This code is the sample from the Oauth.net . I think it too old for my asp.net 3.5 or 4.0.
My page.
Expand|Select|Wrap|Line Numbers
- <%@ Page Language="C#" AutoEventWireup="true"%>
- <%@ Import Namespace="OAuth" %>
- <%@ Import Namespace="System" %>
- <%@ Import Namespace="System.Net" %>
- <%@ Import Namespace="System.IO" %>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head runat="server">
- <title></title>
- </head>
- <body>
- <form id="form1" runat="server">
- <div>
- <%
- OAuthBase oauth = new OAuthBase();
- Uri url = new Uri("http://ssdsdafdasfdsafdsa.example.net/photos?file=vacation.jpg&size=original");
- string signature = oauth.GenerateSignature(url,"dpf43f3p2l4k3l03", "kd94hf93k423kf44", "nnch734d00sl2jdk", "pfkkdhi9sl3r4s00", "GET", oauth.GenerateTimeStamp(), oauth.GenerateNonce(), OAuthBase.SignatureTypes.HMACSHA1);
- %>
- </div>
- </form>
- </body>
- </html>
this code is from the Oauth.net website for generating the signature.
Expand|Select|Wrap|Line Numbers
- //THE APP_CODE
- using System;
- using System.Security.Cryptography;
- using System.Collections.Generic;
- using System.Text;
- using System.Web;
- namespace OAuth {
- public class OAuthBase {
- /// <summary>
- /// Provides a predefined set of algorithms that are supported officially by the protocol
- /// </summary>
- public enum SignatureTypes {
- HMACSHA1,
- PLAINTEXT,
- RSASHA1
- }
- /// <summary>
- /// Provides an internal structure to sort the query parameter
- /// </summary>
- protected class QueryParameter {
- private string name = null;
- private string value = null;
- public QueryParameter(string name, string value) {
- this.name = name;
- this.value = value;
- }
- public string Name {
- get { return name; }
- }
- public string Value {
- get { return value; }
- }
- }
- /// <summary>
- /// Comparer class used to perform the sorting of the query parameters
- /// </summary>
- protected class QueryParameterComparer : IComparer<QueryParameter> {
- #region IComparer<QueryParameter> Members
- public int Compare(QueryParameter x, QueryParameter y) {
- if (x.Name == y.Name) {
- return string.Compare(x.Value, y.Value);
- } else {
- return string.Compare(x.Name, y.Name);
- }
- }
- #endregion
- }
- protected const string OAuthVersion = "1.0";
- protected const string OAuthParameterPrefix = "oauth_";
- //
- // List of know and used oauth parameters' names
- //
- protected const string OAuthConsumerKeyKey = "oauth_consumer_key";
- protected const string OAuthCallbackKey = "oauth_callback";
- protected const string OAuthVersionKey = "oauth_version";
- protected const string OAuthSignatureMethodKey = "oauth_signature_method";
- protected const string OAuthSignatureKey = "oauth_signature";
- protected const string OAuthTimestampKey = "oauth_timestamp";
- protected const string OAuthNonceKey = "oauth_nonce";
- protected const string OAuthTokenKey = "oauth_token";
- protected const string OAuthTokenSecretKey = "oauth_token_secret";
- protected const string HMACSHA1SignatureType = "HMAC-SHA1";
- protected const string PlainTextSignatureType = "PLAINTEXT";
- protected const string RSASHA1SignatureType = "RSA-SHA1";
- protected Random random = new Random();
- protected string unreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~";
- /// <summary>
- /// Helper function to compute a hash value
- /// </summary>
- /// <param name="hashAlgorithm">The hashing algoirhtm used. If that algorithm needs some initialization, like HMAC and its derivatives, they should be initialized prior to passing it to this function</param>
- /// <param name="data">The data to hash</param>
- /// <returns>a Base64 string of the hash value</returns>
- private string ComputeHash(HashAlgorithm hashAlgorithm, string data) {
- if (hashAlgorithm == null) {
- throw new ArgumentNullException("hashAlgorithm");
- }
- if (string.IsNullOrEmpty(data)) {
- throw new ArgumentNullException("data");
- }
- byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(data);
- byte[] hashBytes = hashAlgorithm.ComputeHash(dataBuffer);
- return Convert.ToBase64String(hashBytes);
- }
- /// <summary>
- /// Internal function to cut out all non oauth query string parameters (all parameters not begining with "oauth_")
- /// </summary>
- /// <param name="parameters">The query string part of the Url</param>
- /// <returns>A list of QueryParameter each containing the parameter name and value</returns>
- private List<QueryParameter> GetQueryParameters(string parameters) {
- if (parameters.StartsWith("?")) {
- parameters = parameters.Remove(0, 1);
- }
- List<QueryParameter> result = new List<QueryParameter>();
- if (!string.IsNullOrEmpty(parameters)) {
- string[] p = parameters.Split('&');
- foreach (string s in p) {
- if (!string.IsNullOrEmpty(s) && !s.StartsWith(OAuthParameterPrefix)) {
- if (s.IndexOf('=') > -1) {
- string[] temp = s.Split('=');
- result.Add(new QueryParameter(temp[0], temp[1]));
- } else {
- result.Add(new QueryParameter(s, string.Empty));
- }
- }
- }
- }
- return result;
- }
- /// <summary>
- /// This is a different Url Encode implementation since the default .NET one outputs the percent encoding in lower case.
- /// While this is not a problem with the percent encoding spec, it is used in upper case throughout OAuth
- /// </summary>
- /// <param name="value">The value to Url encode</param>
- /// <returns>Returns a Url encoded string</returns>
- protected string UrlEncode(string value) {
- StringBuilder result = new StringBuilder();
- foreach (char symbol in value) {
- if (unreservedChars.IndexOf(symbol) != -1) {
- result.Append(symbol);
- } else {
- result.Append('%' + String.Format("{0:X2}", (int)symbol));
- }
- }
- return result.ToString();
- }
- /// <summary>
- /// Normalizes the request parameters according to the spec
- /// </summary>
- /// <param name="parameters">The list of parameters already sorted</param>
- /// <returns>a string representing the normalized parameters</returns>
- protected string NormalizeRequestParameters(IList<QueryParameter> parameters) {
- StringBuilder sb = new StringBuilder();
- QueryParameter p = null;
- for (int i = 0; i < parameters.Count; i++) {
- p = parameters[i];
- sb.AppendFormat("{0}={1}", p.Name, p.Value);
- if (i < parameters.Count - 1) {
- sb.Append("&");
- }
- }
- return sb.ToString();
- }
- /// <summary>
- /// Generate the signature base that is used to produce the signature
- /// </summary>
- /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>
- /// <param name="consumerKey">The consumer key</param>
- /// <param name="token">The token, if available. If not available pass null or an empty string</param>
- /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>
- /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>
- /// <param name="signatureType">The signature type. To use the default values use <see cref="OAuthBase.SignatureTypes">OAuthBase.SignatureTypes</see>.</param>
- /// <returns>The signature base</returns>
- public string GenerateSignatureBase(Uri url, string consumerKey, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, string signatureType, out string normalizedUrl, out string normalizedRequestParameters) {
- if (token == null) {
- token = string.Empty;
- }
- if (tokenSecret == null) {
- tokenSecret = string.Empty;
- }
- if (string.IsNullOrEmpty(consumerKey)) {
- throw new ArgumentNullException("consumerKey");
- }
- if (string.IsNullOrEmpty(httpMethod)) {
- throw new ArgumentNullException("httpMethod");
- }
- if (string.IsNullOrEmpty(signatureType)) {
- throw new ArgumentNullException("signatureType");
- }
- normalizedUrl = null;
- normalizedRequestParameters = null;
- List<QueryParameter> parameters = GetQueryParameters(url.Query);
- parameters.Add(new QueryParameter(OAuthVersionKey, OAuthVersion));
- parameters.Add(new QueryParameter(OAuthNonceKey, nonce));
- parameters.Add(new QueryParameter(OAuthTimestampKey, timeStamp));
- parameters.Add(new QueryParameter(OAuthSignatureMethodKey, signatureType));
- parameters.Add(new QueryParameter(OAuthConsumerKeyKey, consumerKey));
- if (!string.IsNullOrEmpty(token)) {
- parameters.Add(new QueryParameter(OAuthTokenKey, token));
- }
- parameters.Sort(new QueryParameterComparer());
- normalizedUrl = string.Format("{0}://{1}", url.Scheme, url.Host);
- if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443)))
- {
- normalizedUrl += ":" + url.Port;
- }
- normalizedUrl += url.AbsolutePath;
- normalizedRequestParameters = NormalizeRequestParameters(parameters);
- StringBuilder signatureBase = new StringBuilder();
- signatureBase.AppendFormat("{0}&", httpMethod.ToUpper());
- signatureBase.AppendFormat("{0}&", UrlEncode(normalizedUrl));
- signatureBase.AppendFormat("{0}", UrlEncode(normalizedRequestParameters));
- return signatureBase.ToString();
- }
- /// <summary>
- /// Generate the signature value based on the given signature base and hash algorithm
- /// </summary>
- /// <param name="signatureBase">The signature based as produced by the GenerateSignatureBase method or by any other means</param>
- /// <param name="hash">The hash algorithm used to perform the hashing. If the hashing algorithm requires initialization or a key it should be set prior to calling this method</param>
- /// <returns>A base64 string of the hash value</returns>
- public string GenerateSignatureUsingHash(string signatureBase, HashAlgorithm hash) {
- return ComputeHash(hash, signatureBase);
- }
- /// <summary>
- /// Generates a signature using the HMAC-SHA1 algorithm
- /// </summary>
- /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>
- /// <param name="consumerKey">The consumer key</param>
- /// <param name="consumerSecret">The consumer seceret</param>
- /// <param name="token">The token, if available. If not available pass null or an empty string</param>
- /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>
- /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>
- /// <returns>A base64 string of the hash value</returns>
- public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, out string normalizedUrl, out string normalizedRequestParameters) {
- return GenerateSignature(url, consumerKey, consumerSecret, token, tokenSecret, httpMethod, timeStamp, nonce, SignatureTypes.HMACSHA1, out normalizedUrl, out normalizedRequestParameters);
- }
- /// <summary>
- /// Generates a signature using the specified signatureType
- /// </summary>
- /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>
- /// <param name="consumerKey">The consumer key</param>
- /// <param name="consumerSecret">The consumer seceret</param>
- /// <param name="token">The token, if available. If not available pass null or an empty string</param>
- /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>
- /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>
- /// <param name="signatureType">The type of signature to use</param>
- /// <returns>A base64 string of the hash value</returns>
- public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, out string normalizedUrl, out string normalizedRequestParameters) {
- normalizedUrl = null;
- normalizedRequestParameters = null;
- switch (signatureType) {
- case SignatureTypes.PLAINTEXT:
- return HttpUtility.UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret));
- case SignatureTypes.HMACSHA1:
- string signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters);
- HMACSHA1 hmacsha1 = new HMACSHA1();
- hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret)));
- return GenerateSignatureUsingHash(signatureBase, hmacsha1);
- case SignatureTypes.RSASHA1:
- throw new NotImplementedException();
- default:
- throw new ArgumentException("Unknown signature type", "signatureType");
- }
- }
- /// <summary>
- /// Generate the timestamp for the signature
- /// </summary>
- /// <returns></returns>
- public virtual string GenerateTimeStamp() {
- // Default implementation of UNIX time of the current UTC time
- TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
- return Convert.ToInt64(ts.TotalSeconds).ToString();
- }
- /// <summary>
- /// Generate a nonce
- /// </summary>
- /// <returns></returns>
- public virtual string GenerateNonce() {
- // Just a simple implementation of a random number between 123400 and 9999999
- return random.Next(123400, 9999999).ToString();
- }
- }
- }