当前位置：文江博客话题详情

有人使用 DNOA 实施 2 Legged OAuth 吗？

发布于 2024-09-05 16:16:09 字数 173 浏览 8 评论 0原文

我正在尝试在 CSharp 中创建一个身份验证模块，其中我需要使用 DotNetOpenAuth(DNOA) 库验证来自请求的签名，该库仅具有消费者密钥和秘密。

如果您有任何使用 DNOA 实现 2 Legged OAuth 的示例，那将会很有帮助。如果没有，任何关于如何实施的想法也可以。任何帮助将不胜感激。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

你与昨日 2024-09-12 16:16:09

我无法让 DNOA 与 2-legged OAuth 一起使用，所以我最终使用 http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs 作为我处理签名的基类。您需要做的就是对其进行子类化并使用签名方法来构建 http 授权标头...

string sigMethodType = GetSigMethodType();
string ts, nonce, normalizedUrl, normalizedParams;
string sig = GenerateSignature(new Uri("http://some-endpoint-to-call"), "GET", out nonce, out ts, out normalizedUrl, out normalizedParams);

string header = "OAuth realm=\"" + normalizedUrl + "\"," +
                OAuthConsumerKeyKey + "=\"" + ConsumerKey + "\"," +
                OAuthSignatureMethodKey + "=\"" + "HMACSHA1SignatureType" + "\"," +
                OAuthSignatureKey + "=\"" + sig + "\"," +
                OAuthTimestampKey + "=\"" + ts + "\"," +
                OAuthTokenKey + "=\"" + String.Empty + "\"," +
                OAuthNonceKey + "=\"" + nonce + "\"," +
                OAuthVersionKey + "=\"" + OAuthVersion + "\"";

一旦获得授权标头，只需构建您的 Web 请求并发送它...

var wr = (HttpWebRequest)HttpWebRequest.Create(messageEndpoint.Location);
wr.Headers.Add(HttpRequestHeader.Authorization, BuildAuthHeader(messageEndpoint));
wr.ContentType = messageEndpoint.ContentType;
wr.Method = CdwHttpMethods.Verbs[messageEndpoint.HttpMethod];
using (var resp = (HttpWebResponse)req.GetResponse())
{
    switch (resp.StatusCode)
    {
        case HttpStatusCode.Unauthorized:
            Assert.Fail("OAuth authorization failed");
            break;
        case HttpStatusCode.OK:
            using (var stream = resp.GetResponseStream())
            {
                using (var sr = new StreamReader(stream))
                {
                    var respString = sr.ReadToEnd();
                }
            }
            break;
    }
}

更新：
我还能够用两条腿与 devdefine 的 oauth 消费者一起工作。 http://code.google.com/p/devdefine-tools/wiki/OAuthConsumer

var endPoint = new Uri("http://example.com/restendpoint.svc");
            var ctx = new OAuthConsumerContext
                        {
                            ConsumerKey = "consumerkey1",
                            ConsumerSecret = "consumersecret1",
                            SignatureMethod = SignatureMethod.HmacSha1
                        };

            var session = new OAuthSession(ctx, endPoint, endPoint, endPoint);
            var respText = session.Request().Get().ForUri(endPoint).ToString();

如果它有一个空的构造函数或一个仅接受上下文的重载，那就太好了，但这似乎可行。

I wasn't able to get DNOA to work with 2-legged OAuth so I ended up making my own consumer using http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs as my base class to handle the signature signing. All you need to do is subclass it and use the signature methods to build the http authorization header...

string sigMethodType = GetSigMethodType();
string ts, nonce, normalizedUrl, normalizedParams;
string sig = GenerateSignature(new Uri("http://some-endpoint-to-call"), "GET", out nonce, out ts, out normalizedUrl, out normalizedParams);

string header = "OAuth realm=\"" + normalizedUrl + "\"," +
                OAuthConsumerKeyKey + "=\"" + ConsumerKey + "\"," +
                OAuthSignatureMethodKey + "=\"" + "HMACSHA1SignatureType" + "\"," +
                OAuthSignatureKey + "=\"" + sig + "\"," +
                OAuthTimestampKey + "=\"" + ts + "\"," +
                OAuthTokenKey + "=\"" + String.Empty + "\"," +
                OAuthNonceKey + "=\"" + nonce + "\"," +
                OAuthVersionKey + "=\"" + OAuthVersion + "\"";

Once you have the authorization header just build your web request and send it...

var wr = (HttpWebRequest)HttpWebRequest.Create(messageEndpoint.Location);
wr.Headers.Add(HttpRequestHeader.Authorization, BuildAuthHeader(messageEndpoint));
wr.ContentType = messageEndpoint.ContentType;
wr.Method = CdwHttpMethods.Verbs[messageEndpoint.HttpMethod];
using (var resp = (HttpWebResponse)req.GetResponse())
{
    switch (resp.StatusCode)
    {
        case HttpStatusCode.Unauthorized:
            Assert.Fail("OAuth authorization failed");
            break;
        case HttpStatusCode.OK:
            using (var stream = resp.GetResponseStream())
            {
                using (var sr = new StreamReader(stream))
                {
                    var respString = sr.ReadToEnd();
                }
            }
            break;
    }
}

Update:
I was also able to get 2-legged to work with devdefined's oauth consumer. http://code.google.com/p/devdefined-tools/wiki/OAuthConsumer

var endPoint = new Uri("http://example.com/restendpoint.svc");
            var ctx = new OAuthConsumerContext
                        {
                            ConsumerKey = "consumerkey1",
                            ConsumerSecret = "consumersecret1",
                            SignatureMethod = SignatureMethod.HmacSha1
                        };

            var session = new OAuthSession(ctx, endPoint, endPoint, endPoint);
            var respText = session.Request().Get().ForUri(endPoint).ToString();

It would be nice if it had an empty constructor or an overload that just takes in the context, but this seems to work.

回复收藏 0 原文

~没有更多了~