Choice is good - another OAuth library for .Net emerges

You may recall a few months back I released an  OAuth library for .Net (which can be found here on google code) - at the time of writing that library the only other OAuth "solution" for .Net developers was a C# file containing some simple helper functions, that didn't even produce valid results in many cases, and the rather basic implementation as part of the restful chess/myspace example.

Well the guys at Madgex in the UK have now released their own OAuth.Net library.. for more details you can:

As for differences between the two implementations... from a 50K foot glance.
  • There's a dependency on the Windsor container when using the Madgex library (if you want to use it's out the box implementation / configuration examples etc.)
  • The Madgex library includes a http module for making a provider implementation easier when building web apps.
  • The madgex library appears to take a harder dependency on HttpRequest then the DevDefined library (but that's just a hunch, saw it in a few interface definitions, rather then some wrapper equivalent).
  • The madgex library looks a little more polished (i.e. xml docs) and has a configuration section.
  • The Madgex library features some niceities like Sliding window validation support (i.e. they only allow messages to be supplied where the timestamp falls within a certain time window of the server, and keep the list of previous nonces only for the
    period of that window - flushing nonces that are not longer required via a background thread - saving on the volume of nonces to record i.e. for replay attacks).  Of course it's an in-memory solution, so not suited to farms, but still cool.
  • Slightly less fluent consumer implementation, I prefer my libraries consumer implementation, but of course that's just me :P
  • Both libraries are under the MIT license.

All said and done it's a very sound effort, great work guys!

And it's awesome to have some choice emerging in this space.


Written on September 8, 2008