public OAuthRequestToken( string token, string secret, IConsumer consumer, TokenStatus status, OAuthParameters associatedParameters, IIdentity authenticatedUser, string[] roles) : this() { if (string.IsNullOrEmpty(token)) throw new ArgumentException("token must not be null or empty", "token"); if (secret == null) throw new ArgumentNullException("secret", "secret must not be null"); if (consumer == null) throw new ArgumentNullException("consumer", "consumer must not be null"); if (roles == null) throw new ArgumentNullException("roles", "roles must not be null"); this.Token = token; this.Secret = secret; this.Status = status; this.ConsumerKey = consumer.Key; this.AssociatedParameters = associatedParameters; this.AuthenticatedUser = authenticatedUser; this.Roles = roles; }
public object BeforeSendRequest(ref Message request, IClientChannel channel) { HttpRequestMessageProperty httpRequestProperty = request.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; NameValueCollection rawParameters = HttpUtility.ParseQueryString(request.Headers.To.Query); UriBuilder uriBuilder = new UriBuilder(request.Headers.To); uriBuilder.Query = Rfc3986.EncodeAndJoin(rawParameters); request.Headers.To = uriBuilder.Uri; OAuthConsumer consumer = new OAuthConsumer(_credentials.OAuthKey, _credentials.OAuthSecret); int unixTime = UnixTime.ToUnixTime(DateTime.UtcNow); OAuthParameters parameters = new OAuthParameters(); parameters.Version = Constants.Version1_0; parameters.SignatureMethod = "RSA-SHA1"; parameters.ConsumerKey = _credentials.OAuthKey; parameters.Token = _credentials.OAuthToken; parameters.TokenSecret = _credentials.OAuthTokenSecret; parameters.Timestamp = unixTime.ToString(); parameters.Nonce = _nonceProvider.GenerateNonce(unixTime); RsaSha1SigningProvider provider = new RsaSha1SigningProvider(); provider.PfxFile = _credentials.OAuthPfxFile; provider.PfxPassword = _credentials.OAuthPfxPassword; parameters.Sign(request.Headers.To, httpRequestProperty.Method, consumer, null, provider); httpRequestProperty.Headers["Authorization"] = parameters.ToHeaderFormat(); return null; }
public void Test_SignatureCompareWithSpaceInSignature() { OAuthParameters parameters = new OAuthParameters() { ConsumerKey = "key", Nonce = "5b434e59-729a-444b-9a11-2d8e57b1f2fb", SignatureMethod = "HMAC-SHA1", Timestamp = "1251983826", Version = "1.0", Callback = "http://yourownsite.com/" }; string sigbase = SignatureBase.Create( "GET", new Uri("http://localhost:3423/request-token.ashx"), parameters); string consumerSecret = "secret"; string tokenSecret = null; HmacSha1SigningProvider signingProvider = new HmacSha1SigningProvider(); Assert.That(signingProvider.SignatureMethod, Is.EqualTo("HMAC-SHA1")); string hash = signingProvider.ComputeSignature(sigbase, consumerSecret, tokenSecret); Assert.That(hash, Is.EqualTo("zHTiQHg8X5Lpkh+/0MSatKeNEFg=")); Assert.That(signingProvider.CheckSignature(sigbase, Rfc3986.Decode("zHTiQHg8X5Lpkh+/0MSatKeNEFg="), consumerSecret, tokenSecret), "Signature did not match"); }
public void TestCase() { ISigningProvider rsa = new RsaSha1SigningProvider() { // PFX file is copied to output directory PfxFile = @"WikiTests\testcase.rsa.pfx" }; OAuthParameters parameters = new OAuthParameters() { SignatureMethod = "RSA-SHA1", Version = Constants.Version1_0, ConsumerKey = "dpf43f3p2l4k3l03", Timestamp = "1196666512", Nonce = "13917289812797014437" }; parameters.AdditionalParameters.Add("file", "vacaction.jpg"); parameters.AdditionalParameters.Add("size", "original"); Uri baseUri = new Uri("http://photos.example.net/photos"); string sigbase = SignatureBase.Create( "GET", baseUri, parameters); Assert.That(sigbase, Is.EqualTo("GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacaction.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3D13917289812797014437%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1196666512%26oauth_version%3D1.0%26size%3Doriginal")); parameters.Signature = rsa.ComputeSignature(sigbase, "kd94hf93k423kf44", null); Assert.That(parameters.Signature, Is.EqualTo("jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE=")); // There is no point comparing the URLs because order is not query string parameter important in URLs }
public void TestAEqualsB() { OAuthParameters parameters = new OAuthParameters(); parameters.AdditionalParameters.Add("a", "b"); Assert.That(parameters.ToNormalizedString(), Is.EqualTo("a=b")); }
private string ToBaseString(Request request, OAuthParameters parameters) { if (String.IsNullOrEmpty(request.ContentType)) throw new ArgumentException( "It should really specify the content type otherwise we can't " + "decide whether or not to include parameters in signature.", "request" ); // TODO: Perhaps this class should be collecting the parameters from the URI // // http://oauth.net/core/1.0/#anchor14 9.1.1 // The request parameters are collected, sorted and concatenated into a normalized string: // // Parameters in the OAuth HTTP Authorization header excluding the realm parameter. // Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded). // HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3). // [2011-07-08, BJB]: This implies we ought to be collecting them all. // The request contains all of this stuff - it's just that we're treating URI and // parameters separately further up. // You can tell if there is a body or not by checking the existence of Content-length -- but our // requests are not fully-formed enough -- we don't have concept of body. un.less(() => ParameterInclusionPolicy.IncludeParameters(request), () => parameters.AdditionalParameters.Clear() ); return SignatureBase.Create(request.RequestLine.Verb, request.RequestLine.Uri, parameters); }
private HttpWebRequest GenerateRequest(string contentType, string requestMethod) { var ts = UnixTime.ToUnixTime(DateTime.Now); //Create the needed OAuth Parameters. //Refer - http://oauth.net/core/1.0/#sig_base_example var param = new OAuthParameters() { ConsumerKey = _consumerKey, SignatureMethod = SigningProvider.SignatureMethod, Version = Constants.Version1_0, Nonce = NonceProvider.GenerateNonce(ts), Timestamp = ts.ToString(), }; //Generate Signature Hash var signatureBase = SignatureBase.Create(requestMethod.ToUpper(), _serviceProviderUri, param); //Set Signature Hash as one of the OAuth Parameter param.Signature = SigningProvider.ComputeSignature(signatureBase, _consumerSecret, null); var httpWebRequest = (HttpWebRequest)WebRequest.Create(_serviceProviderUri); httpWebRequest.Method = requestMethod; httpWebRequest.ContentType = contentType; httpWebRequest.Timeout = RequestTimeOut; //Add the OAuth Parameters to Authorization Header of Request httpWebRequest.Headers.Add(Constants.AuthorizationHeaderParameter, param.ToHeaderFormat()); return httpWebRequest; }
public void TestAEqualsXBangYAndAEqualsXSpaceY() { OAuthParameters parameters = new OAuthParameters(); parameters.AdditionalParameters.Add("a", "x!y"); parameters.AdditionalParameters.Add("a", "x y"); Assert.That(parameters.ToNormalizedString(), Is.EqualTo("a=x%20y&a=x%21y")); }
public void TestNameParamNoValue() { OAuthParameters parameters = new OAuthParameters(); // NB: HttpRequest parses "name=" as { "name", string.Empty } parameters.AdditionalParameters.Add("name", string.Empty); Assert.That(parameters.ToNormalizedString(), Is.EqualTo("name=")); }
public void TestGetHttpExampleDotComWithSlashWithNEqualsV() { OAuthParameters parameters = new OAuthParameters(); parameters.AdditionalParameters.Add("n", "v"); Assert.That( SignatureBase.Create("GET", new Uri("http://example.com/"), parameters), Is.EqualTo("GET&http%3A%2F%2Fexample.com%2F&n%3Dv")); }
public String Sign( Request request, String consumerSecret, String tokenSecret, OAuthParameters parameters ) { var baseString = ToBaseString(request, parameters); return new HmacSha1SigningProvider().ComputeSignature(baseString, consumerSecret, tokenSecret); }
/// <summary> /// Create a new request token /// </summary> /// <param name="consumer">The consumer for whom the token is to be created</param> /// <param name="parameters">The parameters that were sent in the request that /// created this token (both OAuth and additional parameters).</param> /// <returns>A request token</returns> public virtual IRequestToken CreateRequestToken(IConsumer consumer, OAuthParameters parameters) { return new OAuthRequestToken( GuidHelper.CreateGuid().ToString("D"), GuidHelper.CreateGuid().ToString("D"), consumer, TokenStatus.Unauthorized, parameters, null, new string[] { }); }
public OAuthParameters Clone() { var clone = new OAuthParameters(); foreach (KeyValuePair <string, string> item in this.parameters) { clone.parameters[item.Key] = item.Value; } clone.AdditionalParameters = new NameValueCollection(this.AdditionalParameters); return(clone); }
private String Sign( Request request, CredentialSet credentials, OAuthParameters parameters ) { return new MadgexSignature().Sign( request, credentials.Consumer.Secret, credentials.Token.Secret, parameters ); }
public void TestPostHttpsPhotosDotExampleDotNetSlashRequestUnderscoreTokenWithOAuthParameters() { OAuthParameters parameters = new OAuthParameters() { Version = Constants.Version1_0, ConsumerKey = "dpf43f3p2l4k3l03", Timestamp = "1191242090", Nonce = "hsu94j3884jdopsl", SignatureMethod = "PLAINTEXT", Signature = "ignored" }; Assert.That( SignatureBase.Create("POST", new Uri("https://photos.example.net/request_token"), parameters), Is.EqualTo("POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0")); }
/// <summary> /// Parses the OAuth parameters from a HttpWebResponse. /// </summary> /// <param name="response">The Http response</param> /// <returns> /// An OAuthParameters object containing the parsed reserved OAuth parameters and any additional, valid parameters.</returns> public static OAuthParameters Parse(HttpWebResponse response) { if (response == null) { return(null); } NameValueCollection bodyParams = new NameValueCollection(); using (MemoryStream ms = new MemoryStream()) { System.IO.Stream stream = response.GetResponseStream(); byte[] buffer = new byte[32768]; int read; while ((read = stream.Read(buffer, 0, buffer.Length)) > 0) { ms.Write(buffer, 0, read); } Encoding bodyEncoding = Encoding.ASCII; if (!String.IsNullOrEmpty(response.ContentEncoding)) { bodyEncoding = Encoding.GetEncoding(response.ContentEncoding); } string responseBody = bodyEncoding.GetString(ms.ToArray()); string[] nameValuePairs = responseBody.Split(new char[] { '&' }, StringSplitOptions.RemoveEmptyEntries); foreach (string nameValuePair in nameValuePairs) { string[] nameValuePairParts = nameValuePair.Split(new char[] { '=' }, StringSplitOptions.RemoveEmptyEntries); if (nameValuePairParts.Length == 2) { bodyParams.Add(HttpUtility.UrlDecode(nameValuePairParts[0]), HttpUtility.UrlDecode(nameValuePairParts[1])); } } if (bodyParams.Count == 0 && responseBody.Trim().Length > 0) { bodyParams.Add(OAuthRequestExceptionParameters.Problem, responseBody); } } return(OAuthParameters.DoParse(null, response.Headers[Constants.WwwAuthenticateHeaderParameter], bodyParams, null, OAuthParameterSources.ConsumerDefault, false)); }
public static string Create(string httpMethod, Uri requestUrl, OAuthParameters parameters) { StringBuilder sigbase = new StringBuilder(); // Http header sigbase.Append(Rfc3986.Encode(httpMethod)).Append("&"); // Normalized request URL sigbase.Append(Rfc3986.Encode(requestUrl.Scheme)); sigbase.Append(Rfc3986.Encode("://")); sigbase.Append(Rfc3986.Encode(requestUrl.Authority.ToLowerInvariant())); sigbase.Append(Rfc3986.Encode(requestUrl.AbsolutePath)); sigbase.Append("&"); // Normalized parameters sigbase.Append(Rfc3986.Encode(parameters.ToNormalizedString( Constants.RealmParameter, Constants.SignatureParameter, Constants.TokenSecretParameter))); return sigbase.ToString(); }
public static string Create(string httpMethod, Uri requestUrl, OAuthParameters parameters) { StringBuilder sigbase = new StringBuilder(); // Http header sigbase.Append(Rfc3986.Encode(httpMethod)).Append("&"); // Normalized request URL sigbase.Append(Rfc3986.Encode(requestUrl.Scheme)); sigbase.Append(Rfc3986.Encode("://")); sigbase.Append(Rfc3986.Encode(requestUrl.Authority.ToLowerInvariant())); sigbase.Append(Rfc3986.Encode(requestUrl.AbsolutePath)); sigbase.Append("&"); // Normalized parameters sigbase.Append(Rfc3986.Encode(parameters.ToNormalizedString( Constants.RealmParameter, Constants.SignatureParameter, Constants.TokenSecretParameter))); return(sigbase.ToString()); }
public Uri BuildRequestTokenUri() { int timestamp = UnixTime.ToUnixTime(DateTime.Now); OAuthParameters parameters = new OAuthParameters(); parameters.ConsumerKey = ConsumerStore.FixedConsumer.Key; parameters.Nonce = new GuidNonceProvider().GenerateNonce(timestamp); parameters.SignatureMethod = "HMAC-SHA1"; parameters.Timestamp = timestamp.ToString(CultureInfo.InvariantCulture); parameters.Version = "1.0"; parameters.Callback = "http://yourownsite.com/"; parameters.Signature = ServiceProviderContext.GetSigningProvider("HMAC-SHA1").ComputeSignature( SignatureBase.Create("GET", this.RequestTokenBaseUri, parameters), ConsumerStore.FixedConsumer.Secret, null); UriBuilder builder = new UriBuilder(this.RequestTokenBaseUri) { Query = parameters.ToQueryStringFormat() }; return builder.Uri; }
public void TestXBangYEqualsAAndXEqualsA() { OAuthParameters parameters = new OAuthParameters(); parameters.AdditionalParameters.Add("x!y", "a"); parameters.AdditionalParameters.Add("x", "a"); Assert.That(parameters.ToNormalizedString(), Is.EqualTo("x=a&x%21y=a")); }
public void TestGetHttpPhotosDotExampleDotNetSlashPhotosWithOAuthParametersAndFileEqualsVacationDotJpgAndSizeEqualsOriginal() { OAuthParameters parameters = new OAuthParameters() { Version = Constants.Version1_0, ConsumerKey = "dpf43f3p2l4k3l03", Token = "nnch734d00sl2jdk", Timestamp = "1191242096", Nonce = "kllo9940pd9333jh", SignatureMethod = "HMAC-SHA1", Signature = "ignored" }; parameters.AdditionalParameters.Add("file", "vacation.jpg"); parameters.AdditionalParameters.Add("size", "original"); Assert.That( SignatureBase.Create("GET", new Uri("http://photos.example.net/photos"), parameters), Is.EqualTo("GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal")); }
public void Test_FunnyCharacters() { OAuthParameters parameters = new OAuthParameters() { ConsumerKey = "weitu.googlepages.com", Nonce = "face868c-04a9-4e75-9534-0b58616c351c", SignatureMethod = "RSA-SHA1", Timestamp = "1213351382", Token = "1/rTf4q3P05rP2xv2xP1ls8mATiaQZnWPB51nTvo8n9Sw", Version = "1.0" }; string basesig = SignatureBase.Create( "GET", new Uri("http://www.google.com/m8/feeds/contacts/default/base"), parameters); Assert.That(basesig, Is.EqualTo("GET&http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2Fcontacts%2Fdefault%2Fbase&oauth_consumer_key%3Dweitu.googlepages.com%26oauth_nonce%3Dface868c-04a9-4e75-9534-0b58616c351c%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1213351382%26oauth_token%3D1%252FrTf4q3P05rP2xv2xP1ls8mATiaQZnWPB51nTvo8n9Sw%26oauth_version%3D1.0")); }
public OAuthParameters Clone() { var clone = new OAuthParameters(); foreach (KeyValuePair<string, string> item in this.parameters) clone.parameters[item.Key] = item.Value; clone.AdditionalParameters = new NameValueCollection(this.AdditionalParameters); return clone; }
protected virtual void SignParameters(Uri requestUri, string httpMethod, OAuthParameters authParameters, IToken token) { // Check there is a signing provider for the signature method ISigningProvider signingProvider = this.Service.ComponentLocator.GetInstance<ISigningProvider>(Constants.SigningProviderIdPrefix + this.Service.SignatureMethod); if (signingProvider == null) { // There is no signing provider for this signature method OAuthRequestException.ThrowSignatureMethodRejected(null); } // Double check the signing provider declares that it can handle the signature method if (!signingProvider.SignatureMethod.Equals(this.Service.SignatureMethod)) OAuthRequestException.ThrowSignatureMethodRejected(null); // Compute the signature authParameters.Sign(requestUri, httpMethod, this.Service.Consumer, token, signingProvider); }
public IRequestToken CreateRequestToken(IConsumer consumer, OAuthParameters parameters) { return TokenGenerator.FixedRequestToken; }
/// <summary> /// /// </summary> /// <param name="requestUri"></param> /// <param name="authParameters"></param> /// <param name="httpMethod"></param> /// <param name="contentType"></param> /// <param name="bodyStream"></param> /// <returns></returns> protected virtual HttpWebRequest CreateRequest(Uri requestUri, OAuthParameters authParameters, string httpMethod, string contentType, System.IO.Stream bodyStream) { NameValueCollection requestSpecificParameters = new NameValueCollection(authParameters.AdditionalParameters); if (!this.Service.UseAuthorizationHeader) { ////The OAuth params need to be added either into the querystring or into the post body. requestSpecificParameters.Add(authParameters.OAuthRequestParams()); } if (Constants.HttpPostUrlEncodedContentTypeRegex.IsMatch(contentType) && bodyStream == null) { ////All the requestSpecificParameters need to be encoded into the body bytes string body = Rfc3986.EncodeAndJoin(requestSpecificParameters); bodyStream = new MemoryStream(Encoding.ASCII.GetBytes(body)); } else { ////They go into the querystring. string query = Rfc3986.EncodeAndJoin(requestSpecificParameters); if (!string.IsNullOrEmpty(query)) { UriBuilder mutableRequestUri = new UriBuilder(requestUri); if (string.IsNullOrEmpty(mutableRequestUri.Query)) mutableRequestUri.Query = query; else mutableRequestUri.Query = mutableRequestUri.Query.Substring(1) + "&" + query; requestUri = mutableRequestUri.Uri; } } HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(requestUri); request.Method = httpMethod; if (this.Service.UseAuthorizationHeader) request.Headers.Add(HttpRequestHeader.Authorization, authParameters.ToHeaderFormat()); if (!String.IsNullOrEmpty(contentType)) { request.ContentType = contentType; if (bodyStream != null) { if (bodyStream.CanSeek) request.ContentLength = bodyStream.Length; StreamCopier.CopyTo(bodyStream, request.GetRequestStream()); } } return request; }
private OAuthParameters CreateOAuthParameters(NameValueCollection additionalParameters) { int timestamp = UnixTime.ToUnixTime(DateTime.Now); OAuthParameters authParameters = new OAuthParameters() { ConsumerKey = this.Service.Consumer.Key, Realm = this.Service.Realm, SignatureMethod = this.Service.SignatureMethod, Timestamp = timestamp.ToString(CultureInfo.InvariantCulture), Nonce = this.Service.ComponentLocator.GetInstance<INonceProvider>().GenerateNonce(timestamp), Version = this.Service.OAuthVersion }; if (additionalParameters != null && additionalParameters.Count > 0) authParameters.AdditionalParameters.Add(additionalParameters); return authParameters; }
/// <summary> /// Parses the OAuth parameters from a NameValueCollection /// </summary> /// <param name="parameterCollection">the NameValueCollection</param> /// <returns> /// An OAuthParameters object containing the parsed reserved OAuth parameters and any additional, valid parameters.</returns> public static OAuthParameters Parse(NameValueCollection parameterCollection) { return(OAuthParameters.DoParse(null, null, parameterCollection, null, OAuthParameterSources.HttpPostBody, true)); }
//// TODO: ThrowAdditionalAuthorizationRequired //// TODO: ThrowPermissionUnknown //// TODO: ThrowPermissionDenied //// TODO: ThrowUserRefused /// <summary> /// Tries to parse an OAuthRequestException from some OAuth parameters. If an exception /// is indicated, the exception will be re-thrown. /// </summary> /// /// <remarks> /// <para> /// If no exception is indicated, this method will return without throwing. /// </para> /// /// <para> /// This will handle future <a href="http://wiki.oauth.net/ProblemReporting">Problem /// Reporting</a> problem types, but not future additional parameters. /// </para> /// </remarks> /// /// <example> /// This example shows how to rethrow an OAuth exception transmitted in a HTTP response. /// /// <code lang="C#" numberLines="true"> /// HttpWebResponse response = (HttpWebResponse)request.GetResponse(); /// OAuthParameters responseParameters = OAuthParameters.Parse(response); /// OAuthRequestException.TryRethrow(responseParameters); /// </code> /// </example> /// /// <param name="parameters">The OAuth parameters</param> /// /// <exception cref="OAuth.Net.Common.OAuthRequestException"> /// If the OAuth parameters indicate an OAuth exception /// </exception> public static void TryRethrow(OAuthParameters parameters) { if (parameters == null || parameters.AdditionalParameters == null) return; if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem])) { OAuthRequestException ex = new OAuthRequestException() { Problem = parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem], Advice = parameters.AdditionalParameters[OAuthRequestExceptionParameters.ProblemAdvice], Source = OAuthRequestExceptionSources.Remote }; // Load additional parameter for specific types switch (parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem]) { case OAuthRequestExceptionProblemTypes.VersionRejected: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableVersions])) ex.AdditionalParameter = new KeyValuePair<string, string>( OAuthRequestExceptionParameters.AcceptableVersions, parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableVersions]); break; case OAuthRequestExceptionProblemTypes.ParameterAbsent: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersAbsent])) ex.AdditionalParameter = new KeyValuePair<string, string>( OAuthRequestExceptionParameters.ParametersAbsent, parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersAbsent]); break; case OAuthRequestExceptionProblemTypes.ParameterRejected: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersRejected])) ex.AdditionalParameter = new KeyValuePair<string, string>( OAuthRequestExceptionParameters.ParametersRejected, parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersRejected]); break; case OAuthRequestExceptionProblemTypes.TimestampRefused: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableTimestamps])) ex.AdditionalParameter = new KeyValuePair<string, string>( OAuthRequestExceptionParameters.AcceptableTimestamps, parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableTimestamps]); break; } // Throw the OAuthRequestException throw ex; } }
/// <summary> /// 作者:Vincen /// 时间:2013.11.18 AM /// 描述:获取MC访问密钥(Token) /// </summary> /// <param name="type">用户类型(1:教师 2:学员 3:管理员)</param> /// <param name="userId">用户编号</param> /// <param name="userName">用户名称(一般为英文名)</param> /// <returns></returns> public static string GetMcToken(string type, string userId, string userName) { IConsumer fixedConsumer = new OAuthConsumer(WebCommon.Global.McKey, WebCommon.Global.McSecret, "METEN", ConsumerStatus.Valid); var timestamp = UnixTime.ToUnixTime(DateTime.Now); var uri = new Uri(WebCommon.Global.McAuthenticateUrl); var parameters = new OAuthParameters() { ConsumerKey = fixedConsumer.Key, Nonce = new GuidNonceProvider().GenerateNonce(timestamp), SignatureMethod = "HMAC-SHA1", Timestamp = timestamp.ToString(CultureInfo.InvariantCulture), Version = "1.0" }; //--自定义参数 parameters.AdditionalParameters.Add("user", userId); parameters.AdditionalParameters.Add("username", userName); switch (type) { case "1"://教师 parameters.AdditionalParameters.Add("teacher", "true"); break; case "2"://学员 break; case "3"://管理员 parameters.AdditionalParameters.Add("admin", "true"); break; } //--自定义参数 //parameters.Signature = ServiceProviderContext.GetSigningProvider("HMAC-SHA1").ComputeSignature(SignatureBase.Create("GET", uri, parameters), fixedConsumer.Secret, null); var builder = new UriBuilder(uri) { Query = parameters.ToQueryStringFormat() }; var token = string.Empty; var webRequest = WebRequest.Create(builder.Uri) as HttpWebRequest; if (null != webRequest) { webRequest.ServicePoint.Expect100Continue = false; using (var stream = webRequest.GetResponse().GetResponseStream()) { if (null != stream) { using (var responseReader = new StreamReader(stream)) { var responseData = responseReader.ReadToEnd(); XDocument xdoc = XDocument.Parse(responseData); var query = from n in xdoc.Descendants("token") select n; token = query.First().Value; } } } } return token; }
public Uri BuildEchoCallUri(params KeyValuePair<string, string>[] pairs) { int timestamp = UnixTime.ToUnixTime(DateTime.Now); OAuthParameters parameters = new OAuthParameters(); parameters.ConsumerKey = ConsumerStore.FixedConsumer.Key; parameters.Nonce = new GuidNonceProvider().GenerateNonce(timestamp); parameters.SignatureMethod = "HMAC-SHA1"; parameters.Timestamp = timestamp.ToString(CultureInfo.InvariantCulture); parameters.Version = "1.0"; parameters.Token = TokenGenerator.FixedAccessToken.Token; foreach (KeyValuePair<string, string> pair in pairs) parameters.AdditionalParameters.Add(pair.Key, pair.Value); parameters.Signature = ServiceProviderContext.GetSigningProvider("HMAC-SHA1").ComputeSignature( SignatureBase.Create("GET", this.EchoApiBaseUri, parameters), ConsumerStore.FixedConsumer.Secret, TokenGenerator.FixedAccessToken.Secret); UriBuilder builder = new UriBuilder(this.EchoApiBaseUri) { Query = parameters.ToQueryStringFormat() }; return builder.Uri; }
private OAuthParameters ToParameters(Request request, CredentialSet credentials) { var options = Options.Default; var parameters = new OAuthParameters { ConsumerKey = credentials.Consumer.Key, Timestamp = NewTimestamp, Nonce = NewNonce, SignatureMethod = options.SignatureMethod, Version = options.Version.ToString() }; parameters.AdditionalParameters.Add(CollectAllParameters(request)); un.less(String.IsNullOrEmpty(credentials.Token.Key), () => parameters.Token = credentials.Token.Key ); return parameters; }
/// <summary> /// Parses the OAuth parameters from the HTTP request, sourcing /// parameters from all 3 of: /// <list> /// <item>The HTTP Authorization header, if present</item> /// <item>The POST body, if present and if the content-type is /// <c>application/x-www-form-urlencoded</c></item> /// <item>The query string, if present</item> /// </list> /// TODO: Mention validation /// </summary> /// /// <param name="request">The HTTP request</param> /// /// <returns> /// An OAuthParameters object containing the parsed reserved OAuth /// parameters and any additional, valid parameters /// </returns> public static OAuthParameters Parse(HttpRequest request) { return(OAuthParameters.Parse(request, OAuthParameterSources.ServiceProviderDefault)); }
public Uri BuildAuthorizationUrl( IToken token, NameValueCollection additionalParameters) { if (token.Type == TokenType.Request) { OAuthParameters authParameters = new OAuthParameters() { Token = token.Token }; if (additionalParameters != null) authParameters.AdditionalParameters.Add(additionalParameters); // Construct final authorization Uri (HTTP method must be GET) string query = authParameters.ToQueryStringFormat(); UriBuilder authUri = new UriBuilder(this.AuthorizationUrl); if (String.IsNullOrEmpty(authUri.Query)) authUri.Query = query; else authUri.Query = authUri.Query.Substring(1) + "&" + query; return authUri.Uri; } else throw new ArgumentException("Invalid token type for Authorization"); }
/// <summary> /// Parses the OAuth parameters from the HTTP request, sourcing /// parameters from the sources specified by <paramref name="sources"/>. /// /// TODO: Mention validation /// </summary> /// /// <param name="request">The HTTP request</param> /// <param name="sources">The sources to collate parameters from /// (must not be <c>OAuthParameterSources.None</c>)</param> /// /// <returns> /// An OAuthParameters object containing the parsed reserved OAuth /// parameters and any additional, valid parameters /// </returns> public static OAuthParameters Parse(HttpRequest request, OAuthParameterSources sources) { return(OAuthParameters.DoParse(request.Headers[Constants.AuthorizationHeaderParameter], request.Headers[Constants.WwwAuthenticateHeaderParameter], request.Form, request.QueryString, sources, true)); }
public void TestConsumerRequestSignature() { OAuthService service = OAuthService.Create( new EndPoint("http://example.com/request_token"), new Uri("http://example.com/authorize"), new EndPoint("http://example.com/access_token"), new MockConsumer() { Key = "dpf43f3p2l4k3l03", Secret = "kd94hf93k423kf44", Status = ConsumerStatus.Valid }); OAuthRequest consumerRequest = OAuthConsumerRequest.Create( new EndPoint("http://provider.example.net/profile", "GET"), service); OAuthParameters authParameters = new OAuthParameters() { ConsumerKey = service.Consumer.Key, Realm = service.Realm, SignatureMethod = service.SignatureMethod, Timestamp = "1191242096", Nonce = "kllo9940pd9333jh", Version = service.OAuthVersion }; Assert.AreEqual( SignatureBase.Create(consumerRequest.ResourceEndPoint.HttpMethod, consumerRequest.ResourceEndPoint.Uri, authParameters), "GET&http%3A%2F%2Fprovider.example.net%2Fprofile&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_version%3D1.0"); authParameters.Sign(consumerRequest.ResourceEndPoint.Uri, consumerRequest.ResourceEndPoint.HttpMethod, service.Consumer, consumerRequest.RequestToken, new OAuth.Net.Components.HmacSha1SigningProvider()); Assert.AreEqual( authParameters.Signature, "SGtGiOrgTGF5Dd4RUMguopweOSU="); }
//// TODO: ThrowAdditionalAuthorizationRequired //// TODO: ThrowPermissionUnknown //// TODO: ThrowPermissionDenied //// TODO: ThrowUserRefused /// <summary> /// Tries to parse an OAuthRequestException from some OAuth parameters. If an exception /// is indicated, the exception will be re-thrown. /// </summary> /// /// <remarks> /// <para> /// If no exception is indicated, this method will return without throwing. /// </para> /// /// <para> /// This will handle future <a href="http://wiki.oauth.net/ProblemReporting">Problem /// Reporting</a> problem types, but not future additional parameters. /// </para> /// </remarks> /// /// <example> /// This example shows how to rethrow an OAuth exception transmitted in a HTTP response. /// /// <code lang="C#" numberLines="true"> /// HttpWebResponse response = (HttpWebResponse)request.GetResponse(); /// OAuthParameters responseParameters = OAuthParameters.Parse(response); /// OAuthRequestException.TryRethrow(responseParameters); /// </code> /// </example> /// /// <param name="parameters">The OAuth parameters</param> /// /// <exception cref="OAuth.Net.Common.OAuthRequestException"> /// If the OAuth parameters indicate an OAuth exception /// </exception> public static void TryRethrow(OAuthParameters parameters) { if (parameters == null || parameters.AdditionalParameters == null) { return; } if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem])) { OAuthRequestException ex = new OAuthRequestException() { Problem = parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem], Advice = parameters.AdditionalParameters[OAuthRequestExceptionParameters.ProblemAdvice], Source = OAuthRequestExceptionSources.Remote }; // Load additional parameter for specific types switch (parameters.AdditionalParameters[OAuthRequestExceptionParameters.Problem]) { case OAuthRequestExceptionProblemTypes.VersionRejected: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableVersions])) { ex.AdditionalParameter = new KeyValuePair <string, string>( OAuthRequestExceptionParameters.AcceptableVersions, parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableVersions]); } break; case OAuthRequestExceptionProblemTypes.ParameterAbsent: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersAbsent])) { ex.AdditionalParameter = new KeyValuePair <string, string>( OAuthRequestExceptionParameters.ParametersAbsent, parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersAbsent]); } break; case OAuthRequestExceptionProblemTypes.ParameterRejected: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersRejected])) { ex.AdditionalParameter = new KeyValuePair <string, string>( OAuthRequestExceptionParameters.ParametersRejected, parameters.AdditionalParameters[OAuthRequestExceptionParameters.ParametersRejected]); } break; case OAuthRequestExceptionProblemTypes.TimestampRefused: if (!string.IsNullOrEmpty(parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableTimestamps])) { ex.AdditionalParameter = new KeyValuePair <string, string>( OAuthRequestExceptionParameters.AcceptableTimestamps, parameters.AdditionalParameters[OAuthRequestExceptionParameters.AcceptableTimestamps]); } break; } // Throw the OAuthRequestException throw ex; } }