I been working with OAuth2 to provide authentication techniques on my asp.net 4.0 website using c# in the code behind. I have noticed recently that Windows Live api is no longer working in the code I had made. It is making the call and getting the access token back from Live, but then I am stuck. It is adding a # to the beginning of the query string it is sending back so I have the following type of url send back to me by live
...mypage.aspx?#access_token=43t78fehef83jfvwenj3...
Previously before the # was added I merely took the query string returned and parsed out the access token with the following command.
accessToken = Request.QueryString["access_token"];
With the addition of the hash though I can no longer obtain that querystring as the hash fools the page into thinking it is an anchor. When I checked my debugging local variables I will always end up with an empty querystring and haven't figured out how to get it to give me the actual string so I can parse it for the access token.
Any ideas on how I would get the querystring?
Thanks
The URL hash fragment (part after the
#
) is not sent from the user-agent browser to the web server. So, you'll need some client-side (likely JavaScript) code to parse it out and send it on to your server.Here's some simple code which parses the hash fragment params and puts them into a JavaScript array:
You can then use AJAX or other techniques to pass these values back to your web server, where you can parse them out if you need the access token server-side.
Of course, if all your code is server-side, you can also use the Authorization Code flow available in Windows Live:
http://msdn.microsoft.com/en-us/library/live/hh243647.aspx#authcodegrant
This allows you to get an authorization code in the main query string (
?code=foo
) and then do a server-to-server call from your server to Microsoft's to exchange thatcode
for anaccess_token
.