Thanks Raman & Jason. Now I have much better clarity on how things
work.
I tried the options you suggested and able to make lot of progress.
Since I am making a web service call, I am wondering how to Generate
Signature Base. Following is the JS code I am using to make the web
service call.
var map = { "Content-Type" : "application/soap+xml;
charset=utf-8"};
var params = {};
soapRequest =
"<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<soap12:Envelope " +
"xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"; " +
"xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
" +
"xmlns:soap12=\"http://www.w3.org/2003/05/soap-envelope\";>" +
"<soap12:Body>" +
"<" + method + " xmlns=\"" + ns + "\">" +
parameters.toXml() +
"</" + method +
"></soap12:Body></soap12:Envelope>";
params[gadgets.io.RequestParameters.METHOD] =
gadgets.io.MethodType.POST;
params[gadgets.io.RequestParameters.CONTENT_TYPE] =
gadgets.io.ContentType.DOM;
params[gadgets.io.RequestParameters.HEADERS] = map;
params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
params[gadgets.io.RequestParameters.POST_DATA] = soapRequest;
var req;
gadgets.io.makeRequest("http://www.MyApplicationServer.com/
iApp/Service.asmx", function(req){
SOAPClient._onSendSoapRequest(method, async,
callback, context,
wsdl, req);
}, params);
Now coming to the application server side. For validation I have to
generate signature base
1. The HTTP request method used to send the request. Value MUST be
uppercase, for example: HEAD, GET , POST, etc.
2. The request URL from Section 9.1.2 (Construct Request URL).
3. The normalized request parameters string from Section 9.1.1
(Normalize Request Parameters).
#1 is POST
#2 I think request URL should be "http://www.MyApplicationServer.com/
iApp/Service.asmx". However the request is coming from orkut hence not
sure. Please confirm.
#3 According to the OAuth Spec
****
The request parameters are collected, sorted and concatenated into a
normalized string:
1. Parameters in the OAuth HTTP Authorization header (Authorization
Header) excluding the realm parameter.
2. Parameters in the HTTP POST request body (with a content-type of
application/x-www-form-urlencoded).
3. HTTP GET parameters added to the URLs in the query part (as defined
by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI):
Generic Syntax,” .) section 3).
The oauth_signature parameter MUST be excluded.
****
#1 Parameters in the OAuth HTTP Authorization header (Authorization
Header) excluding the realm parameter.
Within my web service the OAuth HTTP Authorization header are
populated in this.Context.Request.Params datastructure
oauth_consumer_key orkut.com
oauth_signature_method RSA-SHA1
oauth_timestamp 1222270545
oauth_nonce 1222270545579299000
oauth_signature KJy1Dz
+tMNDhQjS0mtc2SrmG7X51evlmJiFtT1ztpX0pBVpT6i27Hr6MMf1svHqjLFjtxNFg+P2t/
Mjm
+bXS2AUdfsKlelTfTlQEEzyX973Kdk74/5UXoZZmItzYfCmKQuQRl3fWYch0226eujYGrh3lu471e4rDury8gIll5v8=
this.Context.Request.Params datastructure has following parameters
pertaining to opensocial:-
opensocial_owner_id 04260157720044639260
opensocial_viewer_id 04260157720044639260
opensocial_app_id 12536334869062616675
opensocial_app_url http://www.MyApplicationServer.com/iApp/KM.xml
xoauth_signature_publickey pub.
1199819524.-1556113204990931254.cer
I am wondering whether these parameter are also required for
generating base signature? this.Context.Request.Params also contains
many other parameters (listed in the end of this email) but I think
they should not be used for generating base signature. Please correct
me if I am wrong.
#2. Parameters in the HTTP POST request body (with a content-type of
application/x-www-form-urlencoded).
Though http method used for request is POST but the content type I am
using is "application/soap+xml;". Therefore the soap request that is
part of post request should not user for generating base. Please
correct me if I am wrong.
3. HTTP GET parameters added to the URLs in the query part (as defined
by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI):
Generic Syntax,” .) section 3).
Since this is a post request I should not bother about it?
Since I am very close to solution I will highly appreciate any help in
this regard.
Thanks,
-Akash
*****
opensocial_owner_id 04260157720044639260
opensocial_viewer_id 04260157720044639260
opensocial_app_id 12536334869062616675
opensocial_app_url http://www.MyApplicationServer.com/iApp/KM.xml
xoauth_signature_publickey pub.
1199819524.-1556113204990931254.cer
oauth_consumer_key orkut.com
oauth_signature_method RSA-SHA1
oauth_timestamp 1222270545
oauth_nonce 1222270545579299000
oauth_signature KJy1Dz
+tMNDhQjS0mtc2SrmG7X51evlmJiFtT1ztpX0pBVpT6i27Hr6MMf1svHqjLFjtxNFg+P2t/
Mjm
+bXS2AUdfsKlelTfTlQEEzyX973Kdk74/5UXoZZmItzYfCmKQuQRl3fWYch0226eujYGrh3lu471e4rDury8gIll5v8=
ALL_HTTP HTTP_CACHE_CONTROL:private
HTTP_CONTENT_LENGTH:367
HTTP_CONTENT_TYPE:application/soap+xml; charset=utf-8
HTTP_ACCEPT_ENCODING:gzip
HTTP_HOST:www.MyApplicationServer.com
HTTP_USER_AGENT:Google OpenSocial agent (http://www.google.com/
feedfetcher.html)
ALL_RAW Cache-Control: private
Content-Length: 367
Content-Type: application/soap+xml; charset=utf-8
Accept-Encoding: gzip
Host: www.MyApplicationServer.com
User-Agent: Google OpenSocial agent (http://www.google.com/
feedfetcher.html)
APPL_MD_PATH /LM/W3SVC/491520/ROOT/iApp
APPL_PHYSICAL_PATH E:\web\MyApplicationServer\htdocs\iApp\
AUTH_TYPE
AUTH_USER
AUTH_PASSWORD
LOGON_USER
REMOTE_USER
CERT_COOKIE
CERT_FLAGS
CERT_ISSUER
CERT_KEYSIZE
CERT_SECRETKEYSIZE
CERT_SERIALNUMBER
CERT_SERVER_ISSUER
CERT_SERVER_SUBJECT
CERT_SUBJECT
CONTENT_LENGTH 367
CONTENT_TYPE application/soap+xml; charset=utf-8
GATEWAY_INTERFACE CGI/1.1
HTTPS off
HTTPS_KEYSIZE
HTTPS_SECRETKEYSIZE
HTTPS_SERVER_ISSUER
HTTPS_SERVER_SUBJECT
INSTANCE_ID 491520
INSTANCE_META_PATH /LM/W3SVC/491520
LOCAL_ADDR 64.22.138.6
PATH_INFO /iApp/Service.asmx
PATH_TRANSLATED E:\web\MyApplicationServer\htdocs\iApp
\Service.asmx
QUERY_STRING
opensocial_owner_id=04260157720044639260&opensocial_viewer_id=04260157720044639260&opensocial_app_id=12536334869062616675&opensocial_app_url=http
%3A%2F%2Fwww.MyApplicationServer.com%2FiApp
%2FMyApplicationServer.xml&xoauth_signature_publickey=pub.
1199819524.-1556113204990931254.cer&oauth_consumer_key=orkut.com&oauth_signature_method=RSA-
SHA1&oauth_timestamp=1222446709&oauth_nonce=1222446709021876000&oauth_signature=LTpKRq12Oai5r
%2Fa4jlXDcjS%2Ff6rI1LdGfFHgmIHZ
%2B8MjKdBWcOBZkCIv0IT8TArLj3AefWGWIRJfQobfdLpXZUQXbdDOJI5%2BrjXd2jPLJPKZ5gkdzpwdC7O38GJymgbWe8k1g9l98SE08do37bwIjNYu
%2BS9n%2BtmtmHSfCC3L80g%3D
REMOTE_ADDR 66.249.85.131
REMOTE_HOST 66.249.85.131
REMOTE_PORT 58435
REQUEST_METHOD POST
SCRIPT_NAME /iApp/Service.asmx
SERVER_NAME www.MyApplicationServer.com
SERVER_PORT 80
SERVER_PORT_SECURE 0
SERVER_PROTOCOL HTTP/1.1
SERVER_SOFTWARE Microsoft-IIS/7.0
URL /iApp/Service.asmx
HTTP_CACHE_CONTROL private
HTTP_CONTENT_LENGTH 367
HTTP_CONTENT_TYPE application/soap+xml; charset=utf-8
HTTP_ACCEPT_ENCODING gzip
HTTP_HOST www.MyApplicationServer.com
HTTP_USER_AGENT Google OpenSocial agent (http://www.google.com/
feedfetcher.html)
*****
On Sep 26, 2:11 am, Jason <[EMAIL PROTECTED]> wrote:
> Yes, Raman's right again. Requests are not encrypted; the only
> difference between unsigned and signed requests are the extra
> parameters that are passed -- signed requests have a signature
> attached as well as extra arguments identifying the container and
> owner ID plus a few others.
>
> - Jason
>
> On Sep 24, 3:10 am, Raman <[EMAIL PROTECTED]> wrote:
>
>
>
> > HiAkash
>
> > No, the communication is not over SSL (as far as i know).
> > Plus, orkut add a lot of GET parameters such as opensocial_owner_id,
> > oauth_nonce, etc..
>
> > Just to make sure you ain't doing anything wrong..
>
> > Use this code on client
>
> > /**
> > * Perform remote server requests. The requests is signed by the container.
> > * @function
> > * @param {String} url
> > * URL containg the get and post parameters to which the request is to be
> > made.
> > * @param {Function} [callback]
> > * Function to call back when a response is received by the server.
> > * @example
> > * call("http://www.sampleserver.sample?key1=value1&key2=key2=value2";); //
> > key1 and key2 are passed as GET parameters.
> > * call("http://www.sampleserver.sample|key1=value1&key2=key2=value2"); //
> > key1 and key2 are passed as POST parameters.
> > * call("http://www.sampleserver.sample?key1=value1|key2=key2=value2"); //
> > key1 is passed as a GET parameter and key2 is passed as a post parameter.
> > */
> > function call (url, callback)
> > {
> > var params = {};
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;
> > // Request should be signed by the container.
>
> > // URL contains post parameters, post paramters are separated by a '|'
> > (without quotes) from the main URL.
> > if (url.indexOf("|") -1)
> > {
> > // tell container its a POST request.
> > params[gadgets.io.RequestParameters.METHOD] =
> > gadgets.io.MethodType.POST;
> > var urls = url.split("|");
> > url = urls[0];
> > params[gadgets.io.RequestParameters.POST_DATA] = urls[1]; // POST
> > Data
> > }
> > gadgets.io.makeRequest(url, callback, params);
>
> > }
>
> > This is a modified versionof the function that I have been using in the
> > production, stripped of all the user built libraries that i have been using.
> > If there's an error with this thing, let me know, I will resolve it.
>
> > And use the following code on the server to get all the GET and POST
> > parameters..
>
> > using System;
> > using System.Data;
> > using System.Configuration;
> > using System.Collections;
> > using System.Web;
> > using System.Web.Security;
> > using System.Web.UI;
> > using System.Web.UI.WebControls;
> > using System.Web.UI.WebControls.WebParts;
> > using System.Web.UI.HtmlControls;
> > using System.Collections.Specialized;
>
> > public partial class Sample : System.Web.UI.Page
> > {
> > protected void Page_Load(object sender, EventArgs e)
> > {
> > NameValueCollection gets = Request.QueryString;
> > for (int i = 0; i < gets.Count; i++)
> > { Response.Write(gets.GetKey(i) + ": " +
> > gets.GetValues(i)[0] + "<br />"); }
> > Response.Write("</br>");
> > NameValueCollection posts = Request.Form;
> > for (int i = 0; i < posts.Count; i++)
> > { Response.Write(posts.GetKey(i) + ": " +
> > Uri.EscapeUriString(posts.GetValues(i)[0]) + "<br />"); }
> > Response.End();
> > }
>
> > }
>
> > All the best.
>
> > Raman- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
