1、ASPNET实现QQ微信新浪微博OAuth20授权登录不管是腾讯还是新浪,查看他们的API,PHP都是有完整的接口,但对C#支持似乎都不是那么完善,都没有,腾讯是完全没有,新浪是提供第三方的,而且后期还不一定升级,NND,用第三方的动辄就一个类库,各种配置还必须按照他们约定的写,烦而且乱,索性自己写,后期的扩展也容易,看过接口后,开始以为很难,参考了几个源码之后发现也不是那么难,无非是GET或POST请求他们的接口获取返回值之类的,话不多说,这里只提供几个代码共参考,抛砖引玉了。我这个写法的特点是,用到了Session,使用对象实例化之后调用 Login() 跳转到登录页面,在回调页面调用Ca
2、llback() 执行之后,可以从Session也可以写独立的函数(如:GetOpenID())中获取access_token或用户的唯一标识,以方便做下一步的操作。所谓绑定就是把用户的唯一标识取出,插入数据库,和帐号绑定起来。1.首先是所有OAuth类的基类,放一些需要公用的方法public abstract class BaseOAuth public HttpRequest Request = HttpContext.Current.Request; public HttpResponse Response = HttpContext.Current.Respon
3、se; public HttpSessionState Session = HttpContext.Current.Session; public abstract void Login(); public abstract string Callback(); #region 内部使用函数 / <summary> / 生成唯一随机串防CSRF攻击 / </summary> / <returns></returns> protected s
4、tring GetStateCode() Random rand = new Random(); string data = DateTime.Now.ToString(yyyyMMddHHmmssffff) + rand.Next(1, 0xf423f).ToString(); MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); byte md5byte = md5.ComputeHash(UTF8En
5、coding.Default.GetBytes(data); return BitConverter.ToString(md5byte).Replace(-, ); / <summary> / GET请求 / </summary> / <param name=url></param> / <returns></returns> protected string GetRequest(string url)&nbs
6、p; HttpWebRequest httpWebRequest = System.Net.WebRequest.Create(url) as HttpWebRequest; httpWebRequest.Method = GET; httpWebRequest.ServicePoint.Expect100Continue = false; StreamReader responseReader = null; string responseData;
7、 try responseReader = new StreamReader(httpWebRequest.GetResponse().GetResponseStream(); responseData = responseReader.ReadToEnd(); finally httpWebRequest.GetResponse().GetRespon
8、seStream().Close(); responseReader.Close(); return responseData; / <summary> / POST请求 / </summary> / <param name=url></param> / <param name=postData></param> / <returns>
9、;</returns> protected string PostRequest(string url, string postData) HttpWebRequest httpWebRequest = System.Net.WebRequest.Create(url) as HttpWebRequest; httpWebRequest.Method = POST; httpWebRequest.ServicePoint.Expect100Continue = false;&nb
10、sp; httpWebRequest.ContentType = application/x-www-form-urlencoded; /写入POST参数 StreamWriter requestWriter = new StreamWriter(httpWebRequest.GetRequestStream(); try requestWriter.Write(postData);
11、 finally requestWriter.Close(); /读取请求后的结果 StreamReader responseReader = null; string responseData; try responseReader = new StreamReader(httpWebRequest.GetResponse().
12、GetResponseStream(); responseData = responseReader.ReadToEnd(); finally httpWebRequest.GetResponse().GetResponseStream().Close(); responseReader.Close(); return responseDat
13、a; / <summary> / 解析JSON / </summary> / <param name=strJson></param> / <returns></returns> protected NameValueCollection ParseJson(string strJson) NameValueCollection mc = new NameValueCollection();&nbs
14、p; Regex regex = new Regex(s*bsp; foreach (Match m in regex.Matches(strJson) mc.Add(m.Groups2.Value, m.Groups3.Value); return mc; / <summary> / 解析URL / </summary> / <param
15、name=strParams></param> / <returns></returns> protected NameValueCollection ParseUrlParameters(string strParams) NameValueCollection nc = new NameValueCollection(); foreach (string p in strParams.Split(&)  
16、; string ps = p.Split(=); nc.Add(ps0, ps1); return nc; #endregion2.QQ的OAuth类public class QQOAuth : BaseOAuth public string AppId = ConfigurationManager.AppSettingsOAuth_QQ_AppId; public string AppKey = ConfigurationManage
17、r.AppSettingsOAuth_QQ_AppKey; public string RedirectUrl = ConfigurationManager.AppSettingsOAuth_QQ_RedirectUrl; public const string GET_AUTH_CODE_URL = public const string GET_ACCESS_TOKEN_URL = public const string GET_OPENID_URL = / <summary> / QQ登录,跳转到登
18、录页面 / </summary> public override void Login() /-生成唯一随机串防CSRF攻击 string state = GetStateCode(); SessionQC_State = state; /state 放入Session string parms = ?response_type=code& + client_id= + AppId + &
19、;redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &state= + state; string url = GET_AUTH_CODE_URL + parms; Response.Redirect(url); /跳转到登录页面 / <summary> / QQ回调函数 / </summary> / <param name=code></param> / &l
20、t;param name=state></param> / <returns></returns> public override string Callback() string code = Request.QueryStringcode; string state = Request.QueryStringstate; /-验证state防止CSRF攻击 if (state != (string)Sessi
21、onQC_State) ShowError(30001); string parms = ?grant_type=authorization_code& + client_id= + AppId + &redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &client_secret= + AppKey + &co
22、de= + code; string url = GET_ACCESS_TOKEN_URL + parms; string str = GetRequest(url); if (str.IndexOf(callback) != -1) int lpos = str.IndexOf(); int rpos = str.IndexOf(); str = str.Substri
23、ng(lpos + 1, rpos - lpos - 1); NameValueCollection msg = ParseJson(str); if (!string.IsNullOrEmpty(msgerror) ShowError(msgerror, msgerror_description); NameValueCol
24、lection token = ParseUrlParameters(str); SessionQC_AccessToken = tokenaccess_token; /access_token 放入Session return tokenaccess_token; / <summary> / 使用Access Token来获取用户的OpenID / </summary> / <param name=accessToken></param&
25、gt; / <returns></returns> public string GetOpenID() string parms = ?access_token= + SessionQC_AccessToken; string url = GET_OPENID_URL + parms; string str = GetRequest(url); if (str.IndexOf(callback) != -1) &nbs
26、p; int lpos = str.IndexOf(); int rpos = str.IndexOf(); str = str.Substring(lpos + 1, rpos - lpos - 1); NameValueCollection user = ParseJson(str); if (!string.IsNullOrEmpty(usererror) &nb
27、sp; ShowError(usererror, usererror_description); SessionQC_OpenId = useropenid; /openid 放入Session return useropenid; / <summary> / 显示错误信息 / </summary> / <param name=code>错误编号</param> /
28、<param name=description>错误描述</param> private void ShowError(string code, string description = null) if (description = null) switch (code) case 20001: description = <h2>配置文件损坏或无法读取,请检查web.config</h2> break; case 30001: description = <h2>The state does not match. You may be a victim of CSRF.</h2>
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1