I had exactly the same problem and I could not solve it with DotNetOpenAuth no matter what I tried. The authentication process for Twitter is much harder to get than Facebook or Google+ when using DotNetOpenAuth . After many disappointing hours of encrypting and encoding different pieces of data, varying numbers of times and always getting useless 401 unauthorized ones, I added Tweetsharp to the mix and created my own IAuthenticationClient for Twitter authentication. Simply authenticate with Tweetsharp . This becomes a relatively trivial question:
In your TwitterClient constructor:
var twitterService = new TwitterService(consumerKey, consumerSecret);
In your implementation of IAuthenticationClient :
public void RequestAuthentication(HttpContextBase context, Uri returnUrl) { var requestToken = twitterService.GetRequestToken(returnUrl.AbsoluteUri); var redirectUrl = twitterService.GetAuthorizationUri(requestToken).AbsoluteUri; context.Response.Redirect(redirectUrl, true); } public AuthenticationResult VerifyAuthentication(HttpContextBase context) { var oAuthToken = context.Request.QueryString["oauth_token"]; var oAuthVerifier = context.Request.QueryString["oauth_verifier"]; var requestToken = new OAuthRequestToken { Token = oAuthToken }; var accessToken = twitterService.GetAccessToken(requestToken, oAuthVerifier); twitterService.AuthenticateWith(accessToken.Token, accessToken.TokenSecret); var user = twitterService.VerifyCredentials(); var userId = user.Id.ToString(); var extraData = new Dictionary<string, string> { {"accesstoken", accessToken.Token}, {"accesstokensecret", accessToken.TokenSecret}, {"id", userId}, {"name", user.Name}, {"username", user.ScreenName}, {"link", user.Url}, }; return new AuthenticationResult(true, ProviderName, userId, user.ScreenName, extraData); }