我正在使用 ASP.NET 我想为 FB de-auth 实现监听器。
我从 FB 服务器获得了 signed_request 参数。 如何使用 C# 解密?
谢谢!
【问题讨论】:
不确定您是否正确...但我参考了 Facebook C# SDK 并这样做了:
Deauth.aspx:
protected void Page_Load(object sender, EventArgs e)
{
if (!String.IsNullOrEmpty(Request["signed_request"]))
{
string signed_request = Request["signed_request"];
Dictionary<string, Facebook.JSONObject> jsonDict = new Dictionary<string, Facebook.JSONObject>();
if (Helper.FacebookAPI.ValidateSignedRequest(signed_request, out jsonDict))
{
if (jsonDict.ContainsKey("user_id"))
{
long FacebookId = jsonDict["user_id"].Integer;
// delete code
}
}
}
}
然后我的 Facebook Helper 类看起来像这样:
namespace Helper {
public static class FacebookAPI
{
public static Dictionary<string, Facebook.JSONObject> DecodePayload(string payload)
{
var encoding = new UTF8Encoding();
var decodedJson = payload.Replace("=", string.Empty).Replace('-', '+').Replace('_', '/');
var base64JsonArray = Convert.FromBase64String(decodedJson.PadRight(decodedJson.Length + (4 - decodedJson.Length % 4) % 4, '='));
var json = encoding.GetString(base64JsonArray);
var jObject = Facebook.JSONObject.CreateFromString(json);
return jObject.Dictionary;
}
public static bool ValidateSignedRequest(string VALID_SIGNED_REQUEST, out Dictionary<string, Facebook.JSONObject> json)
{
string applicationSecret = ConfigurationManager.AppSettings["Secret"];
string[] signedRequest = VALID_SIGNED_REQUEST.Split('.');
string expectedSignature = signedRequest[0];
string payload = signedRequest[1];
json = DecodePayload(payload);
// Attempt to get same hash
var Hmac = SignWithHmac(UTF8Encoding.UTF8.GetBytes(payload), UTF8Encoding.UTF8.GetBytes(applicationSecret));
var HmacBase64 = ToUrlBase64String(Hmac);
return (HmacBase64 == expectedSignature);
}
private static string ToUrlBase64String(byte[] Input)
{
return Convert.ToBase64String(Input).Replace("=", String.Empty)
.Replace('+', '-')
.Replace('/', '_');
}
private static byte[] SignWithHmac(byte[] dataToSign, byte[] keyBody)
{
using (var hmacAlgorithm = new HMACSHA256(keyBody))
{
hmacAlgorithm.ComputeHash(dataToSign);
return hmacAlgorithm.Hash;
}
}
public static string SerializeDict(Dictionary<string, Facebook.JSONObject> jsonDict)
{
// serialize the dictionary
DataContractSerializer serializer = new DataContractSerializer(jsonDict.GetType());
using (StringWriter sw = new StringWriter())
{
using (XmlTextWriter writer = new XmlTextWriter(sw))
{
// add formatting so the XML is easy to read in the log
writer.Formatting = Formatting.Indented;
serializer.WriteObject(writer, jsonDict);
writer.Flush();
return sw.ToString();
}
}
}
public static string GetAuthToken()
{
string appId = ConfigurationManager.AppSettings["AppId"];
string secret = ConfigurationManager.AppSettings["Secret"];
string url = String.Format("https://graph.facebook.com/oauth/access_token?client_id={0}&client_secret={1}&grant_type=client_credentials", appId, secret);
string[] token = HttpGetData(url).Split('=');
return token[1];
}
public static string HttpGetData(string url)
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
StreamReader reader = new StreamReader(response.GetResponseStream());
return (reader.ReadToEnd());
}
}
public static string HttpPostData(string url, string nameValuePair)
{
HttpWebRequest request = WebRequest.Create(url + "&" + nameValuePair) as HttpWebRequest;
request.Method = WebRequestMethods.Http.Post;
try
{
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
StreamReader reader = new StreamReader(response.GetResponseStream());
return (reader.ReadToEnd());
}
}
catch (WebException ex)
{
return ex.Message;
}
}
}}
【讨论】:
查看 CodePlex 上的 Facebook C# SDK,您可以使用它或查看他们如何处理 signed_request 加密。还有this SO 帖子也有类似的倾斜。
我承认这不是一个真正的答案,只是不知道如何将链接放入 cmets
【讨论】: