You can use TwitterVB which covers nearly the complete API in .NET (OAuth included). U find it on codeplex http://twittervb.codeplex.com/
Cheers, Thomas Nicholas Granado schrieb: > Simon, > > You would sign the request with all of the usual "oauth param" > suspects. If I recall correctly this endpoint has no other params other > than the 'image' param in the multi-part post body whose value would be > the bytes of the image file. Typically I've only seen the post params > passed into the oauth signing rigmarole when the post body is urlencoded. > > I hope this helps, this whole OAuth thing can be very confusing at first > glance. If you are in C# I have my own lib for twitter basic auth/oauth > that I've baked up, if you like I could pass you the bits. > > Nicholas > --- > Nicholas Granado > email: [email protected] <mailto:[email protected]> > twitter: heatxsink > web: http://nickgranado.com > > > On Mon, Oct 19, 2009 at 6:38 AM, Zaudio <[email protected] > <mailto:[email protected]>> wrote: > > > Nicholas, > That's great feedback! > > In you opinion, how do I then sign the request? Do I use all the usual > for the signaturebase... ie postmethod&url&nonce&etc etc > or just postmethod&url& as David suggested? > > I trust that the image data does not come into the signing process, > and that I still can post the data using iso-8859-1 encoding as I > would normally do for uploading files? > > If you have these answers, then I should be able to nail this for > our .net case.Oauth's been working great for us until this hitch... > > Thanks > > Simon > > > On Oct 18, 6:11 pm, Nicholas Granado <[email protected] > <mailto:[email protected]>> wrote: > > Simon, > > > > I believe the body of your post might be incorrect. It should look > like > > this: > > > > POST /account/update_profile_image.xml HTTP/1.1 > > Content-Type: multipart/form-data; > > boundary=----------------------------8cbed79c91b24f3 > > Host: twitter.com <http://twitter.com> > > Content-Length: 3863(this will probably change now..) > > > > ------------------------------8cbed79c91b24f3 > > Content-Disposition: form-data; name="image"; filename="test.jpg" > > Content-Type: image/jpeg > > > > (there's a few K of binary data here, the contents of the file) > > ------------------------------8cbed79c91b24f3 > > > > The rest of the OAuth variables should be passed on the query string. > > > > I hope this helps. > > > > Cheers, > > Nicholas > > --- > > Nicholas Granado > > email: [email protected] <mailto:[email protected]> > > twitter: heatxsink > > web: http://nickgranado.com > > > > On Sun, Oct 18, 2009 at 2:42 PM, Zaudio <[email protected] > <mailto:[email protected]>> wrote: > > > > > Hi David, > > > > > I found your excellent post hoping that it would solve the same > > > challenge for my app: updating profile image via Oauth... using > > > similar .net base to yourself... > > > BUT I just get the 401 all the time... despite taking your advice to > > > just sign with the HTTPmethod & URL.... My post data is laid out > much > > > like yours... though I never got that 500 error... > > > > > I've tried all sorts... dropping the & off the end.... different > > > encodings... > > > > > What encoding did you use to encode your image, and then to post the > > > request? > > > > > Does it still work for you... or did this get broken when Twitter > > > 'fixed' their Oauth implementation? > > > > > Can anyone else advise if they have got this working and where I > might > > > be going wrong? > > > > > Thanks > > > > > Simon (Zaudio) > > > > > On Aug 19, 11:40 pm, David Carson <[email protected] > <mailto:[email protected]>> wrote: > > > > Got this sorted out and working, and thought I should share > the two > > > > pitfalls which were causing me problems. > > > > > > First of all, unbelievably, the 500 Internal Server Error was > being > > > > caused by an extra carriage return between my last HTTP header > and the > > > > first multipart boundary. Seriously. I had two blank lines in > there > > > > instead of one. Removed the extra carriage return, and my 500 > > > > vanished, being replaced by a more reasonable "(401) > Unauthorized - > > > > Incorrect signature" error. > > > > > > Secondly, the OAuth documentation seems a bit shaky when it > comes to > > > > multipart/form-data POSTs. But basically, you do NOT use any > of the > > > > POST parameters when creating your signature. And this > includes all of > > > > the OAuth-specific parameters like oauth_consumer_key, > > > > oauth_signature_method, etc. Bit of a security hole imho, OAuth > > > > implements all this complexity to avoid man-in-the-middle or > replay > > > > attacks, and as soon as you do a multipart POST it's all negated. > > > > > > So, my signature base was literally: > > > > > > > POST&http%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml& > > > > > > Just the HTTP method and the URL. No parameters. > > > > > > Once I made that change to the signature generation, my > request went > > > > through fine and my avatar changed. > > > > > > Hope this helps someone! > > > > > > Cheers, > > > > David... > >
signature.asc
Description: OpenPGP digital signature
