0

我正在尝试使用 OAuth 1.0 来验证我对某些 Web 服务的调用,这是我的 C# 代码:

OAuthBase oauth = new OAuthBase();
string normalizedUrl = String.Empty;
string normalizedqueryparameters = String.Empty;
string finalurl;
string sig;
var MerchantId = "xxxx-xxxx-xxxx-xxxx-xxxx";
var PublicKey = "xx";
var SecreteKey = "xxxxx";
var URL = new Uri("http://www.Server.com/DeveloperAPI/category/" + MerchantId + "/NA");
// token secret
sig = oauth.GenerateSignature(URL, PublicKey, SecreteKey, "", "", "POST", oauth.GenerateTimeStamp(), oauth.GenerateNonce(), out normalizedUrl, out normalizedqueryparameters);
finalurl = string.Format("{0}?{1}&oauth_signature={2}", normalizedUrl, normalizedqueryparameters, oauth.UrlEncode(sig));
string text = string.Empty;
using (var clinet = new HttpClient())
{
      clinet.DefaultRequestHeaders.Add("Accept", "application/Json");
      clinet.DefaultRequestHeaders.Add("Method", "POST");
      using (var response = await clinet.GetAsync(finalurl))
      {
           text = await response.Content.ReadAsStringAsync();
      }
}

我从这里得到了 OAuthBase 类:

http://code.google.com/p/oauth/issues/detail?id=223

使用 Fiddler 的原始 http 请求是这样的:

GET http://www.server.com/DeveloperAPI/category/d8d63626-99d7-4aff-abe7-542ad705d083/CK00001277?oauth_consumer_key=Rxxxx7LO&oauth_nonce=65xxx982&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1345xxxx20&oauth_version=1.0&oauth_signature=PhUxxxxOh%2FzIxCo8A%2BQBNxxxxy7E%3D HTTP/1.1
Accept: application/Json
Method: POST
Host: www.xxxx.com
Proxy-Connection: Keep-Alive

我创建 HTTP 调用对吗?

4

2 回答 2

1

嗯..真的,我会先尝试使用 WireShark 查看 HTTP 请求。例如,有可能在测试服务器上获得一些重定向和额外的初步身份验证 cookie(httpclient 将存储),而在主服务器上 - 您没有,您必须在调用该 sig-generator 之前先获得它们. 查看流量非常容易,它会让您确定差异是在您这边还是在他们这边。有时,当您向 webdevs 提供包含原始数据包的日志文件时,他们会更加健谈 :)

于 2012-08-21T09:16:56.303 回答
1

问题是,当我创建签名时,我传递了“POST”,但调用是“GET”,所以这解决了我的问题:

sig = oauth.GenerateSignature(URL, PublicKey, SecreteKey, "", "", "GET", oauth.GenerateTimeStamp(), oauth.GenerateNonce(), out normalizedUrl, out normalizedqueryparameters);
于 2012-08-21T10:14:10.077 回答