Implementation of two legged OAuth 2.0 for WebApi

Question

I created a mvc4 webapi project using VS2012RC. I tried to implement two legged Oauth 2 in my project. I followed the tutorial "http://community.codesmithtools.com/CodeSmith_Community/b/tdupont/archive/2011/03/18/oauth-2-0-for-mvc-two-legged-implementation.aspx", even though it is for mvc i am implementing it for web api. But isn't working

I created a html page for my client side. When the html page load it executes an ajax function which is intended to return "access Token".

       <script type="text/javascript">
        $(document).ready(function () {
        var url = 'http://localhost:9792/api/Login';
            $.get(url, function(data) {

            alert(data);
            }, "jsonp");
        });
        </script>

The server side code is,

[NoCache]
public class LoginController : ApiController
{

    public LoginModelOAuth GetLogin()
    {

        var response = OAuthServiceBase.Instance.RequestToken();

        LoginModelOAuth lmo = new LoginModelOAuth();
         lmo.RequestToken = response.RequestToken;

        return lmo;
    }

}

RequestToken() method look like,

    public override OAuthResponse RequestToken()
    {
        var token = Guid.NewGuid().ToString("N");
        var expire = DateTime.Now.AddMinutes(5);
        RequestTokens.Add(token, expire);

        return new OAuthResponse
        {
            Expires = (int)expire.Subtract(DateTime.Now).TotalSeconds,
            RequestToken = token,
            RequireSsl = false,
            Success = true
        };
    }

LoginModelOAuth model look like,

public class LoginModelOAuth
{

    public string RequestToken { get; set; }      


    public string ErrorMessage { get; set; }

    public string ReturnUrl { get; set; }
}

When i execute the client side code i receive following error

"500 Internal Server Error"

So i debugged server side code and in server side I got an error corresponding to this code

"var response = OAuthServiceBase.Instance.RequestToken();" , and the error is

  NullReferenceException was unhandled by user code

  "Object reference not set to an instance of an object."

My webconfig file look like,

  <configuration>
  <configSections>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section name="oauth" type="OAuth2.Mvc.Configuration.OAuthSection, OAuth2.Mvc, Version=1.0.0.0, Culture=neutral"/>
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
  <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
  <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
</sectionGroup>
 </configSections>
   <oauth defaultProvider="DemoProvider" defaultService="DemoService">
    <providers>
      <add name="DemoProvider" type="MillionNodesApi.OAuth.DemoProvider, MillionNodesApi" />
    </providers>
<services>
  <add name="DemoService" type="MillionNodesApi.OAuth.DemoService, MillionNodesApi" />
</services>
  </oauth>
    <system.web>
    <httpModules>
      <add name="OAuthAuthentication"     type="OAuth2.Mvc.Module.OAuthAuthenticationModule, OAuth2.Mvc, Version=1.0.0.0, Culture=neutral"/>
    </httpModules>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>
     <pages>
     <namespaces>
    <add namespace="System.Web.Helpers" />
    <add namespace="System.Web.Mvc" />
    <add namespace="System.Web.Mvc.Ajax" />
    <add namespace="System.Web.Mvc.Html" />
    <add namespace="System.Web.Optimization" />
    <add namespace="System.Web.Routing" />
    <add namespace="System.Web.WebPages" />
  </namespaces>
</pages>
</system.web>
 <dotNetOpenAuth>
    <messaging>
      <untrustedWebRequest>
    <whitelistHosts>
      <!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
      <!--<add name="localhost" />-->
    </whitelistHosts>
  </untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true" />

Will it work for web api?

If not, please suggest me any tutorial that would help.

Thanks.

Answer 1

I think the issue is that you are in IIS7 with integrated mode so you will need to migarate your config from system.web/httpModules to system.webServer/modules

<system.web>
    <httpModules>
       <add name="OAuthAuthentication"     type="OAuth2.Mvc.Module.OAuthAuthenticationModule, OAuth2.Mvc, Version=1.0.0.0, Culture=neutral"/>
    </httpModules>

Becomes

<system.webServer>
    <modules>
        <add name="OAuthAuthentication"     type="OAuth2.Mvc.Module.OAuthAuthenticationModule, OAuth2.Mvc, Version=1.0.0.0, Culture=neutral" preCondition="" />
    </modules>

Try also

You could try getting the module to be hit by setting this

<modules runAllManagedModulesForAllRequests="true">

Or Perhaps

If you are still having issues it may be the execution order of the modules try remove the routing one and put your OAuth one at the top...

<modules>
  <remove name="UrlRoutingModule-4.0" />
<add name="OAuthAuthentication"     type="OAuth2.Mvc.Module.OAuthAuthenticationModule, OAuth2.Mvc, Version=1.0.0.0, Culture=neutral" preCondition="" />
  <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />