/// <summary> /// Generate the signature base that is used to produce the signature /// </summary> /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param> /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param> /// <param name="parameters"></param> /// <returns>The signature base</returns> internal static string GenerateSignatureBase(string httpMethod, Uri url, NameValueCollection parameters) { // https://tools.ietf.org/html/rfc5849#section-3.4.1.1 var signatureBase = new StringBuilder(); signatureBase.Append(httpMethod.ToRfc3986EncodedString().ToUpperInvariant()).Append('&'); // https://tools.ietf.org/html/rfc5849#section-3.4.1.2 // Exclude the query (query parameters in parameters collection) from the URI var normalizedUrl = $"{url.Scheme.ToLowerInvariant()}://{url.Host.ToLowerInvariant()}"; if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443))) { normalizedUrl += ":" + url.Port; } normalizedUrl += url.AbsolutePath; signatureBase.Append(normalizedUrl.ToRfc3986EncodedString()).Append('&'); // Construct the signature string signatureBase.Append(parameters.ToNormalizedString().ToRfc3986EncodedString()); return signatureBase.ToString(); }
/// <summary> /// Generate the signature base that is used to produce the signature /// </summary> /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param> /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param> /// <param name="parameters"></param> /// <returns>The signature base</returns> public static string GenerateSignatureBase(string httpMethod, Uri url, NameValueCollection parameters) { // RFC 5849 3.4.1.1 var signatureBase = new StringBuilder(); signatureBase.Append(httpMethod.ToRfc3986EncodedString().ToUpperInvariant()).Append('&'); // RFC 5849 3.4.1.2 var normalizedUrl = string.Format("{0}://{1}", url.Scheme.ToLowerInvariant(), url.Host.ToLowerInvariant()); if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443))) { normalizedUrl += ":" + url.Port; } normalizedUrl += url.AbsolutePath; signatureBase.Append(normalizedUrl.ToRfc3986EncodedString()).Append('&'); // Per RFC 5849 3.4.1.3, do not include the OAuth signature or realm in the signature base string var excludedNames = new List<string> {OAuthConstants.SignatureParameter, OAuthConstants.RealmParameter}; // Construct the signature string signatureBase.Append(parameters.ToNormalizedString(excludedNames).ToRfc3986EncodedString()); return signatureBase.ToString(); }