1、 / 生成唯一随机串防CSRF攻击/summary&returns&/returns& protected string GetStateCode() & Random rand = new Random(); string data = DateTime.Now.ToString(yyyyMMddHHmmssffff) + rand.Next(1, 0xf423f).ToString(); MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); byte md5byte = md5.ComputeHash(UTF8Enco
2、ding.Default.GetBytes(data); return BitConverter.ToString(md5byte).Replace(-, ); / GET请求param name=url/param& protected string GetRequest(string url) HttpWebRequest httpWebRequest = System.Net.WebRequest.Create(url) as HttpWebRequest; httpWebRequest.Method = GET; httpWebRequest.ServicePoint.Expect10
3、0Continue = false; StreamReader responseReader = null; string responseData; try responseReader = new StreamReader(httpWebRequest.GetResponse().GetResponseStream(); responseData = responseReader.ReadToEnd(); finally httpWebRequest.GetResponse().GetResponseStream().Close(); responseReader.Close(); ret
4、urn responseData; / POST请求postData protected string PostRequest(string url, string postData)POST httpWebRequest.ContentType = application/x-www-form-urlencoded /写入POST参数 StreamWriter requestWriter = new StreamWriter(httpWebRequest.GetRequestStream(); requestWriter.Write(postData); requestWriter.Clos
5、e(); /读取请求后的结果 / 解析JSONstrJson protected NameValueCollection ParseJson(string strJson) NameValueCollection mc = new NameValueCollection(); Regex regex = new Regex(s*bsp; foreach (Match m in regex.Matches(strJson) mc.Add(m.Groups2.Value, m.Groups3.Value); return mc; / 解析URLstrParams protected NameVal
6、ueCollection ParseUrlParameters(string strParams) NameValueCollection nc = new NameValueCollection(); foreach (string p in strParams.Split(amp;) string ps = p.Split(= nc.Add(ps0, ps1); return nc; #endregion2.QQ的OAuth类public class QQOAuth : BaseOAuth public string AppId = ConfigurationManager.AppSett
7、ingsOAuth_QQ_AppId; public string AppKey = ConfigurationManager.AppSettingsOAuth_QQ_AppKey public string RedirectUrl = ConfigurationManager.AppSettingsOAuth_QQ_RedirectUrl public const string GET_AUTH_CODE_URL = public const string GET_ACCESS_TOKEN_URL = public const string GET_OPENID_URL = / QQ登录,跳
8、转到登录页面 public override void Login() /-生成唯一随机串防CSRF攻击 string state = GetStateCode(); SessionQC_State = state; /state 放入Session string parms = ?response_type=code& + client_id= + AppId + redirect_uri= + Uri.EscapeDataString(RedirectUrl) + state= + state; string url = GET_AUTH_CODE_URL + parms; Respons
9、e.Redirect(url); /跳转到登录页面 / QQ回调函数codestate public override string Callback() string code = Request.QueryString string state = Request.QueryString /-验证state防止CSRF攻击 if (state != (string)Session) ShowError(30001grant_type=authorization_code& + Uri.EscapeDataString(RedirectUrl)client_secret= + AppKey
10、+ code= + code; string url = GET_ACCESS_TOKEN_URL + parms; string str = GetRequest(url); if (str.IndexOf(callback) != -1) int lpos = str.IndexOf( int rpos = str.IndexOf() str = str.Substring(lpos + 1, rpos - lpos - 1); NameValueCollection msg = ParseJson(str); if (!string.IsNullOrEmpty(msgerror) Sho
11、wError(msg, msgerror_description); NameValueCollection token = ParseUrlParameters(str);QC_AccessToken = tokenaccess_token /access_token 放入Session return token / 使用Access Token来获取用户的OpenIDaccessToken public string GetOpenID()access_token= + Session string url = GET_OPENID_URL + parms; NameValueCollec
12、tion user = ParseJson(str);string.IsNullOrEmpty(user ShowError(user, userQC_OpenId = useropenid /openid 放入Session return user / 显示错误信息错误编号&description错误描述& private void ShowError(string code, string description = null) if (description = null) switch (code) case 20001: description = h2&配置文件损坏或无法读取,请检查web.config&/h2& break;The state does not match. You may be a victim of CSRF.&
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1