Error 401 not authorized in ASP.NET Demo

Mar 19, 2011 at 10:31 AM


I'll try to use the ASP.NET Demo for Linq2Twitter but I've always a 401 error not Authorized.

I've enter my consumer ID and consumer secret code. With using the application console, it's working.

I was thinking there is something wrong with settings of my application. I've attach my screen about my setting. I think a must use browser but what I must enter in the callback URL if I work in my computer in localhost ?

Thank you

Capture d’écran 2011-03-19 à 11.19.35.png

Mar 21, 2011 at 3:39 AM

This seems to be similar to a general problem with Twitter that others are seeing.  Please follow this thread, which has more info:


Apr 8, 2011 at 8:04 AM

I find a mean to use oAuth with another sample of code and works without having 401 errors.

I want to know in which class I can use Linq2Twitter when I have the accessToken, the AccessTokenSecret, the ConsumerKey and the ConsumerSecret.

How to initialize a context with this parameters ?

Thank you

Apr 9, 2011 at 2:19 AM

Hi kyrillos52,

There are a couple different ways to set the credentials: via Load or explicitly.  I'm going to pseudo code it to save time, but you'll need to ensure you type the code in properly in case I make a typo.

Here's an example that uses the Credentials.Load method. It assumes that you've stored your credential string as a comma-separated list in your database:

var credentials = new InMemoryCredentials();

string credentialString = GetCredentialStringFromDB();


And then you would load the credentials into your authorizer. Here's a WebAuthorizer used in ASP.NET WebForms applications:

        auth = new WebAuthorizer
            Credentials = credentials,
            PerformRedirect = authUrl => Response.Redirect(authUrl)

        var ctx = new TwitterContext(auth);

In the code above, GetCredentialsStringFromDB() is a method that you would write to read a previously saved credential string.  The credential string is a comma-separated list, consisting of:


So, now you're probably curious about how that string got into your DB in the first place.  You get this string after the user's first successful authentication, which happens after auth.CompleteAuthorization() executes successfully, like this:

        if (!Page.IsPostBack)
            string successCredentialString = auth.Credentials.ToString();

In the code above, I used the ToString() method of the Credentials class (from the auth.Credentials property) to obtain the credential string that is in the comma-separated list format above.  The SaveCredentialsInDBForUser() method is a method that you would write to associate the credential string with that user.  How you obtain the identity of the current user is up to you.

After the first time that the user authenticates, save their credentials.  On subsequent LINQ to Twitter operations on behalf of that user, grab their credentials from the DB, initialize Credentials/Authorizer/TwitterContext, and make the query without the OAuth dance.  Twitter never changes a user's credentials.

Here's the second method of initializing credentials:

                var credentials = new InMemoryCredentials
                    ConsumerKey = <ConsumerKey>,
                    ConsumerSecret = <ConsumerSecret>,
                    OAuthToken = <OauthToken>,
                    AccessToken = <AccessToken>

In the example above, I'm explicitly setting the credentials by setting the properties on the Credentials instance.  Once you have a Credentials instance, you can use it just like the previous example.  The only difference is that the previous example uses Load and this example sets properties explicitly.  Additionally, to initially obtain credentials, you can read the properties from the Authorizer instance after a successful call to CompleteAuthorization. i.e.

var oauthToken = auth.Credentials.OAuthToken;


SaveTokensToDBForUser(consumerKey, consumerSecret, oauthToken, accessToken);

The SaveTokensToDBForUser() is a method that you would write to save information for the user.

Note: Since ConsumerKey and ConsumerSecret belong to your application, all you really need to do is save the associated OAuthToken and AccessToken in the user's DB record.


Apr 9, 2011 at 9:07 AM


I think I understand your code but I don't understand few things. First, there is class like InMemoryCredentials or WebAuthorizer I don't know where I can find it or how to create it.

Next, are OAuthToken and AccessToken the same thing as accessToken and AccessTokenSecret ?

Thank you

Apr 9, 2011 at 6:37 PM

Both the InMemoryCredentials and WebAuthorizer classes are part of LINQ to Twitter.  They're in the LinqToTwitter namespace.

The terminology on the tokens is somewhat confusing because the original library comes from a time when OAuth was still evolving, plus the names of HTTP parameters used by Twitter's OAuth.  The formal specification, RFC 5849, uses the parameter names oauth_token and oauth_token_secret in their examples, and I think the RFC is the proper source of definitions.  This brings up a good point and I think it would be less confusing if I offered properly named credentials that matched the specification, gradually deprecating the old names.

For our purposes here and to be consistent with the RFC, OAuthToken and AccessToken, are a credential pair where OAuthToken is the identifier and AccessToken is the matching secret.


Apr 10, 2011 at 9:33 AM


I rebuild the source code and I've now InMemoryCredentials and WebAuthorizer classes. But, I've again a 401 error.

Indeed, I've done this code :

string oauth_token = Request["oauth_token"];

string oauth_verifier = Request["oauth_verifier"];

var credentials = new InMemoryCredentials
      ConsumerKey = consumerKey,
      ConsumerSecret = consumerSecret,
      OAuthToken = oauth_token,
      AccessToken = oauth_verifier

WebAuthorizer auth = new WebAuthorizer
      Credentials = credentials,
      PerformRedirect = authUrl => Response.Redirect(authUrl)

var ctx = new TwitterContext(auth);



When I use the debugger, when I do the update status action, I've again a 401 error not authorized and All my parameters inside credentials variable are OK.

I wonder if it can be inside the auth variable. For exemple, I've seen that there is a callback variable and must I replace something ?

Apr 10, 2011 at 7:29 PM

In this case, the 401 would be genuine because you're sending bad credentials.  You're setting OAuthToken correctly, but you aren't setting AccessToken to a proper value:  oauth_verifier != access_token.  Pulling these values from the query string won't work.

Here's the process you should be using goes like this:

1. One time only: Do the OAuth dance (redirecting for Authorization with Twitter) for the user with the BeginAuthorization and CompleteAuthorization.

2. After the first OAuth dance, grab the credentials from auth.Credentials and save them in your database for that user.

3. Every time thereafter, you don't have to do the  OAuth dance. Rather, just grab the credentials from the DB for the current user, build the Credentials object, as explained previously and make your queries/updates.

What you're doing wrong above is assigning OAuthToken and AccessToken with querystring values.  You should get these values from your DB instead.

It looks like you're almost there.