需要C＃帮助创建的Facebook AppSecret_Proof HMACSHA256 [英] C# help required to Create Facebook AppSecret_Proof HMACSHA256

问题描述

Facebook的要求，我创建了一个appsecret_proof：<一href=\"https://developers.facebook.com/docs/graph-api/securing-requests\">https://developers.facebook.com/docs/graph-api/securing-requests

Facebook requires that I create a appsecret_proof: https://developers.facebook.com/docs/graph-api/securing-requests

和我已经用下面的code做到了这一点：

And I have done this using the following code:

public string FaceBookSecret(string content, string key)
{
        var encoding = new System.Text.ASCIIEncoding();
        byte[] keyByte = encoding.GetBytes(key);
        byte[] messageBytes = encoding.GetBytes(content);
        using (var hmacsha256 = new HMACSHA256(keyByte))
        {
            byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
            return Convert.ToBase64String(hashmessage);
        }
}

一切看起来对我很好，但Facebook表示，该appsecret_proof是无效的。我登录，我所能做的一切正常，当我拔出钥匙。因此，为了节省一些时间：

Everything looks fine for me, however facebook says that the appsecret_proof is invalid. I am logged in, I can do everything as normal when i remove the key. So to save some time:

• 是我张贴到正确的网址


• 是我传递一个有效的access_token


• 是我使用的证明相同的access_token，因为我在请求


• 是我appsecret是好的，工作原理

实例使用

dynamic results = client.Post("/" + model.PostAsId + "/feed", new { message = model.Message, appsecret_proof = FaceBookSecret(postAs.AuthToken, AppSecret) });

我想大概有事情做沿着这些线路编码或东西，但说实话，我只是不知道。

I think it probably has something to do with encoding or something along them lines, but to be honest, I just dont know.

我也使用Facebook SDK .NET然而这并没有在文档太多，似乎并没有打击任何东西自动化来做，服务器端的操作等。

I am also using the Facebook .net SDK however this does not have much in documentation, and does not seem to strike on anything to do with automation, server side operations etc.

感谢

推荐答案

该应用程序的秘密是一个基16字符串，所以你需要将其转换成字节数组。看看就怎么做十六进制转换为字符串的字节数组详情这个。所述的access_token需要被转换到使用ASCII编码的字节数组。一旦你产生的HMAC然后连接code以此为基础，16字符串作为你的appsecret_proof使用。下面code将字节数组转换为base16。

The app secret is a base-16 string, so you need to convert that to a byte array. Take a look at Convert hex string to byte array for details on how to do this. The access_token needs to be converted to a byte array using the ASCII encoding. Once you've generated the HMAC then encode this as a base-16 string to use as your appsecret_proof. The following code will convert a byte array to base16.

public static class Base16
{
    private static readonly char[] encoding;

    static Base16()
    {
        encoding = new char[16]
        {
            '0', '1', '2', '3', '4', '5', '6', '7',
            '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
        };
    }

    public static string Encode(byte[] data)
    {
        char[] text = new char[data.Length * 2];

        for (int i = 0, j = 0; i < data.Length; i++)
        {
            text[j++] = encoding[data[i] >> 4];
            text[j++] = encoding[data[i] & 0xf];
        }

        return new string(text);
    }

然后code生成appsecret_proof会

The code to generate the appsecret_proof would then be

private string GenerateAppSecretProof(string accessToken, string appSecret)
{
    byte[] key = Base16.Decode(appSecret);
    byte[] hash;
    using (HMAC hmacAlg = new HMACSHA1(key))
    {
        hash = hmacAlg.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
    }
    return Base16.Encode(hash);
}

Facebook的似乎接受一个SHA256 HMAC SHA1或HMAC。

Facebook seems to accept either a SHA256 HMAC or SHA1 HMAC.

这篇关于需要C＃帮助创建的Facebook AppSecret_Proof HMACSHA256的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！