Hi Jason,
I am successfully validated the requests using this C# routine. I
did some negative testing as well and it is working great. Please go
ahead and post the code.
Thanks,
-Akash
On Sep 30, 10:22 pm, Jason <[EMAIL PROTECTED]> wrote:
> Are you able to successfully validate requests using this C# routine?
> If so, very good work! :) You mention that your code isn't production-
> quality, but if you wanted to polish it a bit, we would love to host
> it on the opensocial-resources wiki with the PHP and Java
> implementations.
>
> - Jason
>
> On Sep 27, 1:43 am, Akash <[EMAIL PROTECTED]> wrote:
>
>
>
> > I think I cracked the holy grail (At least for me:-)).
>
> > Client Side:-
> > I am using following javascript code to make a web service call.
>
> > var map = { "Content-Type" : "application/soap+xml;
> > charset=utf-8"};
>
> > var params = {};
> > soapRequest =
> > "<?xml version=\"1.0\"
> > encoding=\"utf-8\"?>" +
> > "<soap12:Envelope " +
> >
> > "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"; " +
> >
> > "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; " +
> >
> > "xmlns:soap12=\"http://www.w3.org/2003/05/soap-envelope\";>" +
> > "<soap12:Body>" +
> > "<" + method + " xmlns=\"" + ns + "\">" +
> > parameters.toXml() +
> > "</" + method +
> > "></soap12:Body></soap12:Envelope>";
> > params[gadgets.io.RequestParameters.METHOD] =
> > gadgets.io.MethodType.POST;
> > params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> > gadgets.io.ContentType.DOM;
> > params[gadgets.io.RequestParameters.HEADERS] = map;
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;
> > params[gadgets.io.RequestParameters.POST_DATA] = soapRequest;
>
> > gadgets.io.makeRequest(url, function(req){
> > SOAPClient._onSendSoapRequest(method, async, callback, context, wsdl,
> > req);
> > }, params);
>
> > When the post request reach Orkut Proxy Container, it generates a base
> > signature string (http://oauth.net/core/1.0/#anchor14) by Concatenate
> > Request Elements
> > The following items MUST be concatenated in order into a single
> > string. Each item is encoded (Parameter Encoding) and separated by an
> > ‘&’ character (ASCII code 38), even if empty.
> > 1. The HTTP request method used to send the request. Value MUST be
> > uppercase, for example: HEAD, GET , POST, etc.
> > In our case it is "POST"
>
> > 2. The request URL from Section 9.1.2 (Construct Request URL).
> > In our case it ishttp://www.ApplicationServer.com/iApp/Service.asmx
>
> > 3. The normalized request parameters string from Section 9.1.1
> > (Normalize Request Parameters).
> > The request parameters added are following:-
>
> > opensocial_owner_id 04260157720044639260
> > opensocial_viewer_id 04260157720044639260
> > opensocial_app_id 12536334869062616675
> > opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml
> > xoauth_signature_publickey pub.
> > 1199819524.-1556113204990931254.cer
> > oauth_consumer_key orkut.com
> > oauth_timestamp 1222452522
> > oauth_nonce 1222452522836105000
>
> > Base signature string is signed(hashed) and a private key is input for
> > RSA-SHA1 algorithm and it generates a signature.
>
> > Finally orkut container makes a web service call to the application
> > server on behalf of orkut application.
>
> > IMPORTANT: Inside the web method all parameters added by orkut
> > container are available inside this.Context.Request.Params. These
> > parameters are
> > opensocial_owner_id 04260157720043639260
> > opensocial_viewer_id 04260157720043639260
> > opensocial_app_id 12536334849062616675
> > opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml
> > xoauth_signature_publickey pub.
> > 1199819524.-1556113204990931254.cer
> > oauth_consumer_key orkut.com
> > oauth_timestamp 1222452522
> > oauth_nonce 1222452522836105000
>
> > oauth_signature_method RSA-SHA1
> > oauth_signature Q1xim4r9e+3LOpObb6GWhGkw41a8MTc9a
> > +bNuleE8jwRyymXbdZNJBIq3N2RoC9Ojri2ha1V43Mj0JfovNDpYKoPnAUlwsUGzAp7KzpXcdAeyUw6txeCtkVSdsiWw7NhX/
> > btdJs2dQzbMKBptGAfLdwjCYThmqLqwDicHU1Dr34=
>
> > Verification:-
>
> > I am using the codehttp://code.google.com/p/devdefined-tools/wiki/OAuth
> > byhttp://code.google.com/u/bittercoder/(Thankyou for help and great
> > work)
>
> > I created OpenSocialCertificates.cs that has content of certificate
> > pub.1199819524.-1556113204990931254.cer
>
> > *****OpenSocialCertificates.cs *****
> > using System.Security.Cryptography.X509Certificates;
> > using System.Text;
>
> > namespace DevDefined.OAuth
> > {
> > public class OpenSocialCertificates
> > {
> > private const string _orkutCertificate =
> > @"-----BEGIN CERTIFICATE-----
> > MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
> > BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
> > A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
> > bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
> > MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
> > R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
> > BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
> > j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
> > D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
> > eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
> > XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
> > BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
> > MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
> > cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
> > CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
> > GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
> > P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
> > -----END CERTIFICATE-----";
>
> > public static X509Certificate2 OrkutCertificate
> > {
> > get { return new
> > X509Certificate2(Encoding.ASCII.GetBytes(_orkutCertificate)); }
> > }
> > }
>
> > }
>
> > I added another method inside OAuthContextBuilder.cs because the
> > parameters using for validation are inside datastructure
> > request.Params
>
> > public OAuthContext FromHttpParams(HttpRequest request)
> > {
> > var context = new OAuthContext();
>
> > // Required to create signature base string
> > // Http Method
> > context.RequestMethod = request.HttpMethod;
> > //Request URL
> > context.RawUri = new Uri("http://"; +
> > request.Params["SERVER_NAME"] + request.Params["SCRIPT_NAME"]);
>
> > //Request parameters
> > context.authParams.Add("opensocial_owner_id",
> > request.Params["opensocial_owner_id"]);
> > context.authParams.Add("opensocial_viewer_id",
> > request.Params["opensocial_viewer_id"]);
> > context.authParams.Add("opensocial_app_id",
> > request.Params["opensocial_app_id"]);
> > context.authParams.Add("opensocial_app_url",
> > request.Params["opensocial_app_url"]);
> > context.authParams.Add("xoauth_signature_publickey",
> > request.Params["xoauth_signature_publickey"]);
> > context.authParams.Add(Parameters.OAuth_Consumer_Key,
> > request.Params[Parameters.OAuth_Consumer_Key]);
> > context.authParams.Add(Parameters.OAuth_Signature_Method,
> > request.Params[Parameters.OAuth_Signature_Method]);
> > context.authParams.Add(Parameters.OAuth_Timestamp,
> > request.Params[Parameters.OAuth_Timestamp]);
> > context.authParams.Add(Parameters.OAuth_Nonce,
> > request.Params[Parameters.OAuth_Nonce]);
>
> > //Algorithm used for signing
> > context.SignatureMethod =
> > request.Params[Parameters.OAuth_Signature_Method];
>
> > //Signature
> > context.Signature =
> > request.Params[Parameters.OAuth_Signature];
>
> > return context;
> > }
>
> > Inside OAuthContext.cs I added a name value collection named
> > authParams
>
> > public OAuthContext()
> > {
> > ...
> > ...
> > ...
> > ...
> > ...
> > //Akash
> > authParams = new NameValueCollection();
> > }
>
> > ...
> > ...
> > ...
> > ...
> > ...
>
> > public NameValueCollection authParams
> > {
> > get
> > {
> > if (_authParams == null) _authParams = new
> > NameValueCollection();
> > return _authParams;
> > }
> > set { _authParams = value; }
> > }
>
> > ...
> > ...
> > ...
> > ...
> > ...
>
> > Following is the code for generating signature based
>
> > public string GenerateSignatureBaseAuthParams()
> > {
> > var allParameters = new List<QueryParameter>();
> > allParameters.AddRange(authParams.ToQueryParameters());
>
> > // Returns signature based
>
> > return UriUtility.FormatParameters(RequestMethod, new
> > Uri(NormalizedRequestUrl), allParameters);
> > }
>
> > Here is the code for validation
>
> > private static string ValidateWithDevDefinedOAuth(HttpRequest req)
> > {
> >
>
> ...
>
> read more »- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
