gpt4 book ai didi

c# - MVC4 的严重 OAuth 问题

转载 作者:行者123 更新时间:2023-11-30 17:03:16 26 4
gpt4 key购买 nike

我在使用 OAuth 和 Facebook 时遇到问题。我正在使用 MVC4 标准 OAuth 登录。我在本地没有问题,但在服务器上这被证明是一个问题。

如果我将以下 URL 粘贴到浏览器中,它就可以正常工作:

http://localhost:46260/Account/ExternalLoginCallback?ReturnUrl=%2FDashboard&__provider__=FacebookPro&__sid__=1234somesid456  // this is autogenerated

当我将 Facebook 中应用程序的 URL 更改为当前域并将此 URL 粘贴进去时,我被重定向到不成功的登录页面:

http://freersvp.mytakeawaysite.com:80/Account/ExternalLoginCallback?ReturnUrl=%2FDashboard&__provider__=Facebook+Pro&__sid__=1234someid456  // note this is autogenerated

N.B 以上两个url是重定向uri

以下 URL 是所请求的并导致异常:

网址

https://graph.facebook.com/oauth/access_token?client_id=52*********37&redirect_uri=http%3a%2f%2ffreersvp.mytakeawaysite.com%3a80%2fAccount%2fExternalLoginCallback%3fReturnUrl%3d%252FDashboard%26__provider__%3dFacebook%2bPro%26__sid__%3d3c92eb7e84304afc931ef0ea7b62f56a&client_secret=2123***********4256&code=AQAQIJsj-ondldllVYKdpxJaZouqrlg9sjTcfUxyWhAw8MXbD2DvsOSujg2m7E3s3cvNusCI0ZZoJAuGgu_FLkPyjYMQAkTWDVyHTcAoJD-tezyXgn0vhoFzX3FmuRBHYpyJEM-dk0KgF5ugsTHo9yGjBjrcfMDUGu9IxkKQ36k3gMrwocM1_l5t342Q2kIOHdt8pPcyrs--NzgNyZv48vSq7jkZwuQ95xRjUHG5J-ptcgq0l2BlqjzHDDuvIFH23lpMWHzzqdejdj5ejukz7t_Fnhx-mrpVdcRYhP3JeZ2UOTjAyKQmUB3rInooECcjq4c

异常

  {
"error": {
"message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request",
"type": "OAuthException",
"code": 100
}
}

string token 在下面代码的 GetUserData 函数中返回 null:

我正在使用 FacebookScopedClient:

public class FacebookScopedClient : IAuthenticationClient
{
private string appId;
private string appSecret;
private string scope;

private const string baseUrl = "https://www.facebook.com/dialog/oauth?client_id=";
public const string graphApiToken = "https://graph.facebook.com/oauth/access_token?";
public const string graphApiMe = "https://graph.facebook.com/me?";

private static string GetHTML(string URL)
{
string connectionString = URL;

try
{
System.Net.HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(connectionString);
myRequest.Credentials = CredentialCache.DefaultCredentials;
//// Get the response
WebResponse webResponse = myRequest.GetResponse();
Stream respStream = webResponse.GetResponseStream();
////
StreamReader ioStream = new StreamReader(respStream);
string pageContent = ioStream.ReadToEnd();
//// Close streams
ioStream.Close();
respStream.Close();
return pageContent;
}
catch(Exception ex)
{
}
return null;
}

private IDictionary<string, string> GetUserData(string accessCode, string redirectURI)
{
SessionControl ctl = new SessionControl();
ctl.SaveParam("redirecturi", redirectURI, -3);
ctl.Dispose();
string token = GetHTML(graphApiToken + "client_id=" + appId + "&redirect_uri=" + HttpUtility.UrlEncode(redirectURI) + "&client_secret=" + appSecret + "&code=" + accessCode);

if(token == null || token == "")
{

return null;
}
string access_token = token.Substring(token.IndexOf("access_token="), token.IndexOf("&"));
string data = GetHTML(graphApiMe + "fields=id,name,email,username,gender,link&" + access_token);

try
{


}
catch { }
// this dictionary must contains
Dictionary<string, string> userData = JsonConvert.DeserializeObject<Dictionary<string, string>>(data);
userData.Add("accesstoken", access_token);

try
{
userData.Add("id", userData["id"]);
}
catch { }
return userData;
}

public FacebookScopedClient(string appId, string appSecret, string scope)
{
this.appId = appId;
this.appSecret = appSecret;
this.scope = scope;
}

public string ProviderName
{
get { return "FacebookPro"; }
}

public void RequestAuthentication(System.Web.HttpContextBase context, Uri returnUrl)
{
string url = baseUrl + appId + "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString()) + "&scope=" + scope;
context.Response.Redirect(url);
}

public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)
{
string code = context.Request.QueryString["code"];

string rawUrl = context.Request.Url.OriginalString;
//From this we need to remove code portion
rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", "");

IDictionary<string, string> userData = GetUserData(code, rawUrl);

if(userData == null)
return new AuthenticationResult(false, ProviderName, null, null, null);

string id = userData["id"];


string username = userData["email"];

if(username == null || username == "")
{
username = userData["username"];
}
//userData.Remove("id");
userData.Remove("username");

AuthenticationResult result = new AuthenticationResult(true, ProviderName, id, username, userData);
return result;
}
}

最佳答案

在通过 url 解码器运行导致错误的已发布 url 之后,由于某种原因,问题在于您的 url 编码了整个查询字符串,而不仅仅是 url。

您会在该 url 中注意到一堆 %26 项目,这些项目是 url 编码的 & 这就是引发错误的原因。 Facebook 解析器看到 %26 而不是 &,并将其视为一个参数。

& 在发送到页面时分隔 url 查询字符串参数。如果没有完整的代码,我无法告诉您去哪里查看,但在您的代码中的某些地方您完全编码了整个查询字符串,并且需要找到那段代码并且只对嵌入的 url 进行编码。

好的,阅读完内容后可以试试这个理论。

我认为您的代码正在从 Facebook 接收这些内容,经过 url 编码,然后您的系统正在对其进行重新编码。尝试获取任何收到的内容,首先对其进行 url 解码、操作,然后根据需要重新编码。

希望对你有帮助

关于c# - MVC4 的严重 OAuth 问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18803620/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com