C# DotNetOpenAuth';s DesktopConsumer ProcessUserAuthorization?
我是DotNetOpenAuth新手,在ProcessUserAuthorization中找不到用作验证器的值 我想要实现的是使用我的用户凭据登录到使用OAuth的应用程序(称为UserVoice)中。我的代码是这样的:C# DotNetOpenAuth';s DesktopConsumer ProcessUserAuthorization?,c#,oauth,dotnetopenauth,C#,Oauth,Dotnetopenauth,我是DotNetOpenAuth新手,在ProcessUserAuthorization中找不到用作验证器的值 我想要实现的是使用我的用户凭据登录到使用OAuth的应用程序(称为UserVoice)中。我的代码是这样的: string requestToken; var authorizeUri = consumer.RequestUserAuthorization(new Dictionary<string, string>(), null, out requestToken).A
string requestToken;
var authorizeUri = consumer.RequestUserAuthorization(new Dictionary<string, string>(), null, out requestToken).AbsoluteUri;
var verifier = "???";
var accessToken = consumer.ProcessUserAuthorization(requestToken, verifier).AccessToken;
consumer.PrepareAuthorizedRequest(endpoint, accessToken, data).GetResponse();
字符串请求令牌;
var authorizeUri=consumer.RequestUserAuthorization(new Dictionary(),null,out requestToken);
var验证器=“?”;
var accessToken=consumer.ProcessUserAuthorization(requestToken,verifier).accessToken;
consumer.PrepareAuthorizedRequest(端点、accessToken、数据).GetResponse();
我试图使用我的用户名、密码、消费者密钥和消费者秘密,但似乎没有任何效果。有人知道我应该使用哪个值作为验证器吗
谢谢验证程序是用户表示要授权您的应用程序后,UserVoice将在屏幕上显示的代码。用户必须将此验证器代码从网站复制并粘贴回应用程序的GUI中,这样它就可以将其传递到
ProcessUserAuthorization
方法中
这仅在OAuth 1.0a(而不是1.0)中需要,用于缓解在1.0中发现的某些可利用攻击。在ServiceProviderDescription
中,确保指定该服务为1.0a版本(如果实际上Uservoice支持该版本),以便DNOA将与Uservoice通信,告知其应创建验证程序代码
顺便说一句,包括扫描进程标题或在自己的应用程序中托管浏览器在内的各种技巧都可以通过让应用程序自动为用户复制验证代码来消除手动用户复制验证代码的步骤。我终于找到了使用DotNetOpenAuth登录UserVoice的方法。我认为UserVoice对OAuth的实现不是标准的,但在此期间我做到了:
var consumer = new DesktopConsumer(this.GetInitialServiceDescription(), this._manager)
string requestToken;
consumer.RequestUserAuthorization(null, null, out requestToken);
// get authentication token
var extraParameters = new Dictionary<string, string>
{
{ "email", this._email },
{ "password", this._password },
{ "request_token", requestToken },
};
consumer = new DesktopConsumer(this.GetSecondaryServiceDescription(), this._manager);
consumer.RequestUserAuthorization(extraParameters, null, out requestToken);
var consumer=new DesktopConsumer(this.GetInitialServiceDescription(),this.\u管理器)
字符串请求令牌;
consumer.RequestUserAuthorization(null,null,out-requestToken);
//获取身份验证令牌
var extraParameters=新字典
{
{“email”,这个。{u email},
{“密码”,这个。_密码},
{“请求令牌”,请求令牌},
};
consumer=新的DesktopConsumer(this.GetSecondaryServiceDescription(),this.\u manager);
consumer.RequestUserAuthorization(extraParameters,null,out requestToken);
其中,GetInitialServiceDescription返回正确的请求描述,GetSecondaryServiceDescription是一个黑客版本,并返回授权端点而不是请求令牌端点。以这种方式返回的“请求令牌”(从我对OAuth的理解来看,这实际上不是一个普通的请求令牌)可以用作PrepareAuthorizedRequest的访问令牌。当通过WebAPI进行授权并且浏览器中没有显示重定向时,也会使用验证器。在这种情况下,您只需通过代码发送AuthentificationRequest,并将验证器作为json字符串获取,而无需任何用户交互 在这种情况下,过程(对于OAuth 1.0)如下所示:
public void AccessAPI ()
{
InMemoryOAuthTokenManager tokenManager = InMemoryOAuthTokenManager(YOUR_CLIENT_KEY, YOUR_CLIENT_SECRET);
var consumer = new DesktopConsumer(GetAuthServerDescription(), tokenManager);
// Get Request token
string requestToken;
var parameters = new Dictionary<string, string>();
parameters["email"] = "foo";
parameters["password"] = "bar";
Uri authorizationUrl = consumer.RequestUserAuthorization(null, parameters, out requestToken);
// Authorize and get a verifier (No OAuth Header necessary for the API I wanted to access)
var request = WebRequest.Create(authorizationUrl) as HttpWebRequest;
request.Method = "Get";
request.Accept = "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";
var response = request.GetResponse() as HttpWebResponse;
string verifier = new StreamReader(response.GetResponseStream()).ReadToEnd().Split('=')[1]; //Irgendwie will Json nicht parsen
// Use verifier to get the final AccessToken
AuthorizedTokenResponse authorizationResponse = consumer.ProcessUserAuthorization(requestToken, verifier);
string accessToken = authorizationResponse.AccessToken;
// Access Ressources
HttpDeliveryMethods resourceHttpMethod = HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest;
var resourceEndpoint = new MessageReceivingEndpoint("https://api.discovergy.com/public/v1/meters", resourceHttpMethod);
using (IncomingWebResponse resourceResponse = consumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken))
{
string result = resourceResponse.GetResponseReader().ReadToEnd();
dynamic content = JObject.Parse(result);
}
}
private ServiceProviderDescription GetAuthServerDescription()
{
var authServerDescription = new ServiceProviderDescription();
authServerDescription.RequestTokenEndpoint = new MessageReceivingEndpoint(YOUR_REQUEST_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.UserAuthorizationEndpoint = new MessageReceivingEndpoint(YOUR_AUTHORIZATION_ENDPOINT, HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.AccessTokenEndpoint = new MessageReceivingEndpoint(YOUR_TOKEN_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.ProtocolVersion = ProtocolVersion.V10;
authServerDescription.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() };
return authServerDescription;
}
public void AccessAPI()
{
InMemoryOAuthTokenManager tokenManager=InMemoryOAuthTokenManager(您的客户机密钥,您的客户机密钥);
var consumer=new DesktopConsumer(GetAuthServerDescription(),tokenManager);
//获取请求令牌
字符串请求令牌;
var参数=新字典();
参数[“email”]=“foo”;
参数[“密码”]=“栏”;
Uri authorizationUrl=consumer.RequestUserAuthorization(null,参数,out-requestToken);
//授权并获取验证器(我想要访问的API不需要OAuth头)
var-request=WebRequest.Create(authorizationUrl)作为HttpWebRequest;
request.Method=“Get”;
request.Accept=“text/html,image/gif,image/jpeg,*;q=.2,*/*;q=.2”;
var response=request.GetResponse()作为HttpWebResponse;
字符串验证器=newstreamreader(response.GetResponseStream()).ReadToEnd().Split('=')[1];//Irgendwie将不解析Json
//使用验证器获取最终的AccessToken
AuthorizedTokenResponse authorizationResponse=consumer.ProcessUserAuthorization(requestToken,verifier);
字符串accessToken=authorizationResponse.accessToken;
//访问资源
HttpDeliveryMethods resourceHttpMethod=HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest;
var resourceEndpoint=new MessageReceivingEndpoint(“https://api.discovergy.com/public/v1/meters“,resourceHttpMethod);
使用(IncomingWebResponse resourceResponse=consumer.PrepareAuthorizedRequestStandSend(resourceEndpoint,accessToken))
{
字符串结果=resourceResponse.GetResponseReader().ReadToEnd();
动态内容=JObject.Parse(结果);
}
}
private ServiceProviderDescription GetAuthServerDescription()
{
var authServerDescription=new ServiceProviderDescription();
authServerDescription.RequestTokenEndpoint=新的MessageReceivingEndpoint(您的_请求_端点,HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.UserAuthorizationEndpoint=新消息ReceivingEndpoint(您的授权端点,HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.AccessTokenEndpoint=新的MessageReceivingEndpoint(您的_-TOKEN_端点,HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest);
authServerDescription.ProtocolVersion=ProtocolVersion.V10;
authServerDescription.TamperProtectionElements=新的ITamperProtectionChannelBindingElement[]{新的HMACSHA1签名绑定元素(