How can DotNetOpenAuth help me build an OAuth 2.0 Service Provider?

I'm startin开发者_运维知识库g this project where I need to provide authorization for websites. Since I'm starting from scratch, why not use the latest: OAuth 2.0 protocal. Unfortunately, I know nothing about security nor have I implemented OpenID/OAuth. Since I'm used to working in the .NET environment, it's natural for me to find a .NET implementation and that's where DotNetOpenAuth comes in.

However, I'm still not clear on how DotNetOpenAuth can help. I'm coming in with the naive assumption that DotNetOpenAuth will have all the implementation ready and I can just call some functions (to create request tokens, exchange it with access tokens, etc) with all the back-end security, RSA stuff implemented. As I go through the code, it feels like DotNetOpenAuth gives a lot of the interfaces but I still have to code them all up manually.

Can I get a confirmation on this? Andrew Arnott, you there?

OAuth 2.0 hasn't been finalized yet, so you may want to consider OAuth 1.0a. But if you do want to go with OAuth 2.0, be sure you're using the DotNetOpenAuth 3.5 CTP.

Yes, the library takes care of much of the RSA and other protocol details for you. But you are required to perform some hookup and token persistence yourself since each site is different in those respects. The CTP download comes with a sample OAuthServiceProvider sample that you may refer to for help.