创建Facebook AppSecret_Proof HMACSHA256需要C＃帮助 [英] C# help required to Create Facebook AppSecret_Proof HMACSHA256

问题描述

Facebook要求我创建一个appsecret_proof： https：//developers.facebook。 com / docs / graph-api / secure-requests

Facebook requires that I create a appsecret_proof: https://developers.facebook.com/docs/graph-api/securing-requests

我已经使用以下代码：

public string FaceBookSecret(string content, string key)
{
        var encoding = new System.Text.ASCIIEncoding();
        byte[] keyByte = encoding.GetBytes(key);
        byte[] messageBytes = encoding.GetBytes(content);
        using (var hmacsha256 = new HMACSHA256(keyByte))
        {
            byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
            return Convert.ToBase64String(hashmessage);
        }
}

一切看起来都不错，但是Facebook说appsecret_proof无效。我已经登录，当我删除密钥时，我可以正常执行所有操作。所以要节省一些时间：

Everything looks fine for me, however facebook says that the appsecret_proof is invalid. I am logged in, I can do everything as normal when i remove the key. So to save some time:

• 是我发布到正确的URL


• 是的我是传递一个有效的access_token


• 是的，我正在使用相同的access_token证明，因为我在请求中


• 是的，我的appsecret很好，作品

• Yes I am posting to the correct URL
• Yes I am passing a valid access_token
• Yes I am using the same access_token in the proof, as i am in the request
• Yes my appsecret is fine, and works

使用示例

dynamic results = client.Post("/" + model.PostAsId + "/feed", new { message = model.Message, appsecret_proof = FaceBookSecret(postAs.AuthToken, AppSecret) });

我认为这可能与编码或其他东西有关，但老实说，我只是不知道。

I think it probably has something to do with encoding or something along them lines, but to be honest, I just dont know.

我也在使用Facebook .net SDK，但这并没有太多的文档，似乎没有与自动化有关的任何事情，服务器端操作等。

I am also using the Facebook .net SDK however this does not have much in documentation, and does not seem to strike on anything to do with automation, server side operations etc.

谢谢

推荐答案

是一个16位的字符串，所以你需要把它转换成一个字节数组。看看如何将十六进制字符串转换为字节数组？有关如何做到这一点的细节。 access_token需要使用ASCII编码转换为字节数组。一旦生成了HMAC，然后将其编码为基16字符串，以用作您的appsecret_proof。以下代码将将字节数组转换为base16。

The app secret is a base-16 string, so you need to convert that to a byte array. Take a look at How can I convert a hex string to a byte array? for details on how to do this. The access_token needs to be converted to a byte array using the ASCII encoding. Once you've generated the HMAC then encode this as a base-16 string to use as your appsecret_proof. The following code will convert a byte array to base16.

public static class Base16
{
    private static readonly char[] encoding;

    static Base16()
    {
        encoding = new char[16]
        {
            '0', '1', '2', '3', '4', '5', '6', '7',
            '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
        };
    }

    public static string Encode(byte[] data)
    {
        char[] text = new char[data.Length * 2];

        for (int i = 0, j = 0; i < data.Length; i++)
        {
            text[j++] = encoding[data[i] >> 4];
            text[j++] = encoding[data[i] & 0xf];
        }

        return new string(text);
    }

生成appsecret_proof的代码将是

The code to generate the appsecret_proof would then be

private string GenerateAppSecretProof(string accessToken, string appSecret)
{
    byte[] key = Base16.Decode(appSecret);
    byte[] hash;
    using (HMAC hmacAlg = new HMACSHA1(key))
    {
        hash = hmacAlg.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
    }
    return Base16.Encode(hash);
}

Facebook似乎接受SHA256 HMAC或SHA1 HMAC。

Facebook seems to accept either a SHA256 HMAC or SHA1 HMAC.

这篇关于创建Facebook AppSecret_Proof HMACSHA256需要C＃帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！