我在我的WCF RESTful服务中实现Oauth,在客户端使用脚本(link1)生成签名(siganture reference link2,script reference)并在服务器端生成签名使用c#(code reference),一切正常,但唯一的是客户端生成签名与服务器端生成签名不匹配。
这是我的代码,请指出我在做错的地方
SCRIPT:
$("#BtnCheck").click(function () {
oauth = OAuth({
consumer: {
public: 'test',
secret: 'secret'
},
signature_method: 'HMAC-SHA1'
});
request_data = {
// url: 'http://MyPcName/RestfulService/Login/LoginService.svc/GetSampleMethod_With_OAuth/inputStr/validate',
url: 'http://localhost/RestfulService/Login/LoginService.svc/GetSampleMethod_With_OAuth/inputStr/validate',
method: 'GET',
data: {
status: 'Hello Ladies + Gentlemen, a signed OAuth request!'
}
};
varType = "GET";
varUrl = "http://localhost/RestfulService/Login/LoginService.svc/GetSampleMethod_With_OAuth/inputStr/validate";
data = oauth.authorize(request_data, null);
varContentType = "application/json; charset=utf-8";
varDataType = "json";
varProcessData = false;
varCache = false
varData = data;
CallService(Authenticate);
});
function Authenticate(response) {
var data = response
alert(response);
}
致电服务:
function CallService(sucessData) {
$.ajax({
//headers: getHeaders(),
type: varType, //GET or POST or PUT or DELETE verb
url: varUrl, // Location of the service
data: varData, //Data sent to server
contentType: varContentType, // content type sent to server
dataType: varDataType, //Expected data format from server
processdata: varProcessData, //True or False
crossDomain: true,
timeout: 200000,
success: sucessData,
cache: varCache,
error: function (xhr) {// When Service call fails
alert("Error: " + xhr.responseText);
//alert('Error occured in Service Call');
}
});
}
WCF服务:
[OperationContract(Name = "GetSampleMethod_With_OAuth")]
[WebGet(UriTemplate = "GetSampleMethod_With_OAuth/inputStr/{name}")]
string GetSampleMethod_With_OAuth(string name);
public string GetSampleMethod_With_OAuth(string strUserName)
{
if (Authenticate(WebOperationContext.Current.IncomingRequest))
{
StringBuilder strReturnValue = new StringBuilder();
// return username prefixed as shown below
strReturnValue.Append(string.Format("AUTHORIZED REQUEST"));
return strReturnValue.ToString();
}
else
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
return "401 Unauthorized Request.";
}
}
private static bool Authenticate(IncomingWebRequestContext context)
{
bool Authenticated = false;
string normalizedUrl;
string normalizedRequestParameters;
//context.Headers
NameValueCollection pa = context.UriTemplateMatch.QueryParameters;
if (pa != null && pa["oauth_consumer_key"] != null)
{
// to get uri without oauth parameters
string uri = context.UriTemplateMatch.RequestUri.OriginalString.Replace
(context.UriTemplateMatch.RequestUri.Query, "");
string consumersecret = "secret";
OAuthBase oauth = new OAuthBase();
string hash = oauth.GenerateSignature(
new Uri(uri),
pa["oauth_consumer_key"],
consumersecret,
null, // totken
null, //token secret
"GET",
pa["oauth_timestamp"],
pa["oauth_nonce"],
out normalizedUrl,
out normalizedRequestParameters
);
Authenticated = pa["oauth_signature"] == hash;
}
return Authenticated;
}
答案 0 :(得分:0)
我找到了解决这个问题的方法:
在Javascript中:移除data:{}
request_data
request_data = {
// url: 'http://MyPcName/RestfulService/Login/LoginService.svc/GetSampleMethod_With_OAuth/inputStr/validate',
url: 'http://localhost/RestfulService/Login/LoginService.svc/GetSampleMethod_With_OAuth/inputStr/validate',
method: 'GET',
};