Amazon API在C#.NET中生成请求签名 [英] Amazon API generating a request signature in C# .NET

问题描述

我试图弄清楚如何在我的.NET应用程序中传递参数. URL请求如下所示:

I'm trying to figure out how to pass a parameter in my .NET application. The URL request looks like:

http://webservices.amazon.com/onca/xml?
  Service=AWSECommerceService
  &Operation=ItemLookup
  &ResponseGroup=Large
  &SearchIndex=All
  &IdType=UPC
  &ItemId=635753490879
  &AWSAccessKeyId=[Your_AWSAccessKeyID]
  &AssociateTag=[Your_AssociateTag]
  &Timestamp=[YYYY-MM-DDThh:mm:ssZ]
  &Signature=[Request_Signature]

我感到困惑的部分是这些:

The part that I'm confused about are these:

 &Timestamp=[YYYY-MM-DDThh:mm:ssZ]
      &Signature=[Request_Signature]

我不确定是否可以只是在时间戳部分执行以下操作:

I'm not sure whether I can Just simply do it something like this for timestamp part:

var TimeStamp  = DateTime.Now; // without any special datetime formating? 

所以我的问题是如何在请求URL中实际生成此签名URL?

So my question is how do I actually generate this signature URL in the request URL ?

我上面有所有这些参数，但不确定如何生成最后一个?

I have all of these parameters above but I'm not sure how to generate this last one ?

有人可以帮我吗?

推荐答案

AWS利用HMAC请求签名.一般而言，此方法的工作方式是创建一个消息"，该消息由诸如访问密钥，请求标头，请求正文和时间戳之类的内容组成.然后，您向HMAC发送此消息"，并成为请求的签名".这样可以防止重播攻击，因为每个请求必须具有唯一的签名.

AWS utilizes HMAC request-signing. Generally speaking, the way this works is that you create a "message", which is composed of things like your access key(s), request headers, request body and a timestamp. You then HMAC this "message" and that becomes your "signature" for the request. This prevents replay-attacks as each request must have a unique signature.

看起来时间戳只是需要采用ISO格式(YYYY-MM-DDThh:mm:ssZ)，所以，不，您不能仅使用DateTime.Now. ToString使用的默认格式将不是ISO.相反，您需要使用类似以下内容的

It looks like the timestamp simply needs to be in ISO format (YYYY-MM-DDThh:mm:ssZ), so, no you can't just use DateTime.Now. The default format utilized by ToString will not be ISO. Instead, you'd need to use something like:

DateTime.Now.ToString("yyyy-MM-ddThh:mm:sszzz");

或者最好使用UTC时间并简单地附加一个Z:

Or it would actually probably be better to use UTC time and simply append a Z:

DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ");

关于创建签名的信息，请参见 AWS文档，其中提供了一些示例代码:

As for creating the signature, see the AWS documentation, where they provide some sample code:

static byte[] HmacSHA256(String data, byte[] key)
{
    String algorithm = "HmacSHA256";
    KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(algorithm);
    kha.Key = key;

    return kha.ComputeHash(Encoding.UTF8.GetBytes(data));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName)
{
    byte[] kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
    byte[] kDate = HmacSHA256(dateStamp, kSecret);
    byte[] kRegion = HmacSHA256(regionName, kDate);
    byte[] kService = HmacSHA256(serviceName, kRegion);
    byte[] kSigning = HmacSHA256("aws4_request", kService);

    return kSigning;
}

这篇关于Amazon API在C#.NET中生成请求签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！