From last few days I was stucked in a problem during developing an open social app on orkut for my company.
I had to authenticate the oauth request from orkut app in my C# App.
The request was having data both in querystring and post(form) .
Posted many places but not found any exact Solution.
Cople of solutions were there
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23238711.html

http://eran.sandler.co.il/2007/10/17/oauth-c-very-basic-library/

But they only able to autheticate get data request in case of post they were failing.

Even on OAUTH site they have given only the oAuth class that is not useful in case of authentication.


but at last my hit and trail with this code returend me the solution. that was very silly problem Here is the solution.


function bool Auth(httpRequest request)
{
if (!string.IsNullOrEmpty(request["oauth_signature"]))
{
X509Certificate2 cert = new X509Certificate2(Encoding.ASCII.GetBytes(certificate), "", X509KeyStorageFlags.MachineKeySet);
NameValueCollection queryString = request.QueryString;
string signature = request["oauth_signature"];
Base64Decoder decoder = new Base64Decoder(signature.ToCharArray());

RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
OAuth.OAuthBase asd = Snew OAuth.OAuthBase();
string url = request.Url.ToString();
foreach (string name in request.Form)
url += "&" + name + "=" + request.Form[name];
Uri reqURi = new Uri(url);
string signatureBase = asd.GenerateSignatureBase(reqURi, request["oauth_consumer_key"], "", "",
request.ServerVariables["REQUEST_METHOD"].ToUpper(), request["oauth_timestamp"],
request["oauth_nonce"], request["oauth_signature_method"], out urvl, out urlNPAM);
bool rtn = rsa.VerifyData(
Encoding.ASCII.GetBytes(signatureBase), "SHA1", decoder.GetDecoded());
return rtn;
}
}

2 comments

  1. Mukesh Agarwal // August 7, 2008 at 4:57 AM  

    This Solution specially meant to Authentication of a request which is having data in both url(get), form (post)

  2. hangmidia // September 23, 2008 at 6:17 AM  

    I'm the guy who talked to you in e-mail about the problem in the code.

    I follow your code but the return of the method verifydata is always false.
    Do you have any idea?
    Thanks for your help.

    //orkut app code//

    function makeSignedRequest() {
    var params = {};
    params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED;
    var url = "http://mypage.apporkut.com.br/Default.aspx";
    gadgets.io.makeRequest(url, response, params);
    };

    function init() {
    makeSignedRequest();
    }


    //Asp.net C# Code//

    if (!string.IsNullOrEmpty(Request["oauth_signature"]))
    {

    string certificateValue = @"-----BEGIN CERTIFICATE-----
    MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
    BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
    A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
    bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
    MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
    R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
    BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
    j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
    D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
    eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
    XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
    BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
    MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
    cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
    CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
    GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
    P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
    -----END CERTIFICATE-----";

    X509Certificate2 cert = new X509Certificate2(Encoding.ASCII.GetBytes(certificateValue), "", X509KeyStorageFlags.MachineKeySet);
    System.Collections.Specialized.NameValueCollection queryString = Request.QueryString;
    string signature = Request["oauth_signature"];
    //Base64Decoder decoder = new Base64Decoder(signature.ToCharArray());
    byte[] sign = Convert.FromBase64String(signature);

    String urvl, urlNPAM;

    RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
    OAuth.OAuthBase asd = new OAuth.OAuthBase();
    string url = Request.Url.ToString();
    foreach (string name in Request.Form)
    url += "&" + name + "=" + Request.Form[name];
    Uri reqURi = new Uri(url);
    string signatureBase = asd.GenerateSignatureBase(reqURi, Request["oauth_consumer_key"], "", "",
    Request.ServerVariables["REQUEST_METHOD"].ToUpper(), Request["oauth_timestamp"],
    Request["oauth_nonce"], Request["oauth_signature_method"], out urvl, out urlNPAM);
    bool rtn = rsa.VerifyData(
    Encoding.ASCII.GetBytes(signatureBase), "SHA1", sign);

    Response.Write(rtn);
    }


    Thanks a lot man,

    Mariel

 
Clicky Web Analytics