我正在尝试开发一个简单的应用程序来使用 v2 API 与 Tumblr 进行交互。我能够通过 oAuth 流程中的每一步(感谢 Twitter 上的文档)并获得授权和经过身份验证的令牌和机密。但是在发布时,我收到了 401 未经授权的错误。这是相关的代码片段:
private void post_Click(object sender, System.Windows.RoutedEventArgs e)
{
url = new Uri("http://api.tumblr.com/v2/blog/*myblog*.tumblr.com/post");
Random random = new Random();
nonce = random.Next(1234000, 9999999).ToString();
TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
timestamp = Convert.ToInt64(ts.TotalSeconds).ToString();
string method = "POST";
StringBuilder sb = new StringBuilder();
sb.AppendFormat("{0}&", method);
sb.AppendFormat("{0}&", upperCaseUrl(HttpUtility.UrlEncode(url.ToString())));
sb.AppendFormat("body%3D{0}%26", upperCaseUrl(HttpUtility.UrlEncode(textBox.Text)));
sb.AppendFormat("oauth_consumer_key%3D{0}%26", consumerKey);
sb.AppendFormat("oauth_nonce%3D{0}%26", nonce);
sb.AppendFormat("oauth_signature_method%3D{0}%26", "HMAC-SHA1");
sb.AppendFormat("oauth_timestamp%3D{0}%26", timestamp);
sb.AppendFormat("oauth_token%3D{0}%26", token);
sb.AppendFormat("oauth_version%3D{0}%26", "1.0");
sb.AppendFormat("type%3D{0}", "text");
System.Diagnostics.Debug.WriteLine(sb.ToString());
string signingKey = consumerSecret + '&' + secret;
HMACSHA1 signing = new HMACSHA1(Encoding.ASCII.GetBytes(signingKey));
byte[] bytearray = Encoding.ASCII.GetBytes(sb.ToString());
MemoryStream stream = new MemoryStream(bytearray);
signature = Convert.ToBase64String(signing.ComputeHash(stream));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
StringBuilder header = new StringBuilder();
header.Append("OAuth ");
header.AppendFormat("oauth_consumer_key=\"{0}\", ", consumerKey);
header.AppendFormat("oauth_token=\"{0}\", ", token);
header.AppendFormat("oauth_nonce=\"{0}\", ", nonce);
header.AppendFormat("oauth_timestamp=\"{0}\", ", timestamp);
header.AppendFormat("oauth_signature_method=\"{0}\", ", "HMAC-SHA1");
header.AppendFormat("oauth_version=\"{0}\", ", "1.0");
header.AppendFormat("oauth_signature=\"{0}\"", upperCaseUrl(HttpUtility.UrlEncode(signature)));
System.Diagnostics.Debug.WriteLine(header.ToString());
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = WebRequestMethods.Http.Post;
request.Headers.Add("Authorization", header.ToString());
try
{
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
StreamReader reader = new StreamReader(response.GetResponseStream());
if (reader.ReadToEnd() == "201: Created")
{
control.Invoke((MethodInvoker)delegate
{
statusText.Text = "Post successfully sent!";
});
}
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
}
单击按钮并从文本框中获取正文文本时调用该函数。签名部分是正确的,因为它已经过其他服务(Twitter 等)的测试,并且它仍然为 Tumblr 本身提供有效的签名。Authorization 标头与我用来请求令牌和对其进行授权的标头几乎相同,并且基本字符串仅包含内容的类型(在本例中为文本)和正文,除了 oauth_* 标准参数。我还使用 hueniverse.com 上提供的工具检查了代码,但仍然没有。
可能我错过了一些 HTTP 标头,或者我发布了错误的请求。有任何想法吗?谢谢。