Hi Shishir, Here are answers for your questions:- 1. On my back end server I am trying to authenticate request from orkut. 2. I am using mechanism as provided in following URL
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests 3. I dont have environment for doing development using java hence it is not possible for me to try the example. I am asking one simple question "Since I am using .NET web service and there is no sample code for ASP .NET Web Service, I need the exact information of parameters used to generate the base signature.". Please let me know if this is a unreasonable question? Here is the code that I am trying public string GenerateSignatureBase(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, string signatureType) { List<QueryParameter> parameters = new List<QueryParameter> (); parameters.Add(new QueryParameter ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk=")); parameters.Add(new QueryParameter ("oauth_consumer_key","orkut.com")); parameters.Add(new QueryParameter("oauth_nonce", "1257504988478336000")); parameters.Add(new QueryParameter ("oauth_signature_method","RSA-SHA1")); parameters.Add(new QueryParameter("oauth_timestamp", "1257504988")); parameters.Add(new QueryParameter ("oauth_version","1.0")); parameters.Add(new QueryParameter ("opensocial_app_id","07513949224686644859")); parameters.Add(new QueryParameter ("opensocial_app_url","http://www.knownmarket.com/KMWeb/ KnownMarket.xml")); parameters.Add(new QueryParameter ("opensocial_container","http://www.orkut.com")); parameters.Add(new QueryParameter ("opensocial_owner_id","04260157720044639260")); parameters.Add(new QueryParameter ("opensocial_viewer_id","04260157720044639260")); parameters.Add(new QueryParameter("xoauth_public_key","pub. 1199819524.-1556113204990931254.cer")); parameters.Add(new QueryParameter ("xoauth_signature_publickey","pub. 1199819524.-1556113204990931254.cer")); parameters.Add(new QueryParameter("oauth_token", "")); parameters.Sort(new QueryParameterComparer()); string normalizedRequestParameters =NormalizeRequestParameters(parameters); StringBuilder signatureBase = new StringBuilder(); signatureBase.AppendFormat("{0}&", "POST"); signatureBase.AppendFormat("{0}&", UrlEncode("http:// www.knownmarket.com/KMWeb/listingSvc.asmx")); signatureBase.AppendFormat("{0}", UrlEncode (normalizedRequestParameters)); return signatureBase.ToString(); } X509Certificate Cert = X509Certificate.CreateFromCertFile ( Request.PhysicalApplicationPath + "/bin/pub. 1199819524.-1556113204990931254.cer"); RSACryptoServiceProvider Provider = CertUtil.GetCertPublicKey(Cert); OAuth.OAuthBase ba = new OAuthBase(); string baseString = ba.GenerateSignatureBase(Request.Url, Request.QueryString["oauth_consumer_key"], "", Request.QueryString ["oauth_token"], "",Request.HttpMethod, Request.QueryString ["oauth_timestamp"], Request.QueryString["oauth_nonce"], "RSA-SHA1"); string signature= "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/ wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/ 4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/ wyG3HK2GpOE="; byte[] sign = Convert.FromBase64String(signature); byte[] bstring = Encoding.UTF8.GetBytes(baseString); Response.Write(Provider.VerifyData(bstring, "SHA1", sign)); On Nov 17, 12:08 pm, "Shishir Birmiwal (Google)" <shishir.birmi...@google.com> wrote: > -others > > Hi Akash, > > 1. Are you trying to authenticate a request from orkut to your backend > server, or trying to send an authenitcated request from your backend server > to orkut? > > 2. Are you sure that you are using 2-legged-oauth? > > 3. The sample application in opensocial-java-client has a working demo of > how a request is sent to orkut from a backend server. Please see if that > helps. > > Cheers, > Shishir > > > > On Tue, Nov 17, 2009 at 11:42 AM, Akash <akashmaheshw...@gmail.com> wrote: > > Folks, > > Still I am not able to get answer to this question and I am really > > frustrated here. I anyway have plan to move my application to facebook > > but if this problem is not solved I will be left with no choice and > > remove support for Orkut. Please note this is not threat but a > > practical issue as any hacker can mess with my application data. > > Please correct me if my understanding is wrong. > > > Thanks, > > -Akash > > (PS: I am ccing everybody I know in orkut developer team, sorry for > > this spam) > > > On Nov 16, 1:56 pm, Akash <akashmaheshw...@gmail.com> wrote: > > > Hi Orkut Development team, > > > It is almost one year now and I am not able to get the solution to > > > this aurthentication problem. I am glad that you have provided sample > > > codes of authentication for various server side languages. Since I am > > > using .NET web service and there are no sample code for it I need the > > > exact information of parameters used to generate the base signature. > > > > If somebody who is using some other server side language can share a > > > sample of the parameters added to the request, generated base > > > signature and signature that will be great help. I will use these > > > parameters to verify my program. > > > > Thanks, > > > -Akash > > > > On Nov 13, 2:50 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > Ping as the problem is not solved yet for me :( > > > > > On Nov 12, 3:20 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > Hi Prashant, > > > > > Thanks for looking into this issue. I have tried all libraries > > > > > available hence the issue in unlikely in library. Can you please > > > > > provide me following:- > > > > > > 1. List of parameters that are added to the post request by orkut > > > > > proxy server to my post request (It is a soap request). A sample post > > > > > request will all parameters. > > > > > 2. What should be base signature URL for this sample request. > > > > > > I will feed above data into my code and it is works in my code. In > > > > > case it does not work then the problem is in my code otherwise > > > > > somewhere else. > > > > > > I just triedhttp://googlecodesamples.com/oauth_playground/will > > > > > following parameters. > > > > > > URL:http://www.knownmarket.com/KMWeb/listingSvc.asmx > > > > > outh_signature_method: RSA-SHA1 > > > > > outh_consumer_key: orkut.com > > > > > POST Data: > > > > > > <?xml version="1.0" encoding="utf-8"?><soap12:Envelope > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12=" > >http://www.w3.org/2003/05/soap-envelope"><soap12:Body><ListLocalities > > > > > xmlns="KM"><cityId>14</cityId></ListLocalities></soap12:Body></ > > > > > soap12:Envelope> > > > > > > I get the response as > > > > > **** > > > > > Couldn't resolve host '< > > > > > **** > > > > > > So let me know what else I can do. The server is not owned by me. > > > > > > Thanks, > > > > > -Akash > > > > > > On Nov 12, 2:10 pm, "Prashant (Google)" <p...@google.com> wrote: > > > > > > > HiAkash, > > > > > > > This being a POST request, it would be difficult to debug at our > > end > > > > > > with only the currently available data. > > > > > > > But assuming that you're sending the right set of parameters that > > the > > > > > > server expects and that you're encoding them correctly in your > > query > > > > > > string, you may try generating the base string using some other > > OAuth > > > > > > library, or give the online OAuth Playground a try athttp:// > > googlecodesamples.com/oauth_playground/. > > > > > > > Otherwise, if it's you who own the server as well, you may also > > want > > > > > > to verify as an added measure that the server endpoint is using the > > > > > > correct certificate too and calculating the correct signature > > > > > > accordingly. > > > > > > > Those are some checkpoints that immediately come to mind. Please go > > > > > > through them and let us know if anything gives. > > > > > > > Thanks, > > > > > > Prashant. > > > > > > > On Nov 12, 12:04 am,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > > > Folks please help me in this issue. > > > > > > > > Thanks, > > > > > > > -Akash > > > > > > > > On Nov 6, 5:50 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > > > > Hi Robson, > > > > > > > > Thanks a lot for the reply. I am still not able to get it > > working :- > > > > > > > > (. Please note I am using ASP.NET web services. > > > > > > > > > Here is my exact code snippet that I am using for proof of > > concept > > > > > > > > for getting authentication working. > > > > > > > > > public string GenerateSignatureBase(Uri url, string > > > > > > > > consumerKey, string consumerSecret, string token, string > > tokenSecret, > > > > > > > > string httpMethod, string timeStamp, string nonce, string > > > > > > > > signatureType) > > > > > > > > { > > > > > > > > List<QueryParameter> parameters = new > > List<QueryParameter> > > > > > > > > (); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk=")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("oauth_consumer_key","orkut.com")); > > > > > > > > parameters.Add(new QueryParameter("oauth_nonce", > > > > > > > > "1257504988478336000")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("oauth_signature_method","RSA-SHA1")); > > > > > > > > parameters.Add(new > > QueryParameter("oauth_timestamp", > > > > > > > > "1257504988")); > > > > > > > > parameters.Add(new > > QueryParameter("oauth_version","1.0")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("opensocial_app_id","07513949224686644859")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("opensocial_app_url","http://www.knownmarket.com/KMWeb/ > > > > > > > > KnownMarket.xml")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("opensocial_container","http://www.orkut.com")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("opensocial_owner_id","04260157720044639260")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("opensocial_viewer_id","04260157720044639260")); > > > > > > > > parameters.Add(new > > QueryParameter("xoauth_public_key","pub. > > > > > > > > 1199819524.-1556113204990931254.cer")); > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > ("xoauth_signature_publickey","pub. > > > > > > > > 1199819524.-1556113204990931254.cer")); > > > > > > > > parameters.Add(new QueryParameter("oauth_token", > > "")); > > > > > > > > > parameters.Sort(new QueryParameterComparer()); > > > > > > > > > string normalizedRequestParameters = > > > > > > > > NormalizeRequestParameters(parameters); > > > > > > > > > StringBuilder signatureBase = new StringBuilder(); > > > > > > > > signatureBase.AppendFormat("{0}&", "POST"); > > > > > > > > signatureBase.AppendFormat("{0}&", UrlEncode(" > >http://www.knownmarket.com/KMWeb/listingSvc.asmx")); > > > > > > > > signatureBase.AppendFormat("{0}", UrlEncode > > > > > > > > (normalizedRequestParameters)); > > > > > > > > return signatureBase.ToString(); > > > > > > > > } > > > > > > > > > X509Certificate Cert = > > X509Certificate.CreateFromCertFile > > > > > > > > ( Request.PhysicalApplicationPath + "/bin/pub. > > > > > > > > 1199819524.-1556113204990931254.cer"); > > > > > > > > RSACryptoServiceProvider Provider = > > > > > > > > CertUtil.GetCertPublicKey(Cert); > > > > > > > > OAuth.OAuthBase ba = new OAuthBase(); > > > > > > > > string baseString = > > ba.GenerateSignatureBase(Request.Url, > > > > > > > > Request.QueryString["oauth_consumer_key"], "", > > Request.QueryString > > > > > > > > ["oauth_token"], "", Request.HttpMethod, Request.QueryString > > > > > > > > ["oauth_timestamp"], Request.QueryString["oauth_nonce"], > > "RSA-SHA1"); > > > > > > > > > string signature = > > "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/ > > > > > > > > wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/ > > > 4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/ > > > > > > > > wyG3HK2GpOE="; > > > > > > > > byte[] sign = Convert.FromBase64String(signature); > > > > > > > > > byte[] bstring = > > Encoding.UTF8.GetBytes(baseString); > > > > > > > > Response.Write(Provider.VerifyData(bstring, "SHA1", > > > > > > > > sign)); > > > > > > > > > Thanks, > > > > > > > > -Akash > > > > > > > > > On Nov 2, 1:29 am, Robson Dantas <biu.dan...@gmail.com> wrote: > > > > > > > > > > Sorry, sent you the java version. Here is the link for .NET > > > > > > > > > >http://code.google.com/p/opensocial-net-client/ > > > > > > > > > > Cheers > > > > > > > > > > Robson Dantas > > > > > > > > > > 2009/11/1 Robson Dantas <biu.dan...@gmail.com> > > > > > > > > > > >Akash, > > > > > > > > > > > I dont know what kind of oauth lib you´re using, but i got > > some problems > > > > > > > > > > too, using the library which was described on > > wiki.opensocial.org . > > > > > > > > > > > After spending some time debugging, figured out that it was > > a problem on > > ... > > read more »- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-or...@googlegroups.com. To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=.