Oauth,Twitter,401未经授权

时间:2012-03-23 22:53:42

标签: c# .net twitter oauth

我想脱离Twitsharp并在​​twitter中使用User Streaming,为了做到这一点,我需要编写自己的oAuth来验证我对API的请求。

从未必须这样做,我真的很难实现它。我找到了一个很好的例子(http://garyshortblog.wordpress.com/2011/02/11/a-twitter-oauth-example-in-c/),我试图用它来理解如何编写自己的例子。但是我甚至无法让这个例子起作用。每次运行它我总是遇到401 Unauthorized。我的令牌等很好,他们在Twitsharp下工作。如果我在Twitsharp请求和我之间使用fiddler进行比较,除了oauth_nonce和oauth_signature之外,它们完全相同。

这是我到目前为止所做的事情,我们对此表示赞赏。

接头

GOOD - 使用Twitsharp

oauth_consumer_key="xxx",
oauth_nonce="eyn5x7hhj06tr8ic",
oauth_signature="aZa5Fg7%2FO%2BbSlO9cYTL7OYLpkAM%3D",
oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1332540179",
oauth_token="xxx",
oauth_version="1.0"

坏 - 我的例子

oauth_consumer_key="xxx",
oauth_nonce="NjM0NjgxMzgyNDQ5MTgxMDk5",
oauth_signature="bSryjrvc1t4kMaIpXCGe7uAFmUI%3D",
oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1332541445",
oauth_token="xxx",
oauth_version="1.0"

代码:

     /// <summary>
        /// The set of characters that are unreserved in RFC 2396 but are NOT unreserved in RFC 3986.
        /// </summary>
        private static readonly string[] UriRfc3986CharsToEscape = new[] { "!", "*", "'", "(", ")" };

        /// <summary>
        /// Escapes a string according to the URI data string rules given in RFC 3986.
        /// </summary>
        /// <param name="value">The value to escape.</param>
        /// <returns>The escaped value.</returns>
        /// <remarks>
        /// The <see cref="Uri.EscapeDataString"/> method is <i>supposed</i> to take on
        /// RFC 3986 behavior if certain elements are present in a .config file.  Even if this
        /// actually worked (which in my experiments it <i>doesn't</i>), we can't rely on every
        /// host actually having this configuration element present.
        /// </remarks>
        internal static string EscapeUriDataStringRfc3986(string value)
        {
            // Start with RFC 2396 escaping by calling the .NET method to do the work.
            // This MAY sometimes exhibit RFC 3986 behavior (according to the documentation).
            // If it does, the escaping we do that follows it will be a no-op since the
            // characters we search for to replace can't possibly exist in the string.
            StringBuilder escaped = new StringBuilder(Uri.EscapeDataString(value));

            // Upgrade the escaping to RFC 3986, if necessary.
            for (int i = 0; i < UriRfc3986CharsToEscape.Length; i++)
            {
                escaped.Replace(UriRfc3986CharsToEscape[i], Uri.HexEscape(UriRfc3986CharsToEscape[i][0]));
            }

            // Return the fully-RFC3986-escaped string.
            return escaped.ToString();
        }


        public static void UserStream()
        {


            //GS - Get the oAuth params
            string status = "statusUpdate112";
            string postBody = "status=" +
                EscapeUriDataStringRfc3986(status);

            string oauth_consumer_key = _consumerKey;

            string oauth_nonce = Convert.ToBase64String(
                new ASCIIEncoding().GetBytes(
                    DateTime.Now.Ticks.ToString()));

            string oauth_signature_method = "HMAC-SHA1";

            string oauth_token =
                _accessToken;

            TimeSpan ts = DateTime.UtcNow -
                new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);

            string oauth_timestamp =
                Convert.ToInt64(ts.TotalSeconds).ToString();

            string oauth_version = "1.0";

            //GS - When building the signature string the params
            //must be in alphabetical order. I can't be bothered
            //with that, get SortedDictionary to do it's thing
            SortedDictionary<string, string> sd =
                new SortedDictionary<string, string>();

            sd.Add("status", status);
            sd.Add("oauth_version", oauth_version);
            sd.Add("oauth_consumer_key", oauth_consumer_key);
            sd.Add("oauth_nonce", oauth_nonce);
            sd.Add("oauth_signature_method", oauth_signature_method);
            sd.Add("oauth_timestamp", oauth_timestamp);
            sd.Add("oauth_token", oauth_token);

            //GS - Build the signature string
            string baseString = String.Empty;
            baseString += "POST" + "&";
            baseString += EscapeUriDataStringRfc3986(
                "http://api.twitter.com/1/statuses/update.json")
                + "&";

            foreach (KeyValuePair<string, string> entry in sd)
            {
                baseString += EscapeUriDataStringRfc3986(entry.Key +
                    "=" + entry.Value + "&");
            }

            //GS - Remove the trailing ambersand char, remember
            //it's been urlEncoded so you have to remove the
            //last 3 chars - %26
            baseString =
                baseString.Substring(0, baseString.Length - 3);

            //GS - Build the signing key
            string consumerSecret =
                _consumerSecret;

            string oauth_token_secret =
                _accessTokenSecret;

            string signingKey =
                EscapeUriDataStringRfc3986(consumerSecret) + "&" +
                EscapeUriDataStringRfc3986(oauth_token_secret);

            //GS - Sign the request
            HMACSHA1 hasher = new HMACSHA1(
                new ASCIIEncoding().GetBytes(signingKey));

            string signatureString = Convert.ToBase64String(
                hasher.ComputeHash(
                new ASCIIEncoding().GetBytes(baseString)));

            //GS - Tell Twitter we don't do the 100 continue thing
            ServicePointManager.Expect100Continue = false;

            //GS - Instantiate a web request and populate the
            //authorization header
            HttpWebRequest hwr =
                (HttpWebRequest)WebRequest.Create(
                @"https://api.twitter.com/1/statuses/update.json");

            string authorizationHeaderParams = String.Empty;

            authorizationHeaderParams += "OAuth ";

            authorizationHeaderParams += "oauth_consumer_key="
                + "\"" + EscapeUriDataStringRfc3986(
                oauth_consumer_key) + "\",";


            authorizationHeaderParams += "oauth_nonce=" + "\"" +
                EscapeUriDataStringRfc3986(oauth_nonce) + "\",";


            authorizationHeaderParams += "oauth_signature=" + "\""
                + EscapeUriDataStringRfc3986(signatureString) + "\",";


            authorizationHeaderParams +=
                "oauth_signature_method=" + "\"" +
                EscapeUriDataStringRfc3986(oauth_signature_method) +
                "\",";

            authorizationHeaderParams += "oauth_timestamp=" + "\"" +
                EscapeUriDataStringRfc3986(oauth_timestamp) + "\",";



            authorizationHeaderParams += "oauth_token=" + "\"" +
                EscapeUriDataStringRfc3986(oauth_token) + "\",";


            authorizationHeaderParams += "oauth_version=" + "\"" +
                EscapeUriDataStringRfc3986(oauth_version) + "\"";



            hwr.Headers.Add(
                "Authorization", authorizationHeaderParams);
//added user agent
            hwr.UserAgent = "XserT";



            //GS - POST off the request
            hwr.Method = "POST";
            hwr.ContentType = "application/x-www-form-urlencoded";
            Stream stream = hwr.GetRequestStream();
            byte[] bodyBytes =
                new ASCIIEncoding().GetBytes(postBody);

            stream.Write(bodyBytes, 0, bodyBytes.Length);
            stream.Flush();
            stream.Close();

            //GS - Allow us a reasonable timeout in case
            //Twitter's busy
            hwr.Timeout = 3 * 60 * 1000;

            try
            {
                HttpWebResponse rsp = hwr.GetResponse()
                    as HttpWebResponse;

                hwr.KeepAlive = false;
                //GS - Do something with the return here...
            }
            catch (WebException e)
            {
                //GS - Do some clever error handling here...
            }



        }

2 个答案:

答案 0 :(得分:0)

我知道这不能回答你的问题,但如果你尝试linqtotwitter,你可以轻松完成。

有些示例可以在源区域中使用

我也想添加Tweetsharp可能已经折旧了。去年年初他就停止了这项工作。

答案 1 :(得分:0)

Uri.EscapeDataString不使用正确的编码机制。

例如,请查看有关该主题的其他帖子:

How to get Uri.EscapeDataString to comply with RFC 3986

在那篇文章中,你会发现有人粘贴了正确的逃避例程。把它作为射击!