This is an OAuth2 client to use with the DotNetOpenAuth project. The following code is an adaptation of Matt Johnson's DotNetOpenAuth.GoogleOAuth2 project
-
Setup your Microsoft App using the Application Registration Portal.
-
Compile from source and reference. (NuGet coming soon)
-
Register the client instead of the existing Microsoft OpenId client.
var client = new MicrosoftOAuth2Client("yourClientId", "yourClientSecret", new[] { "list", "of", "scopes", "you", "need" }); OAuthWebSecurity.RegisterClient(client); -
Just an observation since i suffered with it, microsoft calls clientID as Application ID and clientSecret as Password
Just like any other OAuthWebSecurity client, except you need one extra hook:
// add this line
returnUrl += MicrosoftOAuth2Client.RewriteRequest();
// it belongs right before your existing call to
OAuthWebSecurity.VerifyAuthentication(....)
This is needed because Microsoft requires that any extra querystring parameters for the
redirect be packed into a single parameter called state. Since OAuthWebSecurity needs
two parameters, __provider__ and __sid__ - we have to rewrite the url.
Note: The RewriteRequest method will unpack the state parameter and place its contents back into the regular querystring. So if you are looking for a state value such as ReturnUrl, you will find it has been moved to Request.QueryString["ReturnUrl"].
This is released under the MIT licence. Do what you want with it.