我正在尝试使用 Vimeo API,但在生成签名时遇到了一些问题......
基本上我有这门课
public class OAuthParameters
{
public string RedirectUrl { get; set; }
public string ClientId { get; set; }
public string ClientSecret { get; set; }
protected string NormalizeParameters(SortedDictionary<string, string> parameters)
{
StringBuilder sb = new StringBuilder();
var i = 0;
foreach (var parameter in parameters)
{
if (i > 0)
sb.Append("&");
sb.AppendFormat("{0}={1}", parameter.Key, parameter.Value);
i++;
}
return sb.ToString();
}
private string GenerateBase(string nonce, string timeStamp, Uri url)
{
var parameters = new SortedDictionary<string, string>
{
{"oauth_consumer_key", ClientId},
{"oauth_signature_method", "HMAC-SHA1"},
{"oauth_timestamp", timeStamp},
{"oauth_nonce", nonce},
{"oauth_version", "1.0"}
};
var sb = new StringBuilder();
sb.Append("GET");
sb.Append("&" + Uri.EscapeDataString(url.AbsoluteUri));
sb.Append("&" + Uri.EscapeDataString(NormalizeParameters(parameters)));
return sb.ToString();
}
public string GenerateSignature(string nonce, string timeStamp, Uri url)
{
var signatureBase = GenerateBase(nonce, timeStamp, url);
var signatureKey = string.Format("{0}&{1}", ClientId, "");
var hmac = new HMACSHA1(Encoding.ASCII.GetBytes(signatureKey));
return Convert.ToBase64String(hmac.ComputeHash(new ASCIIEncoding().GetBytes(signatureBase)));
}
}
调用它的代码在另一个类中,它有这个方法
public string GetAuthorizationUrl(string Url)
{
var sb = new StringBuilder();
var nonce = Guid.NewGuid().ToString();
var timeStamp = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds.ToString();
var signature = parameters.GenerateSignature(nonce, timeStamp, new Uri(Url));
sb.Append(GenerateQueryStringOperator(sb.ToString()) + "oauth_consumer_key=" + Uri.EscapeDataString(parameters.ClientId));
sb.Append("&oauth_nonce=" + Uri.EscapeDataString(nonce));
sb.Append("&oauth_timestamp=" + Uri.EscapeDataString(timeStamp));
sb.Append("&oauth_signature_method=" + Uri.EscapeDataString("HMAC-SHA1"));
sb.Append("&oauth_version=" + Uri.EscapeDataString("1.0"));
sb.Append("&oauth_signature=" + Uri.EscapeDataString(signature));
return Url + sb.ToString();
}
private string GenerateQueryStringOperator(string currentUrl)
{
if (currentUrl.Contains("?"))
return "&";
else
return "?";
}
我传递的 URL(获取我的身份验证令牌)是https://vimeo.com/oauth/request_token但每当我调用它时,我都会收到一条错误消息
401 Unauthorized - Invalid signature - The oauth_signature passed was not valid.
这让我发疯了。我看不出是什么导致了这个问题。
如果有人可以给我一些帮助,那就太好了。
更新 1
有人说使用 Uri.EscapeDataString 不是编码我的字符串的正确方法。我在移动 EscapeDataString 之前使用了这个函数:
protected string UrlEncode(string unencodedString)
{
var encodedString = new StringBuilder();
var unreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~";
foreach (char symbol in unencodedString)
if (unreservedChars.IndexOf(symbol) != -1)
encodedString.Append(symbol);
else
encodedString.Append('%' + String.Format("{0:X2}", (int)symbol));
return encodedString.ToString();
}
但这仍然无济于事。同样使用http://hueniverse.com/oauth/guide/authentication/并没有提供任何关于导致我的问题的见解:(
更新 2
所以,我通过hueniverse运行代码,发现我的时间戳不准确(它有小数位)所以我改变了使用这个函数生成时间戳的方式:
public string GenerateTimeStamp()
{
TimeSpan ts = DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, 0));
string timeStamp = ts.TotalSeconds.ToString();
timeStamp = timeStamp.Substring(0, timeStamp.IndexOf("."));
return timeStamp;
}
所以现在当我查看我的基本签名时,我得到:
POST&https%3A%2F%2Fvimeo.com%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dmykey%26oauth_nonce%3D66c80d6b-9ff6-404b-981b-56f40f356a31%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1370444366%26oauth_token%3D%26oauth_version%3D1.0
如果我将它与从hueniverse生成的比较,它会生成:
POST&https%3A%2F%2Fvimeo.com%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dmykey%26oauth_nonce%3D00b81872-688b-4184-a978-206e5fbcc531%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1370446860%26oauth_token%3D%26oauth_version%3D1.0
如果生成的字符串的长度可以通过,那么它们是精确的。我的下一个测试是创建完全相同的时间戳,并查看它们是否生成相同的签名......