How to get OAuth working with DotNetOpenAuth and Evernote?

问题

I'm trying to write a C# ASP.NET MVC app using the DotNetOpenAuth library that connects to the Evernote Sandbox using OAuth, but I'm having trouble getting it working. My app is fine up until the callback is invoked but when I try to request the exchange of the temporary credentials in step 10 of this diagram, it fails with a 401 Unauthorized.

My callback looks like this:

    public ActionResult OAuthCallback()
    {
        var webConsumer = CreateWebConsumer();
        var accessTokenResponse = webConsumer.ProcessUserAuthorization();

        if (accessTokenResponse != null)
        {
            AccessToken = accessTokenResponse.AccessToken;
        }


        return RedirectToAction("Index");
    }

The exception occurs on the var accessTokenResponse = webConsumer.ProcessUserAuthorization(); line which is what is attempting the credential exchange.

Fiddler shows the following:

Invoking the callback:

GET http://localhost:22297/Home/OAuthCallback?oauth_token=GiddyUpHorsey.13F82BDC264.687474703A2F2F6C6F63616C686F73743A32323239372F486F6D652F4F4175746843616C6C6261636B.CFB67142944B4EB90148DDAFE2120A71&oauth_verifier=93534C2B04F862E57B30D738C3569242 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Connection: Keep-Alive
Accept-Language: en-NZ
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: localhost:22297
DNT: 1
Cache-Control: no-cache

Requesting the token exchange:

Triggered by webConsumer.ProcessUserAuthorization();.

POST https://sandbox.evernote.com/oauth HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: DotNetOpenAuth.Core/4.3.0.13117
Host: sandbox.evernote.com
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 369
Expect: 100-continue

oauth_verifier=93534C2B04F862E57B30D738C3569242&oauth_token=GiddyUpHorsey.13F82BDC264.687474703A2F2F6C6F63616C686F73743A32323239372F486F6D652F4F4175746843616C6C6261636B.CFB67142944B4EB90148DDAFE2120A71&oauth_consumer_key=GiddyUpHorsey&oauth_nonce=cHABo5jv&oauth_signature_method=PLAINTEXT&oauth_signature=4c0dd81215379f75%26&oauth_version=1.0&oauth_timestamp=1372288061

The response:

HTTP/1.1 401 Unauthorized
Set-Cookie: JSESSIONID=4CDCD690AEAD69D952CEE4CBED5AC8DC; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Date: Wed, 26 Jun 2013 23:07:48 GMT
Server: Evernote/1.0
Content-Length: 1587


<html>
.....
        <div class="page-header">
          <h1>
            Oops, we encountered an error.</h1>
        </div>
        <div>
          <p>
            Sorry, we've encountered an unexpected error.</p>
        </div>
        <div class="clear"></div>
      </div>
...
</html>

(I stripped out much of the HTML from the response)

Why does it fail with 401 Unauthorized?

回答1:

I am not sure if you ever got this working, but I was playing around with Evernote, OpenAuth and C# this morning and managed to get it all working. I have put together a blog post / library explaining the experience and outlining how to do it with MVC here - http://www.shaunmccarthy.com/evernote-oauth-csharp/ - it uses the AsyncOAuth library: https://github.com/neuecc/AsyncOAuth

I wrote a wrapper around AsyncOAuth that you might find useful here: https://github.com/shaunmccarthy/AsyncOAuth.Evernote.Simple

One prickly thing to be aware of - the Evernote Endpoints (/oauth and /OAuth.action) are case sensitive

// Download the library from https://github.com/shaunmccarthy/AsyncOAuth.Evernote.Simple

// Configure the Authorizer with the URL of the Evernote service,
// your key, and your secret. 
var EvernoteAuthorizer = new EvernoteAuthorizer(
    "https://sandbox.evernote.com", 
    "slyrp-1234", // Not my real id / secret :)
    "7acafe123456badb123");

// First of all, get a request token from Evernote - this causes a 
// webrequest from your server to Evernote.
// The callBackUrl is the URL you want the user to return to once
// they validate the app
var requestToken = EvernoteAuthorizer.GetRequestToken(callBackUrl);

// Persist this token, as we are going to redirect the user to 
// Evernote to Authorize this app
Session["RequestToken"] = requestToken;

// Generate the Evernote URL that we will redirect the user to in
// order to 
var callForwardUrl = EvernoteAuthorizer.BuildAuthorizeUrl(requestToken);

// Redirect the user (e.g. MVC)
return Redirect(callForwardUrl);

// ... Once the user authroizes the app, they get redirected to callBackUrl

// where we parse the request parameter oauth_validator and finally get
// our credentials
// null = they didn't authorize us
var credentials = EvernoteAuthorizer.ParseAccessToken(
    Request.QueryString["oauth_verifier"], 
    Session["RequestToken"] as RequestToken);

// Example of how to use the credential with Evernote SDK
var noteStoreUrl = EvernoteCredentials.NotebookUrl;
var noteStoreTransport = new THttpClient(new Uri(noteStoreUrl));
var noteStoreProtocol = new TBinaryProtocol(noteStoreTransport);
var noteStore = new NoteStore.Client(noteStoreProtocol);
List<Notebook> notebooks = client.listNotebooks(EvernoteCredentials.AuthToken);

来源：https://stackoverflow.com/questions/17332506/how-to-get-oauth-working-with-dotnetopenauth-and-evernote