Twitter Authentication gives 'incorrect signature' using DotNetOpenauth
I'm using dotnetopenauth in combination with a WCF service to request access tokens. The following steps are no problem:
- Directing user to Twitter's 'Allow Access' page.
- Redirection from Twitter to my callback Url and storing the RequestToken and Secret.
- Exchanging RequestToken and Secrect for an AccessToken and Secret.
The problem occurs when I try to do a request (getting the user's favorites) on the users behalf. I get a 401 response, with the message 'Incorrect Signature'.
It's obvious the signature is the problem, but I don't know why it's an incorrect signature because it get's generated by the dotnetopenauth library. I even checked the basestring, and th开发者_JAVA百科at looks fine. So Some parameters must be wrong or something.
Could it be the problem is the domain from where the request is done. I'm currently behind a proxy (but added the proxy's ip to the allowed domains list in my app) ?
Edit: Added LOGS:
The user get's redirected from the application to the Twitter Auth page, and then get's redirected to my app with the request token and verifier. Then I exchange those for anaccesToken and Secret. But when using thos to perform a request I get the error 'incorrect signature'.
2011-05-19 17:32:57,815 [8] INFO DotNetOpenAuth [(null)] - DotNetOpenAuth, Version=3.4.7.11121, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
2011-05-19 17:32:57,849 [8] INFO DotNetOpenAuth [(null)] - Reporting will use isolated storage with scope: User, Domain, Assembly
2011-05-19 17:32:57,900 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Preparing to send UnauthorizedTokenRequest (1.0.1) message.
2011-05-19 17:32:57,901 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement applied to message.
2011-05-19 17:32:57,904 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
2011-05-19 17:32:57,905 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2011-05-19 17:32:57,907 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Applying secrets to message to prepare for signing or signature verification.
2011-05-19 17:32:57,908 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Signing UnauthorizedTokenRequest message using HMAC-SHA1.
2011-05-19 17:32:57,923 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Constructed signature base string: GET&http%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Ftest%252FsocialApi.svc%252FOauth2%253FsessionToken%253D%26oauth_consumer_key%3DLP0drhz9ry2F5f4lt0HCwg%26oauth_nonce%3D0Rq1Uatx%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1305819177%26oauth_version%3D1.0
2011-05-19 17:32:57,923 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain applied to message.
2011-05-19 17:32:57,930 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Prepared outgoing UnauthorizedTokenRequest (1.0.1) message for http://api.twitter.com/oauth/request_token:
oauth_callback: http://test/socialApi.svc/Oauth2?sessionToken=
oauth_consumer_key: LP0drhz9ry2F5f4lt0HCwg
oauth_nonce: 0Rq1Uatx
oauth_signature_method: HMAC-SHA1
oauth_signature: AegT69ULyJBbh/sM4XtFO69J5as=
oauth_version: 1.0
oauth_timestamp: 1305819177
2011-05-19 17:32:57,933 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Sending UnauthorizedTokenRequest request.
2011-05-19 17:32:57,945 [8] DEBUG DotNetOpenAuth.Http [(null)] - HTTP GET http://api.twitter.com/oauth/request_token
2011-05-19 17:32:59,317 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Received UnauthorizedTokenResponse response.
2011-05-19 17:32:59,320 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Processing incoming UnauthorizedTokenResponse (1.0.1) message:
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
oauth_token_secret: EmxJ9VeAPUuaofGToOOoO37nGlKqA8feYARBsUseI
oauth_callback_confirmed: true
2011-05-19 17:32:59,323 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did not apply to message.
2011-05-19 17:32:59,324 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2011-05-19 17:32:59,326 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2011-05-19 17:32:59,326 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did not apply to message.
2011-05-19 17:32:59,326 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - After binding element processing, the received UnauthorizedTokenResponse (1.0.1) message is:
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
oauth_token_secret: EmxJ9VeAPUuaofGToOOoO37nGlKqA8feYARBsUseI
oauth_callback_confirmed: true
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Preparing to send UserAuthorizationRequest (1.0.1) message.
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did not apply to message.
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did not apply to message.
2011-05-19 17:32:59,329 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Prepared outgoing UserAuthorizationRequest (1.0.1) message for http://api.twitter.com/oauth/authorize:
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
2011-05-19 17:32:59,329 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Sending message: UserAuthorizationRequest
2011-05-19 17:32:59,335 [8] DEBUG DotNetOpenAuth.Http [(null)] - Redirecting to http://api.twitter.com/oauth/authorize?oauth_token=0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
2011-05-19 17:32:59,340 [8] DEBUG socialApi.socialApi [(null)] - TWITTERLOG: DotNetOpenAuth.OAuth.WebConsumer
[Footer]
[Header]
2011-05-19 17:33:01,567 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Scanning incoming request for messages: http://test/socialApi.svc/Oauth2?sessionToken=&oauth_token=0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo&oauth_verifier=tRYmE40kQYOwR9U0kmSMKn1fdIHKN1xVGAa43jbWp3M
2011-05-19 17:33:01,574 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Incoming request received: UserAuthorizationResponse
2011-05-19 17:33:01,574 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Processing incoming UserAuthorizationResponse (1.0.1) message:
oauth_verifier: tRYmE40kQYOwR9U0kmSMKn1fdIHKN1xVGAa43jbWp3M
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
sessionToken:
2011-05-19 17:33:01,574 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did not apply to message.
2011-05-19 17:33:01,574 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2011-05-19 17:33:01,574 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2011-05-19 17:33:01,575 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did not apply to message.
2011-05-19 17:33:01,575 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - After binding element processing, the received UserAuthorizationResponse (1.0.1) message is:
oauth_verifier: tRYmE40kQYOwR9U0kmSMKn1fdIHKN1xVGAa43jbWp3M
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
sessionToken:
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Preparing to send AuthorizedTokenRequest (1.0.1) message.
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement applied to message.
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Applying secrets to message to prepare for signing or signature verification.
2011-05-19 17:33:01,576 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Signing AuthorizedTokenRequest message using HMAC-SHA1.
2011-05-19 17:33:01,578 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Constructed signature base string: GET&http%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&oauth_consumer_key%3DLP0drhz9ry2F5f4lt0HCwg%26oauth_nonce%3DShyS8gWa%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1305819181%26oauth_token%3D0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo%26oauth_verifier%3DtRYmE40kQYOwR9U0kmSMKn1fdIHKN1xVGAa43jbWp3M%26oauth_version%3D1.0
2011-05-19 17:33:01,578 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain applied to message.
2011-05-19 17:33:01,578 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Prepared outgoing AuthorizedTokenRequest (1.0.1) message for http://api.twitter.com/oauth/access_token:
oauth_verifier: tRYmE40kQYOwR9U0kmSMKn1fdIHKN1xVGAa43jbWp3M
oauth_token: 0tTPF0N8Z0R3zFpnfHAfFAU6TFgrbD8ttYLjakbRo
oauth_consumer_key: LP0drhz9ry2F5f4lt0HCwg
oauth_nonce: ShyS8gWa
oauth_signature_method: HMAC-SHA1
oauth_signature: g4OTXcaVAi8D3x4MHtGzDAbHE+U=
oauth_version: 1.0
oauth_timestamp: 1305819181
2011-05-19 17:33:01,578 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Sending AuthorizedTokenRequest request.
2011-05-19 17:33:01,579 [8] DEBUG DotNetOpenAuth.Http [(null)] - HTTP GET http://api.twitter.com/oauth/access_token
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Received AuthorizedTokenResponse response.
2011-05-19 17:33:01,935 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Processing incoming AuthorizedTokenResponse (1.0.1) message:
oauth_token: 300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE
oauth_token_secret: 3fHEPHp5faATgk82WuS80RJba3HsFUrFoQ0VGyxC1I
user_id: 300285844
screen_name: TesterTest3
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did not apply to message.
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did not apply to message.
2011-05-19 17:33:01,935 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - After binding element processing, the received AuthorizedTokenResponse (1.0.1) message is:
oauth_token: 300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE
oauth_token_secret: 3fHEPHp5faATgk82WuS80RJba3HsFUrFoQ0VGyxC1I
user_id: 300285844
screen_name: TesterTest3
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Preparing to send AccessProtectedResourceRequest (1.0.1) message.
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement applied to message.
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Channel [(null)] - Applying secrets to message to prepare for signing or signature verification.
2011-05-19 17:33:01,937 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Signing AccessProtectedResourceRequest message using HMAC-SHA1.
2011-05-19 17:33:01,939 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Constructed signature base string: GET&http%3A%2F%2Fapi.twitter.com%2Fstatuses%2Ffriends_timeline.xml&oauth_consumer_key%3DLP0drhz9ry2F5f4lt0HCwg%26oauth_nonce%3DAOP0gDJR%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1305819181%26oauth_token%3D300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE%26oauth_version%3D1.0
2011-05-19 17:33:01,939 [8] DEBUG DotNetOpenAuth.Messaging.Bindings [(null)] - Binding element DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain applied to message.
2011-05-19 17:33:01,939 [8] INFO DotNetOpenAuth.Messaging.Channel [(null)] - Prepared outgoing AccessProtectedResourceRequest (1.0.1) message for http://api.twitter.com/statuses/friends_timeline.xml:
oauth_token: 300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE
oauth_consumer_key: LP0drhz9ry2F5f4lt0HCwg
oauth_nonce: AOP0gDJR
oauth_signature_method: HMAC-SHA1
oauth_signature: kaYZtw1L2lC6Y/NcayRFyN9cdf0=
oauth_version: 1.0
oauth_timestamp: 1305819181
2011-05-19 17:33:01,941 [8] DEBUG DotNetOpenAuth.Http [(null)] - HTTP GET http://api.twitter.com/statuses/friends_timeline.xml?oauth_token=300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE&oauth_consumer_key=LP0drhz9ry2F5f4lt0HCwg&oauth_nonce=AOP0gDJR&oauth_signature_method=HMAC-SHA1&oauth_signature=kaYZtw1L2lC6Y/NcayRFyN9cdf0=&oauth_version=1.0&oauth_timestamp=1305819181
2011-05-19 17:33:02,279 [8] ERROR DotNetOpenAuth.Http [(null)] - WebException from http://api.twitter.com/statuses/friends_timeline.xml?oauth_token=300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE&oauth_consumer_key=LP0drhz9ry2F5f4lt0HCwg&oauth_nonce=AOP0gDJR&oauth_signature_method=HMAC-SHA1&oauth_signature=kaYZtw1L2lC6Y/NcayRFyN9cdf0=&oauth_version=1.0&oauth_timestamp=1305819181:
<?xml version="1.0" encoding="UTF-8"?>
<hash>
<request>/statuses/friends_timeline.xml?oauth_token=300285844-uc1Yfu8a6rxjivWWIWyPVdq8UQILlYohwC3ChihE&oauth_consumer_key=LP0drhz9ry2F5f4lt0HCwg&oauth_nonce=AOP0gDJR&oauth_signature_method=HMAC-SHA1&oauth_signature=kaYZtw1L2lC6Y%2FNcayRFyN9cdf0%3D&oauth_version=1.0&oauth_timestamp=1305819181</request>
<error>Incorrect signature</error>
</hash>
加载中,请稍侯......
精彩评论