example of oauth 1.0 implementation in .net

0
votes

I am currently working on a security architecture to secure rest based services consumed by a mobile application. We are currently using oAuth 2.0 alongside windows azure ACS - basically getting an swt from ACS and passing it to the api in the authorization header of an http request. I understand that oAuth 2.0 is much simpler for developers but the token is not as secure as it would be using the oauth 1.0 protocol. Could someone please point me i the direction of examples/tutorials of how you would implement oauth 1.0 in .net?

many thanks.

1
restoauthazureacs
Are you looking for a sample in oAuth with ACS on non ACS? with WIF?AvkashChauhan
sorry - meant to add the below answer below as a comment.Dan Fritz
hi avkash, i am looking for an ACS solution using WIF. However pls feel free to give me your advice/solution on a best practice implementation. Many ThanksDan Fritz

1 Answers

0
votes

From my experience, ACS does not stand by OAuth 1.0. It supports OAuth 2.0 and OAuth WRAP. It is recommended to use OAuth 2.0.

I understand that oAuth 2.0 is much simpler for developers but the token is not as secure as it would be using the oauth 1.0 protocol.

I would like to know where you read 2.0 is not as secure as 1.0. According to http://tools.ietf.org/html/draft-ietf-oauth-v2-27:

This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.

Best Regards,

Ming Xu.