Authentication: How to keep the user always authenticated?

Aug 5, 2010 at 9:51 AM
Edited Aug 5, 2010 at 9:52 AM
I have a website that needs to display some information of a specific twitter user to all the visitors. So, when I start my twitter context, I need it always to be authenticated with this twitter user.

I know that soon twitter will disable username/password authentication, so I want to do this using OAuth.

I created a twitter app, opened the sample site that comes in Linq To Twitter source code, added my app consumer key/secret, and after authenticating with twitter using my desired twitter user I put a breakpoint in the code to see the value of AccessToken and AccessToken secret. Then I went to my site and added those as AppSetting values in web.config. I used the in memory token manager (after changing the parts that use SessionState) and set it so that I add the access token and token secret to the TokensAndSecrets member of the token manager. Then used the DesktopAuthentication passing the token manager to it (also tried WebAuthentication).

If I call SignOn or try to perform any LINQ query, I always get "(401) Unauthorized" HTTP exception.

So, my questions are: IS this access token not reusable (same consumer)? And what is the right way of keeping the twitter user always authenticated without having user interaction?

I'm sure it's possible because this is what all twitter clients do most likely, but not sure how!

Thanks a lot.
Sep 9, 2010 at 4:19 AM

Have you found a solution to this? I'm having the same problem




Sep 9, 2010 at 4:31 AM

Dont worry, I found the solution here

Maybe I should be using tweetsharp....

Sep 9, 2010 at 4:52 AM

I have not found the solution yet. Development of my app is paused till next week (for other reasons) then I'll be back in same problem.

One of the other things making me think of TweetSharp. Have tried it before and can't remember why I did stick with LinqToTwitter again.

One of the things that worry me more than the issue itself is not getting any reply from anyone working on it. Too bad.

Sep 9, 2010 at 1:24 PM

Yes, by retaining the consumer key and secret, and the access token and secret, and reusing those later, you should be able to keep impersonating the same user.  This is the nature of OAuth.  If you're getting a 401 Unauthorized, I suspect it's because your pre-programmed (hard coded) token manager that you're using to actually impersonate the other user doesn't produce the right keys or secrets (two of each) when prompted.  You might try setting a breakpoint or a log method on all the methods and property getters to see when it is asked and what it actually returns.