vb.net - vb.net 中的 Httpwebrequest 标头格式

Question

我有一个应用程序使用用户名和密码进行身份验证以连接到网络套件。网络套件的身份验证方法已更改为令牌库。在查看了 25 种不同的可能解决方案后，我得到了 401 错误。这是我的代码：授权类型 OAuth 1.0

Dim oauth_token = "xx"
        Dim oauth_token_secret = "xx"
        Dim oauth_consumer_key = "xx"
        Dim oauth_consumer_secret = "xx"
        Dim oauth_version = "1.0"
        Dim oauth_signature_method = "HMAC-SHA1"
        Dim oauth_nonce = Convert.ToBase64String(New ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()))
        Dim timeSpan = DateTime.UtcNow - New DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)
        Dim oauth_timestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString()
        Dim resource_url = "https://646033-sb3.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=x&deploy=x"
          Dim baseFormat = "oauth_consumer_key={0}&oauth_nonce={1}&oauth_signature_method={2}" & "&oauth_timestamp={3}&oauth_token={4}&oauth_version={5}"
        Dim baseString = String.Format(baseFormat, oauth_consumer_key, oauth_nonce, oauth_signature_method, oauth_timestamp, oauth_token, oauth_version)

        baseString = String.Concat("PUT&", Uri.EscapeDataString(resource_url), "&", Uri.EscapeDataString(baseString))

        Dim compositeKey = String.Concat(Uri.EscapeDataString(oauth_consumer_secret), "&", Uri.EscapeDataString(oauth_token_secret))

        Dim oauth_signature As String
        Using hasher As New HMACSHA1(ASCIIEncoding.ASCII.GetBytes(compositeKey))
            oauth_signature = Convert.ToBase64String(hasher.ComputeHash(ASCIIEncoding.ASCII.GetBytes(baseString)))
        End Using

        'Dim headerFormat = "OAuth oauth_signature_method=""{0}"", " + "oauth_consumer_key=""{1}"", " + "oauth_token=""{2}"", oauth_signature=""{3}"", " + "oauth_version=""{4}"""

        Dim headerFormat = "OAuth oauth_nonce=""{0}"", oauth_signature_method=""{1}"", " & "oauth_timestamp=""{2}"", oauth_consumer_key=""{3}"", " & "oauth_token=""{4}"", oauth_signature=""{5}"", " & "oauth_version=""{6}"""

        'Dim authHeader = String.Format(headerFormat, Uri.EscapeDataString(oauth_signature_method), Uri.EscapeDataString(oauth_consumer_key), Uri.EscapeDataString(oauth_token),
        'Uri.EscapeDataString(oauth_signature), Uri.EscapeDataString(oauth_version))

        Dim authHeader = String.Format(headerFormat, Uri.EscapeDataString(oauth_nonce), Uri.EscapeDataString(oauth_signature_method), Uri.EscapeDataString(oauth_timestamp), Uri.EscapeDataString(oauth_consumer_key), Uri.EscapeDataString(oauth_token), Uri.EscapeDataString(oauth_signature), Uri.EscapeDataString(oauth_version))
        '****************************************************************************************************************************
        Dim Request As HttpWebRequest = WebRequest.Create("https://646033-sb3.restlets.api.netsuite.com/app/site/hosting/restlet.nl?script=1072&deploy=1")
        Request.Headers.Add("Authorization", authHeader)
        Request.ContentType = "application/json"
        Request.Method = "PUT"

        Using streamWriter = New StreamWriter(Request.GetRequestStream())
            Dim jsonFormatted As String = Regex.Unescape(JSon)
            streamWriter.Write(jsonFormatted)
            Console.WriteLine(authHeader)
        End Using

当我在邮递员中测试连接时，Chrome 应用程序工作正常。我认为问题在于我如何创建 nonce 值，但不确定，因为这是我第一次处理基于令牌的身份验证。

感谢大家的时间和评论谢谢。

Answer 1

您需要在散列后转义签名。规范说需要根据 RFC3986 进行转义，但我看到了仅转义加号 (+) 的 Netsuite 示例。

'在哈希生成后放置在您的 Using 块内或之后

oauth_signature = oauth_signature.Replace("+", "%2B")

或者 - 要通过 RFC3986 进行完全转义，您可以使用此示例 注意：我在另一篇 slashdot 文章中找到了此功能：如何让 Uri.EscapeDataString 符合 RFC 3986 '我刚刚将其从 C# 移植到 VB.NET：

oauth_signature = EscapeUriDataStringRfc3986(signatureString)

Friend Shared Function EscapeUriDataStringRfc3986(ByVal value As String) As String
    ' Start with RFC 2396 escaping by calling the .NET method to do the work.
    ' This MAY sometimes exhibit RFC 3986 behavior (according to the documentation).
    ' If it does, the escaping we do that follows it will be a no-op since the
    ' characters we search for to replace can't possibly exist in the string.
    Dim escaped As StringBuilder = New StringBuilder(Uri.EscapeDataString(value))

    ' Upgrade the escaping to RFC 3986, if necessary.
    Dim i As Integer = 0
    Do While (i < UriRfc3986CharsToEscape.Length)
        escaped.Replace(UriRfc3986CharsToEscape(i), Uri.HexEscape(UriRfc3986CharsToEscape(i)(0)))
        i = (i + 1)
    Loop

    '' Return the fully-RFC3986-escaped string.
    Return escaped.ToString
End Function