Has anybody implemented 2 Legged OAuth using DNOA?

2019-02-02 00:13发布

站内问答 / C#
1411 1 4

I am trying to create an Authentication Module in CSharp where I need to verify the Signature from the request using DotNetOpenAuth(DNOA) Library for 2 Legged OAuth which only has consumer Key and a Secret.

If you have any sample implementation of 2 Legged OAuth using DNOA that would be helpful. If not, any ideas on how to implement would work too. Any help would be much appreciated.

1条回答
Melony?
2楼-- · 2019-02-02 01:02

I wasn't able to get DNOA to work with 2-legged OAuth so I ended up making my own consumer using http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs as my base class to handle the signature signing. All you need to do is subclass it and use the signature methods to build the http authorization header...

string sigMethodType = GetSigMethodType();
string ts, nonce, normalizedUrl, normalizedParams;
string sig = GenerateSignature(new Uri("http://some-endpoint-to-call"), "GET", out nonce, out ts, out normalizedUrl, out normalizedParams);

string header = "OAuth realm=\"" + normalizedUrl + "\"," +
                OAuthConsumerKeyKey + "=\"" + ConsumerKey + "\"," +
                OAuthSignatureMethodKey + "=\"" + "HMACSHA1SignatureType" + "\"," +
                OAuthSignatureKey + "=\"" + sig + "\"," +
                OAuthTimestampKey + "=\"" + ts + "\"," +
                OAuthTokenKey + "=\"" + String.Empty + "\"," +
                OAuthNonceKey + "=\"" + nonce + "\"," +
                OAuthVersionKey + "=\"" + OAuthVersion + "\"";

Once you have the authorization header just build your web request and send it...

var wr = (HttpWebRequest)HttpWebRequest.Create(messageEndpoint.Location);
wr.Headers.Add(HttpRequestHeader.Authorization, BuildAuthHeader(messageEndpoint));
wr.ContentType = messageEndpoint.ContentType;
wr.Method = CdwHttpMethods.Verbs[messageEndpoint.HttpMethod];
using (var resp = (HttpWebResponse)req.GetResponse())
{
    switch (resp.StatusCode)
    {
        case HttpStatusCode.Unauthorized:
            Assert.Fail("OAuth authorization failed");
            break;
        case HttpStatusCode.OK:
            using (var stream = resp.GetResponseStream())
            {
                using (var sr = new StreamReader(stream))
                {
                    var respString = sr.ReadToEnd();
                }
            }
            break;
    }
}

Update: I was also able to get 2-legged to work with devdefined's oauth consumer. http://code.google.com/p/devdefined-tools/wiki/OAuthConsumer

var endPoint = new Uri("http://example.com/restendpoint.svc");
            var ctx = new OAuthConsumerContext
                        {
                            ConsumerKey = "consumerkey1",
                            ConsumerSecret = "consumersecret1",
                            SignatureMethod = SignatureMethod.HmacSha1
                        };

            var session = new OAuthSession(ctx, endPoint, endPoint, endPoint);
            var respText = session.Request().Get().ForUri(endPoint).ToString();

It would be nice if it had an empty constructor or an overload that just takes in the context, but this seems to work.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)