Are you able to successfully validate requests using this C# routine? If so, very good work! :) You mention that your code isn't production- quality, but if you wanted to polish it a bit, we would love to host it on the opensocial-resources wiki with the PHP and Java implementations.
- Jason On Sep 27, 1:43 am, Akash <[EMAIL PROTECTED]> wrote: > I think I cracked the holy grail (At least for me:-)). > > Client Side:- > I am using following javascript code to make a web service call. > > var map = { "Content-Type" : "application/soap+xml; > charset=utf-8"}; > > var params = {}; > soapRequest = > "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + > "<soap12:Envelope " + > > "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " + > > "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" " + > > "xmlns:soap12=\"http://www.w3.org/2003/05/soap-envelope\">" + > "<soap12:Body>" + > "<" + method + " xmlns=\"" + ns + "\">" + > parameters.toXml() + > "</" + method + > "></soap12:Body></soap12:Envelope>"; > params[gadgets.io.RequestParameters.METHOD] = > gadgets.io.MethodType.POST; > params[gadgets.io.RequestParameters.CONTENT_TYPE] = > gadgets.io.ContentType.DOM; > params[gadgets.io.RequestParameters.HEADERS] = map; > params[gadgets.io.RequestParameters.AUTHORIZATION] = > gadgets.io.AuthorizationType.SIGNED; > params[gadgets.io.RequestParameters.POST_DATA] = soapRequest; > > gadgets.io.makeRequest(url, function(req){ > SOAPClient._onSendSoapRequest(method, async, callback, context, wsdl, > req); > }, params); > > When the post request reach Orkut Proxy Container, it generates a base > signature string (http://oauth.net/core/1.0/#anchor14) by Concatenate > Request Elements > The following items MUST be concatenated in order into a single > string. Each item is encoded (Parameter Encoding) and separated by an > ‘&’ character (ASCII code 38), even if empty. > 1. The HTTP request method used to send the request. Value MUST be > uppercase, for example: HEAD, GET , POST, etc. > In our case it is "POST" > > 2. The request URL from Section 9.1.2 (Construct Request URL). > In our case it ishttp://www.ApplicationServer.com/iApp/Service.asmx > > 3. The normalized request parameters string from Section 9.1.1 > (Normalize Request Parameters). > The request parameters added are following:- > > opensocial_owner_id 04260157720044639260 > opensocial_viewer_id 04260157720044639260 > opensocial_app_id 12536334869062616675 > opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml > xoauth_signature_publickey pub. > 1199819524.-1556113204990931254.cer > oauth_consumer_key orkut.com > oauth_timestamp 1222452522 > oauth_nonce 1222452522836105000 > > Base signature string is signed(hashed) and a private key is input for > RSA-SHA1 algorithm and it generates a signature. > > Finally orkut container makes a web service call to the application > server on behalf of orkut application. > > IMPORTANT: Inside the web method all parameters added by orkut > container are available inside this.Context.Request.Params. These > parameters are > opensocial_owner_id 04260157720043639260 > opensocial_viewer_id 04260157720043639260 > opensocial_app_id 12536334849062616675 > opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml > xoauth_signature_publickey pub. > 1199819524.-1556113204990931254.cer > oauth_consumer_key orkut.com > oauth_timestamp 1222452522 > oauth_nonce 1222452522836105000 > > oauth_signature_method RSA-SHA1 > oauth_signature Q1xim4r9e+3LOpObb6GWhGkw41a8MTc9a > +bNuleE8jwRyymXbdZNJBIq3N2RoC9Ojri2ha1V43Mj0JfovNDpYKoPnAUlwsUGzAp7KzpXcdAeyUw6txeCtkVSdsiWw7NhX/ > btdJs2dQzbMKBptGAfLdwjCYThmqLqwDicHU1Dr34= > > Verification:- > > I am using the codehttp://code.google.com/p/devdefined-tools/wiki/OAuth > byhttp://code.google.com/u/bittercoder/(Thank you for help and great > work) > > I created OpenSocialCertificates.cs that has content of certificate > pub.1199819524.-1556113204990931254.cer > > *****OpenSocialCertificates.cs ***** > using System.Security.Cryptography.X509Certificates; > using System.Text; > > namespace DevDefined.OAuth > { > public class OpenSocialCertificates > { > private const string _orkutCertificate = > @"-----BEGIN CERTIFICATE----- > MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV > BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG > A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh > bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT > MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML > R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN > BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G > j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG > D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY > eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb > XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ > BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU > MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs > cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA > CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu > GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG > P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk= > -----END CERTIFICATE-----"; > > public static X509Certificate2 OrkutCertificate > { > get { return new > X509Certificate2(Encoding.ASCII.GetBytes(_orkutCertificate)); } > } > } > > } > > I added another method inside OAuthContextBuilder.cs because the > parameters using for validation are inside datastructure > request.Params > > public OAuthContext FromHttpParams(HttpRequest request) > { > var context = new OAuthContext(); > > // Required to create signature base string > // Http Method > context.RequestMethod = request.HttpMethod; > //Request URL > context.RawUri = new Uri("http://" + > request.Params["SERVER_NAME"] + request.Params["SCRIPT_NAME"]); > > //Request parameters > context.authParams.Add("opensocial_owner_id", > request.Params["opensocial_owner_id"]); > context.authParams.Add("opensocial_viewer_id", > request.Params["opensocial_viewer_id"]); > context.authParams.Add("opensocial_app_id", > request.Params["opensocial_app_id"]); > context.authParams.Add("opensocial_app_url", > request.Params["opensocial_app_url"]); > context.authParams.Add("xoauth_signature_publickey", > request.Params["xoauth_signature_publickey"]); > context.authParams.Add(Parameters.OAuth_Consumer_Key, > request.Params[Parameters.OAuth_Consumer_Key]); > context.authParams.Add(Parameters.OAuth_Signature_Method, > request.Params[Parameters.OAuth_Signature_Method]); > context.authParams.Add(Parameters.OAuth_Timestamp, > request.Params[Parameters.OAuth_Timestamp]); > context.authParams.Add(Parameters.OAuth_Nonce, > request.Params[Parameters.OAuth_Nonce]); > > //Algorithm used for signing > context.SignatureMethod = > request.Params[Parameters.OAuth_Signature_Method]; > > //Signature > context.Signature = > request.Params[Parameters.OAuth_Signature]; > > return context; > } > > Inside OAuthContext.cs I added a name value collection named > authParams > > public OAuthContext() > { > ... > ... > ... > ... > ... > //Akash > authParams = new NameValueCollection(); > } > > ... > ... > ... > ... > ... > > public NameValueCollection authParams > { > get > { > if (_authParams == null) _authParams = new > NameValueCollection(); > return _authParams; > } > set { _authParams = value; } > } > > ... > ... > ... > ... > ... > > Following is the code for generating signature based > > public string GenerateSignatureBaseAuthParams() > { > var allParameters = new List<QueryParameter>(); > allParameters.AddRange(authParams.ToQueryParameters()); > > // Returns signature based > > return UriUtility.FormatParameters(RequestMethod, new > Uri(NormalizedRequestUrl), allParameters); > } > > Here is the code for validation > > private static string ValidateWithDevDefinedOAuth(HttpRequest req) > { > string str = "Validated"; > try > { > OAuthContext context = new > OAuthContextBuilder().FromHttpParams(req); > var signer = new OAuthContextSigner(); > var signingContext = new SigningContext { Algorithm = > DevDefined.OAuth.OpenSocialCertificates.OrkutCertificate.PublicKey.Key }; > > if (!signer.ValidateSignatureAuthParams(context, > signingContext)) > { > str += "Validation Failed\n"; > throw new OAuthException(context, > OAuthProblems.SignatureInvalid, "check certificate is still valid"); > } > } > catch (OAuthException authEx) > { > str = authEx.Report.ToString(); > } > return str; > } > > The code I have added is not a production quality code(Quite obvious). > > Thanks, > -Akash > > On Sep 26, 11:05 pm, Akash <[EMAIL PROTECTED]> wrote: > > > Thanks Raman & Jason. Now I have much better clarity on how things > > work. > > > I tried the options you suggested and able to make lot of progress. > > Since I am making a web service call, I am wondering how to Generate > > Signature Base. Following is the JS code I am using to make the web > > service call. > > > var map = { "Content-Type" : "application/soap+xml; > > charset=utf-8"}; > > > var params = {}; > > soapRequest = > > "<?xml version=\"1.0\" > > encoding=\"utf-8\"?>" + > > "<soap12:Envelope " + > > > > "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " + > > > > "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" " + > > > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---