WebApi.OAuth Nuget Package

Topics: Web Api
Jan 12, 2012 at 2:43 PM


I'm loving the WebApi stuff but I really need to secure it with some OAuth2. I got going with the WebApi by using the Nuget package WebApi.All which along with the tutorials on this site made getting started really easy.

However I can't find any documentation on WebApi.OAuth, which I'm hoping will allow me to add Facebook/Twitter style OAuth protection to my API.

Obviously the package is very new, but any help would be gratefully received :-)



Jan 13, 2012 at 11:45 AM

I guess you want to build your own OAuth Service Provider, am I wrong?

If that is the case, you can do it with DotNetOpenAuth: http://www.dotnetopenauth.net/

Hope this helps.

Jan 13, 2012 at 12:00 PM

Thanks for the suggestion, but no I'm looking to Azure ACS for the token authorization. 

I like to have it so that someone wanting to build a client application that accesses my API needs to get an ACS Service Identity. Then when a user uses this client they authorize through a popup page like you would with Facebook or Twitter, and then ACS returns the AccessToken.

That bit I've got working...

the bit that is confusing me is how to setup the WebAPI to accept these tokens and reject invalid ones.