我正在尝试在C#服务器中验证传入的已签名请求。 请求来自社交平台(naver)。 我从他们那里获得的是证书(如下)。
我正在使用DevDefinedOAuth
http://code.google.com/p/devdefined-tools/
他们有一篇关于这个主题的维基文章。
http://code.google.com/p/devdefined-tools/wiki/OAuthSignatureValidation
这是我的代码:
public static bool isValidRequest2( HttpListenerRequest request )
{
X509Certificate2 cert = new X509Certificate2();
cert.Import( Encoding.ASCII.GetBytes(
@"-----BEGIN CERTIFICATE-----
MIICqDCCAhGgAwIBAgIJANDx5Es1s04zMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAktSMQowCAYDVQQIDAEgMQowCAYDVQQHDAEgMQwwCgYDVQQKDANOSE4xEjAQ
BgNVBAsMCUNvbW11bml0eTESMBAGA1UEAwwJbmF2ZXIuY29tMRAwDgYJKoZIhvcN
AQkBFgEgMB4XDTEwMDYxNDA1MzAzNVoXDTExMDYxNDA1MzAzNVowbTELMAkGA1UE
BhMCS1IxCjAIBgNVBAgMASAxCjAIBgNVBAcMASAxDDAKBgNVBAoMA05ITjESMBAG
A1UECwwJQ29tbXVuaXR5MRIwEAYDVQQDDAluYXZlci5jb20xEDAOBgkqhkiG9w0B
CQEWASAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANX++6LgORv6caQ8LCVh
RYTXi2Lko7zn4wPeqvdCqNZsxcry2mNHn/ic+0XbhNgor5L0l048f0iicW/Qu4vw
RvkZy2N8dNE3Tb5dbPLNo+S+cExv/DhbQVFKGiOOvr4vQ+2Lgw7If5g3sh6/S8Gu
ot47cOrUkiLKBKJt614bue9zAgMBAAGjUDBOMB0GA1UdDgQWBBSB1ReDAnl4lRyl
Rfpl0EZ13E5LzzAfBgNVHSMEGDAWgBSB1ReDAnl4lRylRfpl0EZ13E5LzzAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEYdZfQjvk/wvlFP4l3mDqS4NMac
txx1lyYGa0gX4DGhb7aGwBb3qwCdSX7szuYNHHq5Clf9TGQMqc49RFC2TGNRrpSw
BZFRmyzhMsqx/dLcNIBLfz4B+SUw+yiwNKo3krYCJfqgNy0cW8sF121yWI3tPzqr
kD8kEbCa5GvxmsdT
-----END CERTIFICATE-----" ) );
DevDefined.OAuth.Framework.OAuthContext context = new DevDefined.OAuth.Framework.OAuthContext
{
//RawUri = request.Url,
RawUri = CleanUri( request.Url ),
Cookies = new NameValueCollection(),
Headers = request.Headers,
RequestMethod = request.HttpMethod,
FormEncodedParameters = new NameValueCollection(),
QueryParameters = new NameValueCollection( request.QueryString )
};
// do I need to set them manually?.. let's try..
context.ConsumerKey = request.QueryString[ "oauth_consumer_key" ];
context.Timestamp = request.QueryString[ "oauth_timestamp" ];
context.Nonce = request.QueryString[ "oauth_nonce" ];
context.Signature = request.QueryString[ "oauth_signature" ];
var signer = new DevDefined.OAuth.Framework.Signing.OAuthContextSigner();
DevDefined.OAuth.Framework.SigningContext signingContext = new DevDefined.OAuth.Framework.SigningContext();
// use context.ConsumerKey to fetch information required for signature validation for this consumer.
signingContext.Algorithm = cert.PublicKey.Key;
//signingContext.ConsumerSecret; // if there is a consumer secret
return ( signer.ValidateSignature( context, signingContext ) );
}
这是一个示例请求:(我出于安全原因稍微更改了网址 )
网址:http://www.maxmax.co.cc:7677/?oauth_signature=b58RqdQ0Atnrvvy6Qi81BRv1fhmXIQEl3hY++Wi7kiinSOhWq7mluhsapEi/GvCUG6RjrYVowwTcoi MqqmVCasFlON7zU7Yyi8nOUAoClpoft0BXbT5xyNUmLOxTk47tmjWVMLniaOieVUEQLwP2yycH6hiWkf2gFWGsu9LHZbE =安培; oauth_nonce = 14611349243983507&安培; OAuth的_version = 1.0&安培; oauth_body_hash = 2jmj7l5rSw0yVb / vlWAYkK / YBwk =安培; oauth_signature_method = RSA-SHA1&安培; oauth_consumer_key = naver.com&安培; xoauth_sign ature_publickey = http://nsocialcontainer.com/server/naver_socialapp_public.cer& xoauth_public_key = http://nsocialcontainer.com/server /naver_socialapp_public.cer&opensocial_owner_id=1400000000010946792&opensocial_app_id=25992&oauth_timestamp=1296334075
HttpMethod:GET
UserAgent:Jakarta Commons-HttpClient / 3.1
QueryString
标题
我没有收到错误消息,没有异常,但isValidRequest2()总是返回'false' 即使有效请求。
我一定是错了。 任何帮助将不胜感激!! 如果您对此问题有任何疑问,请询问。
感谢!!!!
答案 0 :(得分:0)
您使用的是哪个版本的库,如果您还没有在这里尝试从github源代码构建,请执行以下操作:
https://github.com/bittercoder/DevDefined.OAuth
此外,值得注意的是,一些opensocial平台实现返回Url的额外&符号(例如以前的朋友) - 有关详细信息,请参阅此博客文章的底部:
http://blog.bittercoder.com/PermaLink,guid,4f387bde-7ed6-480b-952b-bbc0ead9ebfb.aspx
如果您仍然遇到问题,如果您可以提供指向您的消费者代码的完整示例的链接(我建议创建一个要点:https://gist.github.com/gists),这对理解问题是非常有帮助的。< / p>