Browser-Based Authentication Using VB.NET
Yahoo! Browser-Based Authentication is a system that lets third party developers create web applications that can securely access any user's Yahoo! data through APIs while letting the end-user control what type of access they allow, if any.
- Overview
- Signing in the User
- End-Point Page Processing
- Obtaining User Credentials
- Calling Authenticated Web Services
- Further Reading
Overview
This article describes how to use the Yahoo.Authentication class that simplifies using the Browser-Based Authentication
system. For a detailed description of what is going on under the hood, download and have a look at the provided
source code or refer to the Browser-Based Authentication pages.
This article assumes you have signed up for an application ID and have a basic understanding of the authentication process.
There are three main steps to using Browser-Based Authentication:
- Get permission and sign in the user
- Verify and save token on end-point page
- Use authenticated web services
Signing in the User
Before you can access a user's data you must receive permission from the user. This is done by redirecting the user's browser to the user sign in page that will sign them into the Yahoo! network and ask permission for you to read, write or read and write their data. Don't forget to let the user know what is going to happen before you redirect them.
End-Point Page Processing
Once the user has approved your application, their browser will be redirected to the end-point page you specified when you
signed up for an application ID. The following demostrates checking for a valid call and saving the received token in the user's
Authentication object. You should also store the token in a persistent store since it is valid for two weeks.
Obtaining User Credentials
The second step, obtaining user credentials, should always be transparent to the user. The UpdateCredentials()
methods will attempt to retrieve the user's credentials (WSSID and cookie) and store them internally. Note that the built-in methods
will check IsCredentialed and call UpdateCredentials automatically if valid credentials weren't available.
Unless you do the web service call yourself, you will not normally need to use this method.
Calling Authenticated Web Services
The built-in data retrieval methods GetAuthenticatedServiceDataSet,
GetAuthenticatedServiceStream, GetAuthenticatedServiceString,
GetAuthenticatedServiceXmlDocument and GetAuthenticatedServiceXPathDocument will automatically
attempt to update the user's credentials if necessary. If you receive an AuthenticationException during these calls,
you should check the status/error code for 401 - Unauthorized. If the error is 401, you can try to sign in the user again.
Further reading
Related information on the web.
Yahoo! Forum Discussions
view all
Yahoo weather XML parsing problems when forecasting C#
Thu, 04 Feb 2010
Thu, 28 Jan 2010
Thu, 28 Jan 2010
How would you design a caching architecture that minimizes the trip to the web service
Sat, 28 Nov 2009