKey, secret);
//Perform a POST requestString response = provider.PostData("application/json", data);

The GenerateRequest function shows how to sign an OAuth Request.   

private HttpWebRequest GenerateRequest(string contentType, string requestMethod)
    var ts = UnixTime.ToUnixTime(DateTime.Now);
    //Create the needed OAuth Parameters.
    //Refer - http://oauth.net/core/1.0/#sig_base_example
    var param = new OAuthParameters() {
    ConsumerKey = _consumerKey,
        SignatureMethod = SigningProvider.SignatureMethod,
        Version = Constants.Version1_0,
        Nonce = NonceProvider.GenerateNonce(ts),
        Timestamp = ts.ToString(),
    //Generate Signature Hash
    var signatureBase = SignatureBase.Create(requestMethod.ToUpper(), _serviceProviderUri, param);
    //Set Signature Hash as one of the OAuth Parameter
    param.Signature = SigningProvider.ComputeSignature(signatureBase, _consumerSecret, null);
    var httpWebRequest = (HttpWebRequest)WebRequest.Create(_serviceProviderUri);
    httpWebRequest.Method = requestMethod;
    httpWebRequest.ContentType = contentType;
    httpWebRequest.Timeout = RequestTimeOut;
    //Add the OAuth Parameters to Authorization Header of Request
    httpWebRequest.Headers.Add(Constants.AuthorizationHeaderParameter, param.ToHeaderFormat());
    return httpWebRequest;


The code is dependent on OAuth.Net library (http://code.google.com/p/oauth-dot-net/). You will need to add a reference to the OAuth libraries to compile the code.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s