Hi, Signed requests in AuthSub is a common source of confusion, trouble, and general panic. In this case the "signature" is constructed by first building the data string which in this case looks like:
data = http-method SP http-request-URL SP timestamp SP nonce Each of these values are described further in the documentation you linked. Once you have this data string you build the sig by doing sig = base64(sign(hash(data ))) In that order. In this case, hash() means to sha1 the string and sign() means to sign it with your private RSA key. Also bear in mind that when you upgrade a session token you also need to sign -that- request as well. Now the real confusion starts, since I see you are trying to use the YouTube API. For all requests to uploads.gdata.youtube.com you have to lie when you sign the request and say they are coming from gdata.youtube.com due to a bug in the authentication code. There is more information on this bug in this thread: http://groups.google.com/group/youtube-api-gdata/browse_thread/thread/a021074156e32b46/ In the future, we plan on releasing support for YouTube in our .NET client library, which should make all of this much simpler. Cheers, -Jeff On May 19, 4:21 pm, Pete Souza <[EMAIL PROTECTED]> wrote: > I have an ASP.Net 2.0 webapp using the Google APIs. Previously, I > used raw HTML requests to upload videos to YouTube which worked fine. > The webapp was not registered, though, so it got that ugly red warning > during the step through YouTube's website asking you to confirm it. > > After registering the security certificate with Google and pouring > over reference material, forums, etc., I seem to be missing one vital > bit of information. > > On this page here: > > > http://code.google.com/apis/accounts/docs/AuthForWebApps.html#signing... > > It defines the 'sig' as a signature that's built on the signed key in > the certificate I registered the webapp with. It fails to indicate > what I'm applying that signature to. Or if I'm just supplying it as > is. I've tried both and get a 401/Unauthorized either way when I > attempt to use it in my GetUploadToken HTTP request. > > Here's some code: > > protected AsymmetricAlgorithm getRsaKey() > { > System.Security.Cryptography.X509Certificates.X509Certificate2 > cert = new > System.Security.Cryptography.X509Certificates.X509Certificate2("C:/ > dev.micronet-systems.com.pfx", "dr4k3fl4m3"); > RSACryptoServiceProvider privateKey = cert.PrivateKey as > RSACryptoServiceProvider; > > return privateKey; > } > > public string GetUploadAuth(string sTitle, string sDesc, string > sKeywords) > { > AsymmetricAlgorithm rsaKey = getRsaKey(); > sSig = Util.GetDataFromXML(rsaKey.ToXmlString(false), > "Modulus", "/RSAKeyValue"); > HttpWebRequest objHttpWebRequest = > (HttpWebRequest)WebRequest.Create("http://gdata.youtube.com/action/ > GetUploadToken"); > objHttpWebRequest.ContentType = "application/atom+xml; > charset=UTF-8"; > objHttpWebRequest.Headers.Add("Authorization: AuthSub token= > \"" + this.sToken + "\" sigalg=\"rsa-sha1\" data=\"" + sData + "\" sig= > \"" + sSig + "\""); > objHttpWebRequest.Headers.Add("X-GData-Client: " + > Util.GetAppSetting("GoogleClientID")); > objHttpWebRequest.Headers.Add("X-GData-Key: key=" + > Util.GetAppSetting("GoogleDevKey")); > objHttpWebRequest.PreAuthenticate = true; > objHttpWebRequest.Method = "POST"; > objHttpWebRequest.KeepAlive = false; > > string sData = "<?xml version=\"1.0\"?>\r\n"; > sData += "<entry xmlns=\"http://www.w3.org/2005/Atom\"\r\n";; > sData += " xmlns:media=\"http://search.yahoo.com/mrss/\"\r > \n"; > sData += " xmlns:yt=\"http://gdata.youtube.com/schemas/2007\";> > \r\n"; > sData += " <media:group>\r\n"; > sData += " <media:title type=\"plain\">" + sTitle + "</ > media:title>\r\n"; > sData += " <media:description type=\"plain\">\r\n"; > sData += " " + sDesc + "\r\n"; > sData += " </media:description>\r\n"; > sData += " <media:category\r\n"; > sData += " scheme=\"http://gdata.youtube.com/schemas/2007/ > categories.cat\">People\r\n"; > sData += " </media:category>\r\n"; > sData += " <media:keywords>" + sKeywords + "</ > media:keywords>\r\n"; > sData += " </media:group>\r\n"; > sData += "</entry>\r\n"; > > objHttpWebRequest.ContentLength = sData.Length; > > if (sData != null && sData != string.Empty) > { > encoding = new UTF8Encoding(); > Stream objStream = objHttpWebRequest.GetRequestStream(); > Byte[] Buffer = encoding.GetBytes(sData); > objStream.Write(Buffer, 0, Buffer.Length); > objStream.Close(); > } > > // ** HERE'S WHERE IT BOMBS! ** > objHttpWebResponse = > (HttpWebResponse)objHttpWebRequest.GetResponse(); > > ... > > sToken is set correctly, by the way. And the previous request for a > token was made with secure=1. > > It generates this request: > > Content-Type: application/atom+xml; charset=UTF-8 > Authorization: AuthSub token="CK-OvdAgEPupqio" sigalg="rsa-sha1" > data="GEThttp://gdata.youtube.com/action/GetUploadToken > 1211239082.23438 5542598760473821" sig="qx4gIaWalo1cLOj010+nArKO0jKVry > +yawiC8pJe2xT9zKruYSvGgc0aDvcG5sOweDk6br2R0Y0+RddawA7qicf9MK6Y39LSDcKV8DMLu0isdL8aXDIab0ZdSOcGGdN6D37fj/ > yjJt0rpwKbG5R0rqwSkHltwpnVAdtoUwGXAKM=" > X-GData-Client: ytapi-MicroNetSystems-TraceProduceComm-8al3cphk-0 > X-GData-Key: > key=AI39si4wx4kzWSRw2S2FcLT68nxWE20qubAHMvc3yXHRoaELpMiMhsXl7ikDE8EzD7aYY092DdOwOkfyXYtPTpa8T2AFZxShYg > Host: gdata.youtube.com > Content-Length: 623 > Expect: 100-continue > Connection: Close > > Thoughts? Am I misinterpreting the specs? > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Data Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
