Dotnetopenauth oAuth Service provider explanation

Question

I am a total newbie in the oAuth area and have set up DotNetOpenAuth to set up an oAuth Service provider. The sample provided in the DotNetOpenAuth download is quite confusing for me...maybe cos i am new to this stuff. There is one default page that creates a database and populates the database. Now I browse to the login.aspx and it asks me to put an openid, actually I want to use DNN (which implements DotNetOpenAuth) and i want to use those credentials on another site which will be the oAuth consumer. Can someone explain how to test the oAuth Service provider in the samples of DotNetOpenAuth?

Answer 1

You've stumbled on probably the worst sample included with DotNetOpenAuth. Sorry about that. You may find that the OpenID project templates present a simpler and more real-world idea of how to set up an OAuth Service Provider.

The sample you're working with now is a service provider that exposes a WCF Service using OAuth, so there's some complexity in the sample that won't be there for you if you're not using WCF. Here's what you need to do to get the sample going though:

1. Modify the sample's root default.aspx.cs file to add data to the new database for your own OpenID and cause the sample to recreate its database OR just add raw data to the database yourself after the sample creates its own database.
2. Use the OAuthConsumer sample to try to access data on the OAuthServiceProvider sample. Be sure to check at least one checkbox for what the scopes will be that you're asking for permission to.
3. The SP will prompt you to log in. Go ahead and do so using the OpenID for which you added data to the database.
4. The SP will ask if you consent to share your data with the consumer sample. Say yes.
5. The consumer will say it has obtained authorization and provide you with the few buttons that query the user data at the SP.

This should work. Add comments to this answer if it doesn't and I'll edit this answer until we get it right. :)

Now regarding your DNN login -- no problem at all. As you may know, OAuth and OpenID are orthogonal to each other, so you can just switch out the OpenID login at the SP for a DNN login and the SP will work just fine -- although the matching up of user data in the database of course will require whatever work DNN requires.