I finally got off my duff and presented to the local .NET user's group tonight. I think it went well, but my timing was a little fast.

In case you missed something, here are the slides: http://steverb.com/file.axd?file=2010%2f7%2fOAUTH.pdf and if you have any questions, feel free to shoot me an email

Now that we have a clue about calling an OAuth secured service using Javascript, let’s try it again with C#. That way we can do the calling from the server side and not have to worry about exposing our secret key to the browser. This example is using the OAuth libray found at: http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs. More...

The other day I had the chance to peruse the work of another developer, a Microsoft MVP. The code was less than impressive. To be frank, it stunk, but it stunk in a strange way. It had a weird combination of advanced technique and rank naiveté. There was separation of concerns, but it was much more convoluted than it needed to be. The work that the code performed was relatively trivial, but it was hidden behind a bag of patterns and the structure of the classes made finding the code that did the real work an exercise in spelunking.

I mentioned it to a friend of mine, and he shared his story about a hiring interview with an MVP carrying job candidate. The story was eerily similar. The candidate was well versed with the latest and greatest development methodologies, but seemed to lack a grasp of writing a simple “fizz-buzz”. To make matters worse, part-way through the interview the candidate starting listing their “requirements”, which conferences they’d be attending, which technologies they would use, etc.

I was flabbergasted. Granted, my friend was glad the candidate was so forthcoming with his lack of professionalism. It helped make his decision not to hire the guy much easier. After I thought about it a little bit more, I realized that the fault wasn’t totally with the MVPs in question. All of us share a little of the blame.

More...

We’ve been working on implementing some sort of enterprise wide single sign-on (SSO) at work. As part of that we really needed some way to authenticate with web services without depending on Windows or Basic Authentication, which is a phenomenal pain in the butt.

Enter OAuth

OAuth is “An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.” In other words, you can authenticate with it from lots of different places. More...