通过DotNetOpenAuth对FreshBooks进行身份验证

时间:2011-02-11 21:06:23

标签: c# asp.net oauth dotnetopenauth

我正在尝试使用OAuth从我的ASP.NET MVC C#应用程序中对FreshBooks API进行身份验证。以下是我到目前为止的情况:

我在这里使用DotNetOpenAuth是我在控制器操作中的代码

if (TokenManager != null)
{
    ServiceProviderDescription provider = new ServiceProviderDescription();
    provider.ProtocolVersion = ProtocolVersion.V10a;
    provider.AccessTokenEndpoint = new MessageReceivingEndpoint     ("https://myfbid.freshbooks.com/oauth/oauth_access.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.PostRequest);
    provider.RequestTokenEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://myfbid.freshbooks.com/oauth/oauth_request.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.PostRequest);
    provider.UserAuthorizationEndpoint = new DotNetOpenAuth.Messaging.MessageReceivingEndpoint("https://myfbid.freshbooks.com/oauth/oauth_authorize.php", DotNetOpenAuth.Messaging.HttpDeliveryMethods.GetRequest);
    provider.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() };

    var consumer = new WebConsumer(provider, TokenManager);

    var response = consumer.ProcessUserAuthorization();
    if (response != null)
    {
        this.AccessToken = response.AccessToken;
    }
    else
    {
        // we need to request authorization
        consumer.Channel.Send(consumer.PrepareRequestUserAuthorization(
            new Uri("http://localhost:9876/home/testoauth/"), null, null));
    }
}

TokenManager与DotNetOpenAuth样本提供的是同一个类,我设置了FreshBooks给我的消费者秘密。

consumer.Channel.Send(consumer.PrepareRequestUserAuthorization(...))我有以下例外:

  

“远程服务器返回错误:(400)错误请求。”。

我这样做是否正确?基于FreshBooks文档和DotNetOpenAuth样本应该正常工作。

是否有更简单的方法来验证OAuth,因为DotNetOpenAuth对于简单地使用OAuth身份验证来说有点大?

2 个答案:

答案 0 :(得分:5)

如果你想使用DotNetOpenAuth,你需要确保:

  • 您使用签名方法“PLAINTEXT”
  • 并使用PlaintextSigningBindingElement作为TamperProtectionElements
这样的事情对我有用:

public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription
{
    ProtocolVersion = ProtocolVersion.V10a,
    RequestTokenEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_request.php", HttpDeliveryMethods.PostRequest),
    UserAuthorizationEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_authorize.php", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
    AccessTokenEndpoint = new MessageReceivingEndpoint(oAuthBase + "/oauth_access.php", HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
    TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new PlaintextSigningBindingElement() }
};

public static void RequestAuthorization(WebConsumer consumer)
{
    if (consumer == null)
    {
        throw new ArgumentNullException("consumer");
    }

    var extraParameters = new Dictionary<string, string> {
        { "oauth_signature_method", "PLAINTEXT" },
    };
    Uri callback = Util.GetCallbackUrlFromContext();
    var request = consumer.PrepareRequestUserAuthorization(callback, extraParameters, null);
    consumer.Channel.Send(request);
}

答案 1 :(得分:1)

您可以尝试使用我的开源OAuth库。它非常简单易用。我有一个示例项目可以在下载中连接到谷歌,Twitter,雅虎和Vimeo。我故意保持代码非常简单,因此很容易理解。

OAuth C# Library

我没有使用过FreshBooks,但它应该只是更改示例应用程序中某个提供程序的url,当然还要设置提供程序特定的键等。

相关问题
最新问题