ASPNET实现QQ微信新浪微博OAuth20授权登录Word文件下载.docx
《ASPNET实现QQ微信新浪微博OAuth20授权登录Word文件下载.docx》由会员分享,可在线阅读,更多相关《ASPNET实现QQ微信新浪微博OAuth20授权登录Word文件下载.docx(15页珍藏版)》请在冰豆网上搜索。
///生成唯一随机串防CSRF攻击
/summary&
returns&
&
/returns&
protectedstringGetStateCode()
{
&
Randomrand=newRandom();
stringdata=DateTime.Now.ToString("
yyyyMMddHHmmssffff"
)+rand.Next(1,0xf423f).ToString();
MD5CryptoServiceProvidermd5=newMD5CryptoServiceProvider();
byte[]md5byte=md5.ComputeHash(UTF8Encoding.Default.GetBytes(data));
returnBitConverter.ToString(md5byte).Replace("
-"
"
"
);
}
///GET请求
paramname="
url"
/param&
protectedstringGetRequest(stringurl)
HttpWebRequesthttpWebRequest=System.Net.WebRequest.Create(url)asHttpWebRequest;
httpWebRequest.Method="
GET"
;
httpWebRequest.ServicePoint.Expect100Continue=false;
StreamReaderresponseReader=null;
stringresponseData;
try
responseReader=newStreamReader(httpWebRequest.GetResponse().GetResponseStream());
responseData=responseReader.ReadToEnd();
finally
httpWebRequest.GetResponse().GetResponseStream().Close();
responseReader.Close();
returnresponseData;
///POST请求
postData"
protectedstringPostRequest(stringurl,stringpostData)
POST"
httpWebRequest.ContentType="
application/x-www-form-urlencoded"
//写入POST参数
StreamWriterrequestWriter=newStreamWriter(httpWebRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
//读取请求后的结果
///解析JSON
strJson"
protectedNameValueCollectionParseJson(stringstrJson)
NameValueCollectionmc=newNameValueCollection();
Regexregex=newRegex(@"
(\s*\bsp;
foreach(Matchminregex.Matches(strJson))
mc.Add(m.Groups[2].Value,m.Groups[3].Value);
returnmc;
///解析URL
strParams"
protectedNameValueCollectionParseUrlParameters(stringstrParams)
NameValueCollectionnc=newNameValueCollection();
foreach(stringpinstrParams.Split('
amp;
'
))
string[]ps=p.Split('
='
nc.Add(ps[0],ps[1]);
returnnc;
#endregion
}
2.QQ的OAuth类
publicclassQQOAuth:
BaseOAuth
publicstringAppId=ConfigurationManager.AppSettings["
OAuth_QQ_AppId"
];
publicstringAppKey=ConfigurationManager.AppSettings["
OAuth_QQ_AppKey"
publicstringRedirectUrl=ConfigurationManager.AppSettings["
OAuth_QQ_RedirectUrl"
publicconststringGET_AUTH_CODE_URL="
publicconststringGET_ACCESS_TOKEN_URL="
publicconststringGET_OPENID_URL="
///QQ登录,跳转到登录页面
publicoverridevoidLogin()
//-------生成唯一随机串防CSRF攻击
stringstate=GetStateCode();
Session["
QC_State"
]=state;
//state放入Session
stringparms="
?
response_type=code&
+"
client_id="
+AppId+"
redirect_uri="
+Uri.EscapeDataString(RedirectUrl)+"
state="
+state;
stringurl=GET_AUTH_CODE_URL+parms;
Response.Redirect(url);
//跳转到登录页面
///QQ回调函数
code"
state"
publicoverridestringCallback()
stringcode=Request.QueryString["
stringstate=Request.QueryString["
//--------验证state防止CSRF攻击
if(state!
=(string)Session["
])
ShowError("
30001"
grant_type=authorization_code&
+Uri.EscapeDataString(RedirectUrl)
client_secret="
+AppKey+"
code="
+code;
stringurl=GET_ACCESS_TOKEN_URL+parms;
stringstr=GetRequest(url);
if(str.IndexOf("
callback"
)!
=-1)
intlpos=str.IndexOf("
("
intrpos=str.IndexOf("
)"
str=str.Substring(lpos+1,rpos-lpos-1);
NameValueCollectionmsg=ParseJson(str);
if(!
string.IsNullOrEmpty(msg["
error"
]))
ShowError(msg["
],msg["
error_description"
]);
NameValueCollectiontoken=ParseUrlParameters(str);
QC_AccessToken"
]=token["
access_token"
//access_token放入Session
returntoken["
///使用AccessToken来获取用户的OpenID
accessToken"
publicstringGetOpenID()
access_token="
+Session["
stringurl=GET_OPENID_URL+parms;
NameValueCollectionuser=ParseJson(str);
string.IsNullOrEmpty(user["
ShowError(user["
],user["
QC_OpenId"
]=user["
openid"
//openid放入Session
returnuser["
///显示错误信息
错误编号&
description"
错误描述&
privatevoidShowError(stringcode,stringdescription=null)
if(description==null)
switch(code)
case"
20001"
:
description="
h2&
配置文件损坏或无法读取,请检查web.config&
/h2&
break;
Thestatedoesnotmatch.YoumaybeavictimofCSRF.&
升级会员 