This project has moved and is read-only. For the latest updates, please go here.

I am facing authorization problem which force user multiple times to enter their credentials.

Jan 25, 2014 at 12:50 PM
I have developed a web application with Twitter Authorization. Once user click the sign in with twitter it authorize the application and redirect to home page and again the same user click login with twitter it again authorize the app then redirect to page.

I was hoping that user should only fill autorization credentials only once when they sign in with twitter, but currently the System is being forced them to enter authorization credentials every time they are clicking on login button.

It should not happen, because it's make our user frustrated.
Please help me to troubleshoot this problem.

For your review I am sending my sample code snippet here:
using System;
using System.Configuration;
using System.Web.UI;
using System.Linq;
using LinqToTwitter;
using System.Net;

public partial class SignIn : System.Web.UI.Page
    private const string OAuthCredentialsKey = "OAuthCredentialsKey";
    private SignInAuthorizer auth;

    protected void Page_Load(object sender, EventArgs e)
        IOAuthCredentials credentials = new InMemoryCredentials();
        string authString = Session[OAuthCredentialsKey] as string;


        if (authString == null)
            credentials.ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"];
            credentials.ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"];

            Session[OAuthCredentialsKey] = credentials.ToString();

        auth = new SignInAuthorizer
            Credentials = new InMemoryCredentials
                ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"],
                ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"]
            PerformRedirect = authUrl => Response.Redirect(authUrl)

        if (!Page.IsPostBack)
            if (!string.IsNullOrWhiteSpace(credentials.ConsumerKey) &&
                AuthMultiView.ActiveViewIndex = 1;

                if (auth.CompleteAuthorization(Request.Url))
                    screenNameLabel.Text = auth.ScreenName;
                    twitterid.Text = auth.UserId;
                    TwitterContext twitterCtx = new TwitterContext(auth);
                    var accounts =
                        from acct in twitterCtx.Account
                        where acct.Type == AccountType.VerifyCredentials
                        select acct;
                        Account account = accounts.SingleOrDefault();
                        User user = account.User;
                        Status tweet = user.Status ?? new Status();
                        Session["twtid"] = user.Identifier.ID;
                        Session["twtscrname"] = user.Identifier.ScreenName;
                        Session["TwitterName"] = user.Name;
                        Session["TwtFollowers"] = user.FollowersCount;
                        Session["TwtProfileimgURL"] = user.ProfileImageUrl;                        
                        Page.ClientScript.RegisterStartupScript(this.GetType(), "key", "redirectToFB();", true);
                    catch (WebException wex)
                            "Twitter did not recognize the credentials. Response from Twitter: "
                            + wex.Message);

                    auth.BeginAuthorization(Request.Url, /*forceLogin:*/ true);
Hope this code helps you to provide a better and clean solution to me for this problem.
Jan 25, 2014 at 10:48 PM
Hi Lalit,

After the call to auth.CompleteAuthorization, auth.Credentials has all 4 keys for that user. You already have ConsumerKey and ConsumerSecrect, which belong to your application. What you need after the call to CompleteAuthorization will be OAuthToken and AccessToken, the user tokens. Save those user tokens - maybe use a cookie, but having those user tokens is key to preventing them from needing to log in again.

Since user tokens to not expire, you can re-use them.

Then, you can check to see if the user tokens are available (from wherever you saved them) and load all 4 tokens into the credentials when building a new instance of your authorizer. If the authorizer has all 4 credentials, you can perform queries without requiring the user to log in.

Feb 3, 2014 at 9:13 AM
Hi JoeMayo,

First for all, thanks for you reply and your reply was very helpful. I have resolved my problem with the help of your suggestion.

I have an issues with posting image with status. How can i post images on twitter using application. If you have any example for the same then please share with me.
Jul 15, 2014 at 7:03 PM
Hi Joe,

I know this is an older post but I have a related question. I have the user token/secret and once I know who they are I can use their token/secret but how do they just login without having to authorize with Twitter every time?

Let's say the user comes to the site and authorizes our app (first time). They leave and go away for a few days and now they come back to our site. They click Login again and it goes to Twitter and asks to Authorize again.

If i'm already logged into Twitter shouldn't it recognize me already? How can I bypass the "Authorize" part? I'm trying to login with same consumer key/secret.

Jul 16, 2014 at 3:32 AM
Hi Craig,

One option is to give them a cookie with their user ID (or whatever ID you use for the record holding their credentials. When they visit, use that ID to look up their credentials.

Jul 16, 2014 at 4:19 AM
Thanks Joe, yeah, that is actually what I did but it seems like other apps don't have to do that. For example, Klout has a "sign in with Twitter". If you have never authenticated then you're prompted to authorize their app but if you are already logged into Twitter and have the app authorized previously it just logs you in with no extra clicks while on the Twitter page.

I actually just noticed that there is a setting on the Twitter application page "Allow Sign-in with Twitter" so I checked that but the results are the same.

Another thing, I'm using MvcAuthorizer and not SingleUserAuthorizer. Would that make a difference?

Jul 18, 2014 at 2:52 AM
Jul 18, 2014 at 2:15 PM
That's exactly what I needed Joe. Thanks!