不管是腾讯还是新浪,查看他们的API,PHP都是有完整的接口,但对C#支持似乎都不是那么完善,都没有,腾讯是完全没有,新浪是提供第三方的,而且后期还不一定升级,NND,用第三方的动辄就一个类库,各种配置还必须按照他们约定的写,烦而且乱,索性自己写,后期的扩展也容易,看过接口后,开始以为很难,参考了几个源码之后发现也不是那么难,无非是GET或POST请求他们的接口获取返回值之类的,话不多说,这里只提供几个代码共参考,抛砖引玉了。。。
我这个写法的特点是,用到了Session,使用对象实例化之后调用 Login() 跳转到登录页面,在回调页面调用Callback() 执行之后,可以从Session也可以写独立的函数(如:GetopenID())中获取access_token或用户的唯一标识,以方便做下一步的操作。所谓绑定就是把用户的唯一标识取出,插入数据库,和帐号绑定起来。
1.首先是所有OAuth类的基类,放一些需要公用的方法
public abstract class BaSEOAuth { public HttpRequest Request = HttpContext.Current.Request; public HttpResponse Response = HttpContext.Current.Response; public HttpSessionState Session = HttpContext.Current.Session; public abstract void Login(); public abstract string Callback(); #region 内部使用函数 /// <summary> /// 生成唯一随机串防CSRF攻击 /// </summary> /// <returns></returns> protected string GetStateCode() { Random rand = new Random(); string data = DateTime.Now.ToString(yyyyMMddHHmmssffff) + rand.Next(1, 0xf423f).ToString(); MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider(); byte[] md5byte = md5.ComputeHash(UTF8Encoding.Default.GetBytes(data)); return BitConverter.ToString(md5byte).Replace(-, ); } /// <summary> /// GET请求 /// </summary> /// <param name=url></param> /// <returns></returns> protected string GetRequest(string url) { HttpWebRequest httpWebRequest = System.Net.WebRequest.Create(url) as HttpWebRequest; httpWebRequest.Method = GET; httpWebRequest.ServicePoint.Expect100Continue = false; StreamReader responseReader = null; string responseData; try { responseReader = new StreamReader(httpWebRequest.GetResponse().GetResponseStream()); responseData = responseReader.ReadToEnd(); } finally { httpWebRequest.GetResponse().GetResponseStream().Close(); responseReader.Close(); } return responseData; } /// <summary> /// POST请求 /// </summary> /// <param name=url></param> /// <param name=postData></param> /// <returns></returns> protected string PostRequest(string url, string postData) { HttpWebRequest httpWebRequest = System.Net.WebRequest.Create(url) as HttpWebRequest; httpWebRequest.Method = POST; httpWebRequest.ServicePoint.Expect100Continue = false; httpWebRequest.ContentType = application/x-www-form-urlencoded; //写入POST参数 StreamWriter requestWriter = new StreamWriter(httpWebRequest.GetRequestStream()); try { requestWriter.Write(postData); } finally { requestWriter.Close(); } //读取请求后的结果 StreamReader responseReader = null; string responseData; try { responseReader = new StreamReader(httpWebRequest.GetResponse().GetResponseStream()); responseData = responseReader.ReadToEnd(); } finally { httpWebRequest.GetResponse().GetResponseStream().Close(); responseReader.Close(); } return responseData; } /// <summary> /// 解析JSON /// </summary> /// <param name=strjson></param> /// <returns></returns> protected NameValueCollection ParseJson(string strjson) { NameValueCollection mc = new NameValueCollection(); Regex regex = new Regex(@(\s*\?([^]*)\?\s*\:\s*\?([^]*)\?\,?)); strjson = strjson.Trim(); if (strjson.StartsWith({)) { strjson = strjson.Substring(1, strjson.Length - 2); } foreach (Match m in regex.Matches(strjson)) { mc.Add(m.Groups[2].Value, m.Groups[3].Value); } return mc; } /// <summary> /// 解析URL /// </summary> /// <param name=strParams></param> /// <returns></returns> protected NameValueCollection ParseUrlParameters(string strParams) { NameValueCollection nc = new NameValueCollection(); foreach (string p in strParams.Split('&')) { string[] ps = p.Split('='); nc.Add(ps[0], ps[1]); } return nc; } #endregion }
2.QQ的OAuth类
public class QQOAuth : BaSEOAuth { public string AppId = ConfigurationManager.AppSettings[OAuth_QQ_AppId]; public string AppKey = ConfigurationManager.AppSettings[OAuth_QQ_AppKey]; public string RedirectUrl = ConfigurationManager.AppSettings[OAuth_QQ_RedirectUrl]; public const string GET_AUTH_CODE_URL = https://graph.qq.com/oauth2.0/authorize; public const string GET_ACCESS_TOKEN_URL = https://graph.qq.com/oauth2.0/token; public const string GET_OPENID_URL = https://graph.qq.com/oauth2.0/me; /// <summary> /// QQ登录,跳转到登录页面 /// </summary> public override void Login() { //-------生成唯一随机串防CSRF攻击 string state = GetStateCode(); Session[QC_State] = state; //state 放入Session string parms = ?response_type=code& + client_id= + AppId + &redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &state= + state; string url = GET_AUTH_CODE_URL + parms; Response.Redirect(url); //跳转到登录页面 } /// <summary> /// QQ回调函数 /// </summary> /// <param name=code></param> /// <param name=state></param> /// <returns></returns> public override string Callback() { string code = Request.QueryString[code]; string state = Request.QueryString[state]; //--------验证state防止CSRF攻击 if (state != (string)Session[QC_State]) { ShowError(30001); } string parms = ?grant_type=authorization_code& + client_id= + AppId + &redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &client_secret= + AppKey + &code= + code; string url = GET_ACCESS_TOKEN_URL + parms; string str = GetRequest(url); if (str.IndexOf(callback) != -1) { int lpos = str.IndexOf((); int rpos = str.IndexOf()); str = str.Substring(lpos + 1, rpos - lpos - 1); NameValueCollection msg = ParseJson(str); if (!string.IsNullOrEmpty(msg[error])) { ShowError(msg[error], msg[error_description]); } } NameValueCollection token = ParseUrlParameters(str); Session[QC_Accesstoken] = token[access_token]; //access_token 放入Session return token[access_token]; } /// <summary> /// 使用Access Token来获取用户的OpenID /// </summary> /// <param name=accesstoken></param> /// <returns></returns> public string GetopenID() { string parms = ?access_token= + Session[QC_Accesstoken]; string url = GET_OPENID_URL + parms; string str = GetRequest(url); if (str.IndexOf(callback) != -1) { int lpos = str.IndexOf((); int rpos = str.IndexOf()); str = str.Substring(lpos + 1, rpos - lpos - 1); } NameValueCollection user = ParseJson(str); if (!string.IsNullOrEmpty(user[error])) { ShowError(user[error], user[error_description]); } Session[QC_OpenId] = user[openid]; //openid 放入Session return user[openid]; } /// <summary> /// 显示错误信息 /// </summary> /// <param name=code>错误编号</param> /// <param name=description>错误描述</param> private void ShowError(string code, string description = null) { if (description == null) { switch (code) { case 20001: description = <h2>配置文件损坏或无法读取,请检查web.config</h2>; break; case 30001: description = <h2>The state does not match. You may be a victim of CSRF.</h2>; break; case 50001: description = <h2>可能是服务器无法请求https协议</h2>可能未开启curl支持,请尝试开启curl支持,重启web服务器,如果问题仍未解决,请联系我们; break; default: description = <h2>系统未知错误,请联系我们</h2>; break; } Response.Write(description); Response.End(); } else { Response.Write(<h3>error:<h3> + code + <h3>msg:<h3> + description); Response.End(); } } }
3.新浪微博的OAuth类
public class SinaOAuth : BaSEOAuth { public string AppKey = ConfigurationManager.AppSettings[OAuth_Sina_AppKey]; public string AppSecret = ConfigurationManager.AppSettings[OAuth_Sina_AppSecret]; public string RedirectUrl = ConfigurationManager.AppSettings[OAuth_Sina_RedirectUrl]; public const string GET_AUTH_CODE_URL = https://api.weibo.com/oauth2/authorize; public const string GET_ACCESS_TOKEN_URL = https://api.weibo.com/oauth2/access_token; public const string GET_UID_URL = https://api.weibo.com/2/account/get_uid.json; /// <summary> /// 新浪微博登录,跳转到登录页面 /// </summary> public override void Login() { //-------生成唯一随机串防CSRF攻击 string state = GetStateCode(); Session[Sina_State] = state; //state 放入Session string parms = ?client_id= + AppKey + &redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &state= + state; string url = GET_AUTH_CODE_URL + parms; Response.Redirect(url); //跳转到登录页面 } /// <summary> /// 新浪微博回调函数 /// </summary> /// <returns></returns> public override string Callback() { string code = Request.QueryString[code]; string state = Request.QueryString[state]; //--------验证state防止CSRF攻击 if (state != (string)Session[Sina_State]) { ShowError(The state does not match. You may be a victim of CSRF.); } string parms = client_id= + AppKey + &client_secret= + AppSecret + &grant_type=authorization_code&code= + code + &redirect_uri= + Uri.EscapeDataString(RedirectUrl); string str = PostRequest(GET_ACCESS_TOKEN_URL, parms); NameValueCollection user = ParseJson(str); Session[Sina_Accesstoken] = user[access_token]; //access_token 放入Session Session[Sina_UId] = user[uid]; //uid 放入Session return user[access_token]; } /// <summary> /// 显示错误信息 /// </summary> /// <param name=description>错误描述</param> private void ShowError(string description = null) { Response.Write(<h2> + description + </h2>); Response.End(); } }
4.微信的OAuth类
public class WeixinOAuth : BaSEOAuth { public string AppId = ConfigurationManager.AppSettings[OAuth_Weixin_AppId]; public string AppSecret = ConfigurationManager.AppSettings[OAuth_Weixin_AppSecret]; public string RedirectUrl = ConfigurationManager.AppSettings[OAuth_Weixin_RedirectUrl]; public const string GET_AUTH_CODE_URL = https://open.weixin.qq.com/connect/qrconnect; public const string GET_ACCESS_TOKEN_URL = https://api.weixin.qq.com/sns/oauth2/access_token; public const string GET_USERINFO_URL = https://api.weixin.qq.com/sns/userinfo; /// <summary> /// 微信登录,跳转到登录页面 /// </summary> public override void Login() { //-------生成唯一随机串防CSRF攻击 string state = GetStateCode(); Session[Weixin_State] = state; //state 放入Session string parms = ?appid= + AppId + &redirect_uri= + Uri.EscapeDataString(RedirectUrl) + &response_type=code&scope=snsapi_login + &state= + state + #wechat_redirect; string url = GET_AUTH_CODE_URL + parms; Response.Redirect(url); //跳转到登录页面 } /// <summary> /// 微信回调函数 /// </summary> /// <param name=code></param> /// <param name=state></param> /// <returns></returns> public override string Callback() { string code = Request.QueryString[code]; string state = Request.QueryString[state]; //--------验证state防止CSRF攻击 if (state != (string)Session[Weixin_State]) { ShowError(30001); } string parms = ?appid= + AppId + &secret= + AppSecret + &code= + code + &grant_type=authorization_code; string url = GET_ACCESS_TOKEN_URL + parms; string str = GetRequest(url); NameValueCollection msg = ParseJson(str); if (!string.IsNullOrEmpty(msg[errcode])) { ShowError(msg[errcode], msg[errmsg]); } Session[Weixin_Accesstoken] = msg[access_token]; //access_token 放入Session Session[Weixin_OpenId] = msg[openid]; //access_token 放入Session return msg[access_token]; } /// <summary> /// 显示错误信息 /// </summary> /// <param name=code>错误编号</param> /// <param name=description>错误描述</param> private void ShowError(string code, string description = null) { if (description == null) { switch (code) { case 20001: description = <h2>配置文件损坏或无法读取,请检查web.config</h2>; break; case 30001: description = <h2>The state does not match. You may be a victim of CSRF.</h2>; break; case 50001: description = <h2>接口未授权</h2>; break; default: description = <h2>系统未知错误,请联系我们</h2>; break; } Response.Write(description); Response.End(); } else { Response.Write(<h3>error:<h3> + code + <h3>msg:<h3> + description); Response.End(); } } }
5.web.config配置信息
<appSettings> <!--QQ登录相关配置--> <add key=OAuth_QQ_AppId value=123456789 /> <add key=OAuth_QQ_AppKey value=25f9e794323b453885f5181f1b624d0b /> <add key=OAuth_QQ_RedirectUrl value=http://www.domain.com/oauth20/qqcallback.aspx /> <!--新浪微博登录相关配置--> <add key=OAuth_Sina_AppKey value=123456789 /> <add key=OAuth_Sina_AppSecret value=25f9e794323b453885f5181f1b624d0b /> <add key=OAuth_Sina_RedirectUrl value=http://www.domain.com/oauth20/sinacallback.aspx /> <!--微信登录相关配置--> <add key=OAuth_Weixin_AppId value=wx123456789123 /> <add key=OAuth_Weixin_AppSecret value=25f9e794323b453885f5181f1b624d0b /> <add key=OAuth_Weixin_RedirectUrl value=http://www.domain.com/oauth20/weixincallback.aspx /> </appSettings>