Once the user has authorized the host site, Anywhere will set a cookie named "twitter_anywhere_identity" that contains the id of the logged in user. You can read this on the server side to learn the user's ID. The format of the cookie is:
When reading the cookie on the server, you should use the signature to verify that this information has come from Twitter. Calculate the signature by appending the given user_id to your OAuth consumer secret and creating a SHA1 hex digest. If this matches the signature in the identity cookie the user ID is verified. For example, in Ruby:
Digest::SHA1.hexdigest(user_id + consumer_secret)
Ut Oh. I know Twitter tends to not have a lot of examples in .Net floating around. After Googling for a bit I found this excellent article on .Net and SHA1 Interop by Jonathan Cogley-
After doing a few minor tweeks to Jonathan's base code (name space change from .Net 1.1), I present to you a Twitter oAuth SHA1 Digest class
The above class will work with any flavor of .Net. If you want to use the above class as a Webmatrix helper, create a class file, rename it TweetSHADigest.cs, paste over the generated code in the file with the above code. The class file should be in a folder called App_Code.
Once Twitter has made a call back to your web site, you can verify that the cookie set came from twitter like so. You will need your web application's Twitter OAuth consumer secret.