Category Archives: OpenID

OAuth 2.0 in VS 2012

Introduction to OAuth 2.0

Like OpenID, OAuth is a decentralized protocol for the web space. However, while OpenID is about user authentication, OAuth is about web APIs authorization. To best understand OAuth, consider this scenario:
You have a web application that needs to access the Facebook timeline of its users. The application needs to call Facebook Web API to retrieve user timeline information. OAuth covers this scenario. The application redirects the user to Facebook where he/she is asked to log in; the mechanism by which a user logs in is irrelevant of OAuth (it could have been OpenID if Facebook supports it). Upon successful authentication, Facebook sends to the application an API key which the application then uses to authorize its access to Facebook’s API.

Continue reading

OpenID 2.0 with VS 2012

Introduction

Protocols WS-Trust, WF-Federation, and SAML are mainly used for connecting federated businesses in a secure manner. To be implemented, these protocols mandates certain infrastructure in order to operate: public key inftrastrucutre (PKI), security policies, and predefined security boundaries and setup are examples.
In the web space such constraints can be limiting as the main promise of the web is flexibility and loose coupling between clients (users) and the services they use (for example social media services such as facebook or twitter).
The most popular protocols in the web space are OpenId and OAuth. OpenId is the topic of this article, OAuth in the next.

Continue reading