腾讯开放平台中实现QQ登陆的功能
昨天为自己的网站实现了QQ登陆的功能,虽然,没有进行绑定,但是在技术层面上来说,已经了解了一点腾讯开放平台的协议.
具体什么是OAUTH,请您GG一下吧...
关于腾讯的开放平台,最主要的就是参数一定不能多,能有的要有,不能有的一定不能有.不然提交过去,就会提示什么什么错了.
最关键的就是签名的方式,下面就是我的签名的代码
1
///
<summary>
2 /// 每一步不同的生成签名的方式
3 /// </summary>
4 /// <returns></returns>
5 protected virtual StringBuildSignature(StringSignatureHost)
6 {
7 StringPostMethodString = " GET& " ;
8 StringBuilderParamString = new StringBuilder();
9 this .CurrentStepParameters
10 .OrderBy(c => c.Key.ToString())
11 .ToList()
12 .ForEach(c =>
13 {
14 if (c.Key != OAuthParameterName.oauth_signature &&
15 c.Key != OAuthParameterName.timestamp)
16 {
17 if (ParamString.Length > 0 )
18 {
19 ParamString.Append( " & " );
20 }
21 varp = c.Value;
22 ParamString.Append(p.OAuthOringinaName);
23 ParamString.Append( " = " );
24 ParamString.Append(p.Value);
25 }
26 }
27 );
28 StringBuilderSignData = new StringBuilder();
29 SignData.Append(PostMethodString);
30 SignData.Append(OAuthHelper.UrlEncode(SignatureHost));
31 SignData.Append( " & " );
32 SignData.Append(OAuthHelper.UrlEncode(ParamString.ToString()));
33
34 // 密钥
35 StringSecretKey = String.Format( " {0}&{1} " , this .AppKey, this .AuthorizedTokenKey);
36 StringSignContent = SignData.ToString();
37 StringSignature = Convert.ToBase64String(OAuthHelper.HMACSHA1Code(SignContent,SecretKey));
38 return Signature;
39 }
2 /// 每一步不同的生成签名的方式
3 /// </summary>
4 /// <returns></returns>
5 protected virtual StringBuildSignature(StringSignatureHost)
6 {
7 StringPostMethodString = " GET& " ;
8 StringBuilderParamString = new StringBuilder();
9 this .CurrentStepParameters
10 .OrderBy(c => c.Key.ToString())
11 .ToList()
12 .ForEach(c =>
13 {
14 if (c.Key != OAuthParameterName.oauth_signature &&
15 c.Key != OAuthParameterName.timestamp)
16 {
17 if (ParamString.Length > 0 )
18 {
19 ParamString.Append( " & " );
20 }
21 varp = c.Value;
22 ParamString.Append(p.OAuthOringinaName);
23 ParamString.Append( " = " );
24 ParamString.Append(p.Value);
25 }
26 }
27 );
28 StringBuilderSignData = new StringBuilder();
29 SignData.Append(PostMethodString);
30 SignData.Append(OAuthHelper.UrlEncode(SignatureHost));
31 SignData.Append( " & " );
32 SignData.Append(OAuthHelper.UrlEncode(ParamString.ToString()));
33
34 // 密钥
35 StringSecretKey = String.Format( " {0}&{1} " , this .AppKey, this .AuthorizedTokenKey);
36 StringSignContent = SignData.ToString();
37 StringSignature = Convert.ToBase64String(OAuthHelper.HMACSHA1Code(SignContent,SecretKey));
38 return Signature;
39 }
这里的CurrentStepParameters是在构造方式里进行赋值,或者其它地方,签名里最关键的,就是oauth_signature和timestamp这两个参数,要记得去掉,在这里,我选择了过滤.
因为有的时候,CurrentStepParameters这个字典从querystring来生成的话会简单点还有能复用.
在所有参数中,有几个是经常会用到的.
所以,在此我建立了一个通用参数生成方法
1
protected
virtual
void
AddCommonParameters()
2 {
3 if ( this .CurrentStepParameters != null )
4 {
5 // 增加通用参数
6 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_consumer_key, this .AppID);
7 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_nonce,DateTime.UtcNow.Ticks.ToString());
8 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_timestamp,OAuthHelper.GenerateTimestamp());
9 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_version, " 1.0 " );
10 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_signature_method, " HMAC-SHA1 " );
11 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_client_ip, " 1 " );
12
13 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_token_secret))
14 {
15 this .AuthorizedTokenKey = CurrentStepParameters[OAuthParameterName.oauth_token_secret].Value;
16 }
17
18 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_signature))
19 {
20 CurrentStepParameters.Remove(OAuthParameterName.oauth_signature);
21 }
22
23 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.timestamp))
24 {
25 CurrentStepParameters.Remove(OAuthParameterName.timestamp);
26 }
27 }
28 }
2 {
3 if ( this .CurrentStepParameters != null )
4 {
5 // 增加通用参数
6 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_consumer_key, this .AppID);
7 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_nonce,DateTime.UtcNow.Ticks.ToString());
8 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_timestamp,OAuthHelper.GenerateTimestamp());
9 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_version, " 1.0 " );
10 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_signature_method, " HMAC-SHA1 " );
11 this .CurrentStepParameters.AddParam(OAuthParameterName.oauth_client_ip, " 1 " );
12
13 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_token_secret))
14 {
15 this .AuthorizedTokenKey = CurrentStepParameters[OAuthParameterName.oauth_token_secret].Value;
16 }
17
18 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_signature))
19 {
20 CurrentStepParameters.Remove(OAuthParameterName.oauth_signature);
21 }
22
23 if ( this .CurrentStepParameters.ContainsKey(OAuthParameterName.timestamp))
24 {
25 CurrentStepParameters.Remove(OAuthParameterName.timestamp);
26 }
27 }
28 }
下面是一个测试地址 :http://www.changshu.so/Tencent,之后等完成绑定后,地址会删除
组件下载地址 :http://files.cnblogs.com/sam251/CSCMS.Secrity.OAuth.rar
后续还有绑定的需要自己去实现了.如果能有通用的方式,我会定时更新,另外,其它OAUTH,比如SINA的,正在研究.
本程序里的OAuthHelper.GenerateTimestamp());
原文地址:http://www.cnblogs.com/sam251/archive/2011/09/15/oauth_tencent.html