1. 首頁
  2. 問答
  3. DotNetOpenAuth的DesktopConsumer ProcessUserAuthorization中的驗證器是什麼?

DotNetOpenAuth的DesktopConsumer ProcessUserAuthorization中的驗證器是什麼?

2012-06-13 44 views
2

我是DotNetOpenAuth的新手,我無法找到在ProcessUserAuthorization中用作驗證者的值。DotNetOpenAuth的DesktopConsumer ProcessUserAuthorization中的驗證器是什麼?

我想實現的是使用我的用戶憑證登錄到使用OAuth的應用程序(稱爲UserVoice)。這裏是我的代碼如下所示:

string requestToken; 
var authorizeUri = consumer.RequestUserAuthorization(new Dictionary<string, string>(), null, out requestToken).AbsoluteUri; 
var verifier = "???"; 
var accessToken = consumer.ProcessUserAuthorization(requestToken, verifier).AccessToken; 
consumer.PrepareAuthorizedRequest(endpoint, accessToken, data).GetResponse();

我試圖用我的用戶名,我的密碼,我的消費重點,我的消費者的祕密,但似乎沒有任何工作。有人知道我應該使用哪個值作爲驗證者嗎?

感謝

來源

2012-06-13 Carl

回答

2

我終於找到了一種用DotNetOpenAuth登錄UserVoice的方法。我認爲UserVoice的實施的OAuth的不標準,但我可以在此做:

var consumer = new DesktopConsumer(this.GetInitialServiceDescription(), this._manager) 
string requestToken; 
consumer.RequestUserAuthorization(null, null, out requestToken); 

// get authentication token 
var extraParameters = new Dictionary<string, string> 
{ 
    { "email", this._email }, 
    { "password", this._password }, 
    { "request_token", requestToken }, 
}; 

consumer = new DesktopConsumer(this.GetSecondaryServiceDescription(), this._manager); 
consumer.RequestUserAuthorization(extraParameters, null, out requestToken);

凡GetInitialServiceDescription返回良好的要求內容,並GetSecondaryServiceDescription是破解版本和地方的返回授權端點請求令牌端點。以這種方式返回的「request_token」(根據我對OAuth的理解,這不是一個正常的request_token)可以用作PrepareAuthorizedRequest的訪問令牌。

來源

2012-06-15 14:57:22 Carl

0

的驗證是在用戶已經表示,他們希望授權您的應用程序,UserVoice的將顯示在屏幕上的代碼。用戶必須將該驗證碼從Web站點複製並粘貼迴應用程序的GUI,以便將其傳遞給ProcessUserAuthorization方法。

這僅在OAuth 1.0a(不是1.0)中是必需的,並且可以緩解在1.0中發現的某些可利用的攻擊。在您的ServiceProviderDescription中,請確保您指定該服務是1.0a版本(如果實際上Uservoice支持該版本),以便DNOA將與Uservoice通信它應該創建驗證程序代碼。順便說一句,包括掃描過程標題或將瀏覽器託管在您自己的應用程序中的各種技巧可以通過讓您的應用程序自動複製驗證代碼步驟來消除手動用戶複製驗證代碼步驟。

來源

2012-06-14 13:42:29

0

當通過WebAPI完成授權並且您沒有在瀏覽器中顯示重定向時,也使用驗證程序。在這裏,你只需通過代碼發送你的認證請求,並在沒有任何用戶交互的情況下將驗證器作爲json字符串。

在這種情況下的處理(的OAuth 1.0)如下所示:

public void AccessAPI() 
    { 
     InMemoryOAuthTokenManager tokenManager = InMemoryOAuthTokenManager(YOUR_CLIENT_KEY, YOUR_CLIENT_SECRET); 
     var consumer = new DesktopConsumer(GetAuthServerDescription(), tokenManager); 

      // Get Request token 
      string requestToken; 
      var parameters = new Dictionary<string, string>(); 
      parameters["email"] = "foo"; 
      parameters["password"] = "bar"; 
      Uri authorizationUrl = consumer.RequestUserAuthorization(null, parameters, out requestToken); 

      // Authorize and get a verifier (No OAuth Header necessary for the API I wanted to access) 
      var request = WebRequest.Create(authorizationUrl) as HttpWebRequest; 
      request.Method = "Get"; 
      request.Accept = "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2"; 
      var response = request.GetResponse() as HttpWebResponse; 
      string verifier = new StreamReader(response.GetResponseStream()).ReadToEnd().Split('=')[1]; //Irgendwie will Json nicht parsen 

      // Use verifier to get the final AccessToken 
      AuthorizedTokenResponse authorizationResponse = consumer.ProcessUserAuthorization(requestToken, verifier); 
      string accessToken = authorizationResponse.AccessToken; 

      // Access Ressources 
      HttpDeliveryMethods resourceHttpMethod = HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest; 
      var resourceEndpoint = new MessageReceivingEndpoint("https://api.discovergy.com/public/v1/meters", resourceHttpMethod); 
      using (IncomingWebResponse resourceResponse = consumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken)) 
      { 
       string result = resourceResponse.GetResponseReader().ReadToEnd(); 
       dynamic content = JObject.Parse(result); 
      } 
    } 

    private ServiceProviderDescription GetAuthServerDescription() 
    { 
     var authServerDescription = new ServiceProviderDescription(); 
     authServerDescription.RequestTokenEndpoint = new MessageReceivingEndpoint(YOUR_REQUEST_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest); 
     authServerDescription.UserAuthorizationEndpoint = new MessageReceivingEndpoint(YOUR_AUTHORIZATION_ENDPOINT, HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest); 
     authServerDescription.AccessTokenEndpoint = new MessageReceivingEndpoint(YOUR_TOKEN_ENDPOINT, HttpDeliveryMethods.PostRequest | HttpDeliveryMethods.AuthorizationHeaderRequest); 
     authServerDescription.ProtocolVersion = ProtocolVersion.V10; 
     authServerDescription.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }; 
     return authServerDescription; 
    }

來源

2017-06-07 20:28:09

相關問題

 相關問題