有没有人使用DNOA实现2模式的OAuth？ [英] Has anybody implemented 2 Legged OAuth using DNOA?

问题描述

我试图创造CSHARP认证模块，我需要验证使用DotNetOpenAuth（DNOA）库2模式的OAuth其中只有消费者密钥和秘密请求签名。

I am trying to create an Authentication Module in CSharp where I need to verify the Signature from the request using DotNetOpenAuth(DNOA) Library for 2 Legged OAuth which only has consumer Key and a Secret.

如果您在使用DNOA 2模式的OAuth，这将是有帮助的任何样本实现。
。如果没有，就如何落实任何想法将工作太。
任何帮助将非常感激。

If you have any sample implementation of 2 Legged OAuth using DNOA that would be helpful. If not, any ideas on how to implement would work too. Any help would be much appreciated.

推荐答案

我是不是能够得到DNOA与2条腿的工作OAuth的所以我最终作出使用我自己的消费 http://oauth.googlecode.com/svn/code/ CSHARP / OAuthBase.cs 为我的基类来处理签名签名。所有你需要做的是子类，并使用签名的方法来建立HTTP授权头...

I wasn't able to get DNOA to work with 2-legged OAuth so I ended up making my own consumer using http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs as my base class to handle the signature signing. All you need to do is subclass it and use the signature methods to build the http authorization header...

string sigMethodType = GetSigMethodType();
string ts, nonce, normalizedUrl, normalizedParams;
string sig = GenerateSignature(new Uri("http://some-endpoint-to-call"), "GET", out nonce, out ts, out normalizedUrl, out normalizedParams);

string header = "OAuth realm=\"" + normalizedUrl + "\"," +
                OAuthConsumerKeyKey + "=\"" + ConsumerKey + "\"," +
                OAuthSignatureMethodKey + "=\"" + "HMACSHA1SignatureType" + "\"," +
                OAuthSignatureKey + "=\"" + sig + "\"," +
                OAuthTimestampKey + "=\"" + ts + "\"," +
                OAuthTokenKey + "=\"" + String.Empty + "\"," +
                OAuthNonceKey + "=\"" + nonce + "\"," +
                OAuthVersionKey + "=\"" + OAuthVersion + "\"";

一旦你的授权头只建立您的网络请求，并将其发送...

Once you have the authorization header just build your web request and send it...

var wr = (HttpWebRequest)HttpWebRequest.Create(messageEndpoint.Location);
wr.Headers.Add(HttpRequestHeader.Authorization, BuildAuthHeader(messageEndpoint));
wr.ContentType = messageEndpoint.ContentType;
wr.Method = CdwHttpMethods.Verbs[messageEndpoint.HttpMethod];
using (var resp = (HttpWebResponse)req.GetResponse())
{
    switch (resp.StatusCode)
    {
        case HttpStatusCode.Unauthorized:
            Assert.Fail("OAuth authorization failed");
            break;
        case HttpStatusCode.OK:
            using (var stream = resp.GetResponseStream())
            {
                using (var sr = new StreamReader(stream))
                {
                    var respString = sr.ReadToEnd();
                }
            }
            break;
    }
}

更新：
我也能得到2条腿与devdefined的OAuth消费工作。 http://code.google.com/p/devdefined-tools/wiki/OAuthConsumer

var endPoint = new Uri("http://example.com/restendpoint.svc");
            var ctx = new OAuthConsumerContext
                        {
                            ConsumerKey = "consumerkey1",
                            ConsumerSecret = "consumersecret1",
                            SignatureMethod = SignatureMethod.HmacSha1
                        };

            var session = new OAuthSession(ctx, endPoint, endPoint, endPoint);
            var respText = session.Request().Get().ForUri(endPoint).ToString();

这将是很好，如果它有一个空的构造或过载，只是需要在上下文，但这似乎工作。

It would be nice if it had an empty constructor or an overload that just takes in the context, but this seems to work.

这篇关于有没有人使用DNOA实现2模式的OAuth？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！