C # help needed to create Facebook AppSecret_Proof HMACSHA256

Question

C # help needed to create Facebook AppSecret_Proof HMACSHA256

Facebook requires me to create appecret_proof: https://developers.facebook.com/docs/graph-api/securing-requests

And I did this using the following code:

public string FaceBookSecret(string content, string key) { var encoding = new System.Text.ASCIIEncoding(); byte[] keyByte = encoding.GetBytes(key); byte[] messageBytes = encoding.GetBytes(content); using (var hmacsha256 = new HMACSHA256(keyByte)) { byte[] hashmessage = hmacsha256.ComputeHash(messageBytes); return Convert.ToBase64String(hashmessage); } }

Everything looks good to me, however facebook says appsecret_proof is not valid. I am logged in, I can do everything as usual when I delete the key. Therefore, to save time:

Yes, I am sending the correct URL
Yes, I pass a valid access_token
Yes, I use the same access_token in the proof as I am in the request
Yes my appsecret is ok and it works

Usage example

 dynamic results = client.Post("/" + model.PostAsId + "/feed", new { message = model.Message, appsecret_proof = FaceBookSecret(postAs.AuthToken, AppSecret) });

I think it probably has something to do with the encoding or something in that regard, but to be honest, I just don't know.

I also use SDK.net SDK, but this has little to do with documentation and does not seem to affect automation, server side operations, etc.

thank

+10

c # asp.net facebook hmac facebook-c # -sdk

davethecoder Dec 13 '13 at 17:31

source share

2 answers

I have successfully used the application below with Facebook

 using System.Security.Cryptography; using System.Text; internal static string FaceBookSecret(string content, string key) { byte[] keyBytes = Encoding.UTF8.GetBytes(key); byte[] messageBytes = Encoding.UTF8.GetBytes(content); byte[] hash; using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes)) { hash = hmacsha256.ComputeHash(messageBytes); } StringBuilder sbHash = new StringBuilder(); for (int i = 0; i < hash.Length; i++) { sbHash.Append(hash[i].ToString("x2")); } return sbHash.ToString(); }

+13

Eric Kassan Jan 31 '14 at 5:53

source share

Steve · Accepted Answer · 2013-12-17 12:00

The secret of the application is the base-16 string, so you need to convert it to an array of bytes. Take a look at How to convert a hexadecimal string to an array of bytes? for details on how to do this. Access_token must be converted to an array of bytes using ASCII encoding. Once you have created the HMAC, then encode it as a base-16 string for use as apps apps. The following code converts an array of bytes to base16.

 public static class Base16 { private static readonly char[] encoding; static Base16() { encoding = new char[16] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; } public static string Encode(byte[] data) { char[] text = new char[data.Length * 2]; for (int i = 0, j = 0; i < data.Length; i++) { text[j++] = encoding[data[i] >> 4]; text[j++] = encoding[data[i] & 0xf]; } return new string(text); }

Then the code to create appsecret_proof will be

 private string GenerateAppSecretProof(string accessToken, string appSecret) { byte[] key = Base16.Decode(appSecret); byte[] hash; using (HMAC hmacAlg = new HMACSHA1(key)) { hash = hmacAlg.ComputeHash(Encoding.ASCII.GetBytes(accessToken)); } return Base16.Encode(hash); }

Facebook seems to accept either the SHA256 HMAC or the SHA1 HMAC.

C # help needed to create Facebook AppSecret_Proof HMACSHA256

More articles: