0

我有以下代码调用 OAuth 类的 GenerateSignature 方法

        Uri u = new Uri(urlToCall);
        string url, param;
        HttpWebRequest request = WebRequest.Create("http://localhost/RESTFUL_DEMO.Web/services/Calc.svc/dowork") as HttpWebRequest;    

        string consumerKey = "test";
        string consumerSecret = "Jenish";
        var oAuth = new OAuthBase();
        var nonce = oAuth.GenerateNonce();
        var timestamp = oAuth.GenerateTimeStamp();
        var signature   = oAuth.GenerateSignature(u,consumerKey,consumerSecret,string.Empty,string.Empty,"POST",timestamp,nonce,OAuthBase.SignatureTypes.HMACSHA1,out url, out param);
        WebRequest request = WebRequest.Create(string.Format("{0}?{1}&oauth_signature={2}", urlToCall, param, signature));
        request.Method = "POST";
        Enroll a = new Enroll("2");
        XmlSerializer ser = new XmlSerializer(a.GetType());
        MemoryStream ms = new MemoryStream();
        ser.Serialize(ms, a);
        byte[] bytes = ms.ToArray();
        request.ContentType = "text/xml";
        request.Timeout = 30000;
        request.ContentLength = bytes.Length;
        var requeststream = request.GetRequestStream();
        requeststream.Write(bytes, 0, bytes.Length);
        requeststream.Close();
        WebResponse response = request.GetResponse();
        StreamReader stream = new StreamReader(response.GetResponseStream());

我在我的服务中创建了以下 Authenticate 方法,该方法从传入的请求生成签名

private static bool Authenticate(IncomingWebRequestContext context)
    {
        bool Authenticated = false;
        string normalizedUrl;
        string normalizedRequestParameters;
        //context.Headers
        NameValueCollection pa = context.UriTemplateMatch.QueryParameters;
        if (pa != null && pa["oauth_consumer_key"] != null)
        {
            // to get uri without oauth parameters
            string uri = context.UriTemplateMatch.RequestUri.OriginalString.Replace
                (context.UriTemplateMatch.RequestUri.Query, "");
            string consumersecret = "Jenish";
            OAuthBase oauth = new OAuthBase();
            string hash = oauth.GenerateSignature(
                new Uri(uri),
                pa["oauth_consumer_key"],
                consumersecret,
                null, // totken
                null, //token secret
                "POST",
                pa["oauth_timestamp"],
                pa["oauth_nonce"],
                out normalizedUrl,
                out normalizedRequestParameters
                );
            Authenticated = pa["oauth_signature"] == hash;
        }
        return Authenticated;
    }

上述 Authenticate 方法生成与传入请求参数 pa["oauth_signature"] 不匹配的签名。谁能帮我解决这个问题,让我知道为什么会生成两个不同的签名。

4

1 回答 1

1

我试图通过考虑您的上述代码来复制您的错误,并发现生成的 uri

context.UriTemplateMatch.RequestUri.OriginalString

in Authenticate 方法会生成完全限定机器名的 Uri 而不是 localhost。所以在你的 wcf 消费者端 HttpWebRequest 请求 uri 应该包括完全限定的机器名和域名。

例如,如果您的机器名称是 Jenish-pc 并且域是 abc.efg.com 那么 uri 应该是

http://Jenish-pc.abc.efg.com/[rest of your service path]

代替

http://localhost/....
于 2013-05-02T05:23:11.607 回答