有人使用 DNOA 实现了 2 Legged OAuth 吗? [英] Has anybody implemented 2 Legged OAuth using DNOA?
问题描述
我正在尝试在 CSharp 中创建一个身份验证模块,我需要使用 DotNetOpenAuth(DNOA) 库来验证来自请求的签名,用于只有消费者密钥和秘密的 2 Legged OAuth.
I am trying to create an Authentication Module in CSharp where I need to verify the Signature from the request using DotNetOpenAuth(DNOA) Library for 2 Legged OAuth which only has consumer Key and a Secret.
如果您有使用 DNOA 的 2 Legged OAuth 的任何示例实现,那将会很有帮助.如果没有,任何关于如何实施的想法也将起作用.任何帮助将不胜感激.
If you have any sample implementation of 2 Legged OAuth using DNOA that would be helpful. If not, any ideas on how to implement would work too. Any help would be much appreciated.
推荐答案
我无法让 DNOA 与 2-legged OAuth 一起工作,所以我最终使用 http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs 作为我的基类处理签名签名.您需要做的就是对它进行子类化并使用签名方法来构建 http 授权标头...
I wasn't able to get DNOA to work with 2-legged OAuth so I ended up making my own consumer using http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs as my base class to handle the signature signing. All you need to do is subclass it and use the signature methods to build the http authorization header...
string sigMethodType = GetSigMethodType();
string ts, nonce, normalizedUrl, normalizedParams;
string sig = GenerateSignature(new Uri("http://some-endpoint-to-call"), "GET", out nonce, out ts, out normalizedUrl, out normalizedParams);
string header = "OAuth realm="" + normalizedUrl + ""," +
OAuthConsumerKeyKey + "="" + ConsumerKey + ""," +
OAuthSignatureMethodKey + "="" + "HMACSHA1SignatureType" + ""," +
OAuthSignatureKey + "="" + sig + ""," +
OAuthTimestampKey + "="" + ts + ""," +
OAuthTokenKey + "="" + String.Empty + ""," +
OAuthNonceKey + "="" + nonce + ""," +
OAuthVersionKey + "="" + OAuthVersion + """;
获得授权标头后,只需构建您的网络请求并将其发送...
Once you have the authorization header just build your web request and send it...
var wr = (HttpWebRequest)HttpWebRequest.Create(messageEndpoint.Location);
wr.Headers.Add(HttpRequestHeader.Authorization, BuildAuthHeader(messageEndpoint));
wr.ContentType = messageEndpoint.ContentType;
wr.Method = CdwHttpMethods.Verbs[messageEndpoint.HttpMethod];
using (var resp = (HttpWebResponse)req.GetResponse())
{
switch (resp.StatusCode)
{
case HttpStatusCode.Unauthorized:
Assert.Fail("OAuth authorization failed");
break;
case HttpStatusCode.OK:
using (var stream = resp.GetResponseStream())
{
using (var sr = new StreamReader(stream))
{
var respString = sr.ReadToEnd();
}
}
break;
}
}
更新:我还能够让 2-legged 与 devdefined 的 oauth 消费者一起工作.http://code.google.com/p/devdefined-tools/wiki/OAuthConsumer
Update: I was also able to get 2-legged to work with devdefined's oauth consumer. http://code.google.com/p/devdefined-tools/wiki/OAuthConsumer
var endPoint = new Uri("http://example.com/restendpoint.svc");
var ctx = new OAuthConsumerContext
{
ConsumerKey = "consumerkey1",
ConsumerSecret = "consumersecret1",
SignatureMethod = SignatureMethod.HmacSha1
};
var session = new OAuthSession(ctx, endPoint, endPoint, endPoint);
var respText = session.Request().Get().ForUri(endPoint).ToString();
如果它有一个空的构造函数或只接受上下文的重载就好了,但这似乎有效.
It would be nice if it had an empty constructor or an overload that just takes in the context, but this seems to work.
这篇关于有人使用 DNOA 实现了 2 Legged OAuth 吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!