Hi Shishir,
Here are answers for your questions:-
1. On my back end server I am trying to authenticate request from
orkut.
2. I am using mechanism as provided in following URL
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
3. I dont have environment for doing development using java hence it
is not possible for me to try the example. I am asking one simple
question
"Since I am using .NET web service and there is no sample code for
ASP .NET Web Service, I need the exact information of parameters used
to generate the base signature.". Please let me know if this is a
unreasonable question?
Here is the code that I am trying
public string GenerateSignatureBase(Uri url, string consumerKey,
string consumerSecret, string token, string tokenSecret, string
httpMethod, string timeStamp, string nonce, string signatureType)
{
List<QueryParameter> parameters = new List<QueryParameter>
();
parameters.Add(new QueryParameter
("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk="));
parameters.Add(new QueryParameter
("oauth_consumer_key","orkut.com"));
parameters.Add(new QueryParameter("oauth_nonce",
"1257504988478336000"));
parameters.Add(new QueryParameter
("oauth_signature_method","RSA-SHA1"));
parameters.Add(new QueryParameter("oauth_timestamp",
"1257504988"));
parameters.Add(new QueryParameter
("oauth_version","1.0"));
parameters.Add(new QueryParameter
("opensocial_app_id","07513949224686644859"));
parameters.Add(new QueryParameter
("opensocial_app_url","http://www.knownmarket.com/KMWeb/
KnownMarket.xml"));
parameters.Add(new QueryParameter
("opensocial_container","http://www.orkut.com";));
parameters.Add(new QueryParameter
("opensocial_owner_id","04260157720044639260"));
parameters.Add(new QueryParameter
("opensocial_viewer_id","04260157720044639260"));
parameters.Add(new QueryParameter("xoauth_public_key","pub.
1199819524.-1556113204990931254.cer"));
parameters.Add(new QueryParameter
("xoauth_signature_publickey","pub.
1199819524.-1556113204990931254.cer"));
parameters.Add(new QueryParameter("oauth_token", ""));
parameters.Sort(new QueryParameterComparer());
string normalizedRequestParameters
=NormalizeRequestParameters(parameters);
StringBuilder signatureBase = new StringBuilder();
signatureBase.AppendFormat("{0}&", "POST");
signatureBase.AppendFormat("{0}&", UrlEncode("http://
www.knownmarket.com/KMWeb/listingSvc.asmx"));
signatureBase.AppendFormat("{0}", UrlEncode
(normalizedRequestParameters));
return signatureBase.ToString();
}
X509Certificate Cert = X509Certificate.CreateFromCertFile
( Request.PhysicalApplicationPath + "/bin/pub.
1199819524.-1556113204990931254.cer");
RSACryptoServiceProvider Provider =
CertUtil.GetCertPublicKey(Cert);
OAuth.OAuthBase ba = new OAuthBase();
string baseString = ba.GenerateSignatureBase(Request.Url,
Request.QueryString["oauth_consumer_key"], "", Request.QueryString
["oauth_token"], "",Request.HttpMethod, Request.QueryString
["oauth_timestamp"], Request.QueryString["oauth_nonce"], "RSA-SHA1");
string signature= "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/
wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/
4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/
wyG3HK2GpOE=";
byte[] sign = Convert.FromBase64String(signature);
byte[] bstring = Encoding.UTF8.GetBytes(baseString);
Response.Write(Provider.VerifyData(bstring, "SHA1",
sign));
On Nov 17, 12:08 pm, "Shishir Birmiwal (Google)"
<shishir.birmi...@google.com> wrote:
> -others
>
> Hi Akash,
>
> 1. Are you trying to authenticate a request from orkut to your backend
> server, or trying to send an authenitcated request from your backend server
> to orkut?
>
> 2. Are you sure that you are using 2-legged-oauth?
>
> 3. The sample application in opensocial-java-client has a working demo of
> how a request is sent to orkut from a backend server. Please see if that
> helps.
>
> Cheers,
> Shishir
>
>
>
> On Tue, Nov 17, 2009 at 11:42 AM, Akash <akashmaheshw...@gmail.com> wrote:
> > Folks,
> > Still I am not able to get answer to this question and I am really
> > frustrated here. I anyway have plan to move my application to facebook
> > but if this problem is not solved I will be left with no choice and
> > remove support for Orkut. Please note this is not threat but a
> > practical issue as any hacker can mess with my application data.
> > Please correct me if my understanding is wrong.
>
> > Thanks,
> > -Akash
> > (PS: I am ccing everybody I know in orkut developer team, sorry for
> > this spam)
>
> > On Nov 16, 1:56 pm, Akash <akashmaheshw...@gmail.com> wrote:
> > > Hi Orkut Development team,
> > > It is almost one year now and I am not able to get the solution to
> > > this aurthentication problem. I am glad that you have provided sample
> > > codes of authentication for various server side languages. Since I am
> > > using .NET web service and there are no sample code for it I need the
> > > exact information of parameters used to generate the base signature.
>
> > > If somebody who is using some other server side language can share a
> > > sample of the parameters added to the request, generated base
> > > signature and signature that will be great help. I will use these
> > > parameters to verify my program.
>
> > > Thanks,
> > > -Akash
>
> > > On Nov 13, 2:50 pm,Akash<akashmaheshw...@gmail.com> wrote:
>
> > > > Ping as the problem is not solved yet for me :(
>
> > > > On Nov 12, 3:20 pm,Akash<akashmaheshw...@gmail.com> wrote:
>
> > > > > Hi Prashant,
> > > > > Thanks for looking into this issue. I have tried all libraries
> > > > > available hence the issue in unlikely in library. Can you please
> > > > > provide me following:-
>
> > > > > 1. List of parameters that are added to the post request by orkut
> > > > > proxy server to my post request (It is a soap request). A sample post
> > > > > request will all parameters.
> > > > > 2. What should be base signature URL for this sample request.
>
> > > > > I will feed above data into my code and it is works in my code. In
> > > > > case it does not work then the problem is in my code otherwise
> > > > > somewhere else.
>
> > > > > I just triedhttp://googlecodesamples.com/oauth_playground/will
> > > > > following parameters.
>
> > > > > URL:http://www.knownmarket.com/KMWeb/listingSvc.asmx
> > > > > outh_signature_method: RSA-SHA1
> > > > > outh_consumer_key: orkut.com
> > > > > POST Data:
>
> > > > > <?xml version="1.0" encoding="utf-8"?><soap12:Envelope
> > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:soap12="
> >http://www.w3.org/2003/05/soap-envelope";><soap12:Body><ListLocalities
> > > > > xmlns="KM"><cityId>14</cityId></ListLocalities></soap12:Body></
> > > > > soap12:Envelope>
>
> > > > > I get the response as
> > > > > ****
> > > > > Couldn't resolve host '<
> > > > > ****
>
> > > > > So let me know what else I can do. The server is not owned by me.
>
> > > > > Thanks,
> > > > > -Akash
>
> > > > > On Nov 12, 2:10 pm, "Prashant (Google)" <p...@google.com> wrote:
>
> > > > > > HiAkash,
>
> > > > > > This being a POST request, it would be difficult to debug at our
> > end
> > > > > > with only the currently available data.
>
> > > > > > But assuming that you're sending the right set of parameters that
> > the
> > > > > > server expects and that you're encoding them correctly in your
> > query
> > > > > > string, you may try generating the base string using some other
> > OAuth
> > > > > > library, or give the online OAuth Playground a try athttp://
> > googlecodesamples.com/oauth_playground/.
>
> > > > > > Otherwise, if it's you who own the server as well, you may also
> > want
> > > > > > to verify as an added measure that the server endpoint is using the
> > > > > > correct certificate too and calculating the correct signature
> > > > > > accordingly.
>
> > > > > > Those are some checkpoints that immediately come to mind. Please go
> > > > > > through them and let us know if anything gives.
>
> > > > > > Thanks,
> > > > > > Prashant.
>
> > > > > > On Nov 12, 12:04 am,Akash<akashmaheshw...@gmail.com> wrote:
>
> > > > > > > Folks please help me in this issue.
>
> > > > > > > Thanks,
> > > > > > > -Akash
>
> > > > > > > On Nov 6, 5:50 pm,Akash<akashmaheshw...@gmail.com> wrote:
>
> > > > > > > > Hi Robson,
> > > > > > > > Thanks a lot for the reply. I am still not able to get it
> > working :-
> > > > > > > > (. Please note I am using ASP.NET web services.
>
> > > > > > > > Here is my exact code snippet that I am using for proof of
> > concept
> > > > > > > > for getting authentication working.
>
> > > > > > > > public string GenerateSignatureBase(Uri url, string
> > > > > > > > consumerKey, string consumerSecret, string token, string
> > tokenSecret,
> > > > > > > > string httpMethod, string timeStamp, string nonce, string
> > > > > > > > signatureType)
> > > > > > > > {
> > > > > > > > List<QueryParameter> parameters = new
> > List<QueryParameter>
> > > > > > > > ();
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk="));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("oauth_consumer_key","orkut.com"));
> > > > > > > > parameters.Add(new QueryParameter("oauth_nonce",
> > > > > > > > "1257504988478336000"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("oauth_signature_method","RSA-SHA1"));
> > > > > > > > parameters.Add(new
> > QueryParameter("oauth_timestamp",
> > > > > > > > "1257504988"));
> > > > > > > > parameters.Add(new
> > QueryParameter("oauth_version","1.0"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("opensocial_app_id","07513949224686644859"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("opensocial_app_url","http://www.knownmarket.com/KMWeb/
> > > > > > > > KnownMarket.xml"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("opensocial_container","http://www.orkut.com";));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("opensocial_owner_id","04260157720044639260"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("opensocial_viewer_id","04260157720044639260"));
> > > > > > > > parameters.Add(new
> > QueryParameter("xoauth_public_key","pub.
> > > > > > > > 1199819524.-1556113204990931254.cer"));
> > > > > > > > parameters.Add(new QueryParameter
> > > > > > > > ("xoauth_signature_publickey","pub.
> > > > > > > > 1199819524.-1556113204990931254.cer"));
> > > > > > > > parameters.Add(new QueryParameter("oauth_token",
> > ""));
>
> > > > > > > > parameters.Sort(new QueryParameterComparer());
>
> > > > > > > > string normalizedRequestParameters =
> > > > > > > > NormalizeRequestParameters(parameters);
>
> > > > > > > > StringBuilder signatureBase = new StringBuilder();
> > > > > > > > signatureBase.AppendFormat("{0}&", "POST");
> > > > > > > > signatureBase.AppendFormat("{0}&", UrlEncode("
> >http://www.knownmarket.com/KMWeb/listingSvc.asmx";));
> > > > > > > > signatureBase.AppendFormat("{0}", UrlEncode
> > > > > > > > (normalizedRequestParameters));
> > > > > > > > return signatureBase.ToString();
> > > > > > > > }
>
> > > > > > > > X509Certificate Cert =
> > X509Certificate.CreateFromCertFile
> > > > > > > > ( Request.PhysicalApplicationPath + "/bin/pub.
> > > > > > > > 1199819524.-1556113204990931254.cer");
> > > > > > > > RSACryptoServiceProvider Provider =
> > > > > > > > CertUtil.GetCertPublicKey(Cert);
> > > > > > > > OAuth.OAuthBase ba = new OAuthBase();
> > > > > > > > string baseString =
> > ba.GenerateSignatureBase(Request.Url,
> > > > > > > > Request.QueryString["oauth_consumer_key"], "",
> > Request.QueryString
> > > > > > > > ["oauth_token"], "", Request.HttpMethod, Request.QueryString
> > > > > > > > ["oauth_timestamp"], Request.QueryString["oauth_nonce"],
> > "RSA-SHA1");
>
> > > > > > > > string signature =
> > "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/
> > > > > > > > wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/
>
> > 4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/
> > > > > > > > wyG3HK2GpOE=";
> > > > > > > > byte[] sign = Convert.FromBase64String(signature);
>
> > > > > > > > byte[] bstring =
> > Encoding.UTF8.GetBytes(baseString);
> > > > > > > > Response.Write(Provider.VerifyData(bstring, "SHA1",
> > > > > > > > sign));
>
> > > > > > > > Thanks,
> > > > > > > > -Akash
>
> > > > > > > > On Nov 2, 1:29 am, Robson Dantas <biu.dan...@gmail.com> wrote:
>
> > > > > > > > > Sorry, sent you the java version. Here is the link for .NET
>
> > > > > > > > >http://code.google.com/p/opensocial-net-client/
>
> > > > > > > > > Cheers
>
> > > > > > > > > Robson Dantas
>
> > > > > > > > > 2009/11/1 Robson Dantas <biu.dan...@gmail.com>
>
> > > > > > > > > >Akash,
>
> > > > > > > > > > I dont know what kind of oauth lib you´re using, but i got
> > some problems
> > > > > > > > > > too, using the library which was described on
> > wiki.opensocial.org .
>
> > > > > > > > > > After spending some time debugging, figured out that it was
> > a problem on
>
> ...
>
> read more »- Hide quoted text -
>
> - Show quoted text -
--
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-or...@googlegroups.com.
To unsubscribe from this group, send email to
opensocial-orkut+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=.
