From last few days I was stucked in a problem during developing an open social app on orkut for my company.
I had to authenticate the oauth request from orkut app in my C# App.
The request was having data both in querystring and post(form) .
Posted many places but not found any exact Solution.
Cople of solutions were there
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23238711.html
http://eran.sandler.co.il/2007/10/17/oauth-c-very-basic-library/
But they only able to autheticate get data request in case of post they were failing.
Even on OAUTH site they have given only the oAuth class that is not useful in case of authentication.
but at last my hit and trail with this code returend me the solution. that was very silly problem Here is the solution.
I had to authenticate the oauth request from orkut app in my C# App.
The request was having data both in querystring and post(form) .
Posted many places but not found any exact Solution.
Cople of solutions were there
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23238711.html
http://eran.sandler.co.il/2007/10/17/oauth-c-very-basic-library/
But they only able to autheticate get data request in case of post they were failing.
Even on OAUTH site they have given only the oAuth class that is not useful in case of authentication.
but at last my hit and trail with this code returend me the solution. that was very silly problem Here is the solution.
function bool Auth(httpRequest request)
{
if (!string.IsNullOrEmpty(request["oauth_signature"]))
{
X509Certificate2 cert = new X509Certificate2(Encoding.ASCII.GetBytes(certificate), "", X509KeyStorageFlags.MachineKeySet);
NameValueCollection queryString = request.QueryString;
string signature = request["oauth_signature"];
Base64Decoder decoder = new Base64Decoder(signature.ToCharArray());
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
OAuth.OAuthBase asd = Snew OAuth.OAuthBase();
string url = request.Url.ToString();
foreach (string name in request.Form)
url += "&" + name + "=" + request.Form[name];
Uri reqURi = new Uri(url);
string signatureBase = asd.GenerateSignatureBase(reqURi, request["oauth_consumer_key"], "", "",
request.ServerVariables["REQUEST_METHOD"].ToUpper(), request["oauth_timestamp"],
request["oauth_nonce"], request["oauth_signature_method"], out urvl, out urlNPAM);
bool rtn = rsa.VerifyData(
Encoding.ASCII.GetBytes(signatureBase), "SHA1", decoder.GetDecoded());
return rtn;
}
}
2 comments:
This Solution specially meant to Authentication of a request which is having data in both url(get), form (post)
I'm the guy who talked to you in e-mail about the problem in the code.
I follow your code but the return of the method verifydata is always false.
Do you have any idea?
Thanks for your help.
//orkut app code//
function makeSignedRequest() {
var params = {};
params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED;
var url = "http://mypage.apporkut.com.br/Default.aspx";
gadgets.io.makeRequest(url, response, params);
};
function init() {
makeSignedRequest();
}
//Asp.net C# Code//
if (!string.IsNullOrEmpty(Request["oauth_signature"]))
{
string certificateValue = @"-----BEGIN CERTIFICATE-----
MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
-----END CERTIFICATE-----";
X509Certificate2 cert = new X509Certificate2(Encoding.ASCII.GetBytes(certificateValue), "", X509KeyStorageFlags.MachineKeySet);
System.Collections.Specialized.NameValueCollection queryString = Request.QueryString;
string signature = Request["oauth_signature"];
//Base64Decoder decoder = new Base64Decoder(signature.ToCharArray());
byte[] sign = Convert.FromBase64String(signature);
String urvl, urlNPAM;
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
OAuth.OAuthBase asd = new OAuth.OAuthBase();
string url = Request.Url.ToString();
foreach (string name in Request.Form)
url += "&" + name + "=" + Request.Form[name];
Uri reqURi = new Uri(url);
string signatureBase = asd.GenerateSignatureBase(reqURi, Request["oauth_consumer_key"], "", "",
Request.ServerVariables["REQUEST_METHOD"].ToUpper(), Request["oauth_timestamp"],
Request["oauth_nonce"], Request["oauth_signature_method"], out urvl, out urlNPAM);
bool rtn = rsa.VerifyData(
Encoding.ASCII.GetBytes(signatureBase), "SHA1", sign);
Response.Write(rtn);
}
Thanks a lot man,
Mariel
Post a Comment