Browser-Based Authentication Using VB.NET
Yahoo! Browser-Based Authentication is a system that lets third party developers create web applications that can securely access any user's Yahoo! data through APIs while letting the end-user control what type of access they allow, if any.
- Overview
- Signing in the User
- End-Point Page Processing
- Obtaining User Credentials
- Calling Authenticated Web Services
- Further Reading
Overview
This article describes how to use the Yahoo.Authentication class that simplifies using the Browser-Based Authentication
system. For a detailed description of what is going on under the hood, download and have a look at the provided
source code or refer to the Browser-Based Authentication pages.
This article assumes you have signed up for an application ID and have a basic understanding of the authentication process.
There are three main steps to using Browser-Based Authentication:
- Get permission and sign in the user
- Verify and save token on end-point page
- Use authenticated web services
Signing in the User
Before you can access a user's data you must receive permission from the user. This is done by redirecting the user's browser to the user sign in page that will sign them into the Yahoo! network and ask permission for you to read, write or read and write their data. Don't forget to let the user know what is going to happen before you redirect them.
Dim auth As Yahoo.Authentication
' Create an instance of Yahoo.Authentication
auth = New Yahoo.Authentication("myappid", "mysharedsecret")
' Redirect the user to the use sign-in page
Response.Redirect(auth.GetUserLogOnAddress().ToString())
End-Point Page Processing
Once the user has approved your application, their browser will be redirected to the end-point page you specified when you
signed up for an application ID. The following demostrates checking for a valid call and saving the received token in the user's
Authentication object. You should also store the token in a persistent store since it is valid for two weeks.
Private Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
Dim auth As Yahoo.Authentication = Nothing
Dim success As Boolean = False
' Retrieve this user's authentication object we've stored in the session state
If Not Session("Auth") Is Nothing Then
auth = DirectCast(Session("Auth"), Yahoo.Authentication)
End If
If Not auth Is Nothing Then
' We have a problem with the current session, abandon and retry
Session.Abandon()
Response.Redirect("ErrorPage.aspx")
End If
' Check if we are returning from login
If (Not Request.QueryString("token") Is Nothing) _
AndAlso Request.QueryString("token").Length > 0 Then
' Make sure the call is valid
If auth.IsValidSignedUrl(Request.Url) = True Then
success = True
' Save the user token. It is valid for two weeks
auth.Token = Request.QueryString("token")
End If
End If
' Redirect if we succeeded
If success = True Then
Response.Redirect("Default.aspx")
Else
Response.Redirect("SignInError.aspx")
End If
End Sub
Obtaining User Credentials
The second step, obtaining user credentials, should always be transparent to the user. The UpdateCredentials()
methods will attempt to retrieve the user's credentials (WSSID and cookie) and store them internally. Note that the built-in methods
will check IsCredentialed and call UpdateCredentials automatically if valid credentials weren't available.
Unless you do the web service call yourself, you will not normally need to use this method.
Dim auth As Yahoo.Authentication
' Create an instance of Yahoo.Authentication
auth = New Yahoo.Authentication("myappid", "mysharedsecret")
' You must set the token before calling UpdateCredentials
auth.Token = "storedusertoken"
' Attempt to get user credentials
auth.UpdateCredentials()
Calling Authenticated Web Services
The built-in data retrieval methods GetAuthenticatedServiceDataSet,
GetAuthenticatedServiceStream, GetAuthenticatedServiceString,
GetAuthenticatedServiceXmlDocument and GetAuthenticatedServiceXPathDocument will automatically
attempt to update the user's credentials if necessary. If you receive an AuthenticationException during these calls,
you should check the status/error code for 401 - Unauthorized. If the error is 401, you can try to sign in the user again.
Dim auth As Yahoo.Authentication = Nothing
' Retrieve this user's authentication object we've stored in the session state
If Not Session("Auth") Is Nothing Then
auth = DirectCast(Session("Auth"), Yahoo.Authentication)
' Call web service and output result into a DIV tag
Div1.InnerHtml = auth.GetAuthenticatedServiceString( _
New System.Uri("http://photos.yahooapis.com/V1.0/listServices"))
End If
Further reading
Related information on the web.
Ready to get started?
By applying for an Application ID for this service, you hereby agree to the Terms of Use
Yahoo! Groups Discussions
view all
asp.net MVC with YUI datasource/datatable
Wed, 12 Nov 2008
Exciting Opportuities for DOTNET Developers and Team Leads
Wed, 12 Nov 2008
Tue, 23 Sep 2008
Re: Using the weather rss feed
Mon, 22 Sep 2008