Geek Answers Handbook

Bad request (400) with OAuthWebSecurity.RegisterMicrosoftClient

I am using Microsoft.Web.WebPages.OAuth . I was able to register Google , Facebook , Twitter , Stack Exchange , MyOpenID ...

Now I'm trying to add Microsoft Live , so I registered:

 OAuthWebSecurity.RegisterMicrosoftClient("applicationID", "key");

and called

 OAuthWebSecurity.RequestAuthentication("microsoft", Url.Action("Authorization", new { returnUrl = "/" }));

At this point, everything is working fine, I'm being redirected to the login page. The problem is that I will return to

 OAuthWebSecurity.VerifyAuthentication();

It says:

The remote server returned an error: (400) Bad request.

What should I do?

+8
authentication c # oauth dotnetopenauth
source share
2 answers

I had the same problem. After much research, I came across this bit of source code with a comment:

 // Only OAuth2 requires the return url value for the verify authenticaiton step

This means that when calling VerifyAuthentication you must use an overload that passes the returned url for verification by the oauth2 provider (the Microsoft Live ID provider in this case).

Of course, when I go through the walkthrough on the asp.net website , I find that they do pass the return URL, like the url from the callback action.

So, instead of:

 OAuthWebSecurity.VerifyAuthentication();

You need:

 var returnUrl = Url.Action("Authorization", new { returnUrl = "/" }) OAuthWebSecurity.VerifyAuthentication(returnUrl);

The return URL must match exactly as you specified in the RequestAuthentication method earlier.

+1
source share

What is the redirect domain you are using? I found (at the same time) that since I indicated my actual domain name, I needed to specify the domain name on the local site.

To get around, I added an entry to the hosts file to point my domain to 127.0.0.1 (i.e. because I was debugging and running locally).

0
source share

More articles:


All Articles