I am having problems implementing the signature checking in C#. I have used the Microsoft MSDN hmac SHA1 example to encode the parameters with no luck. All I get is the dreaded BAD_SIGNATURE.
Any ideas?
_authid and otp was populated correctly and without the &h... it works STATUS=OK
Code:
String sParams = "id=" + _authId + "&otp=" + otp;
String sAPIKeyUtf8 = base64Decode(APIKEY);
String shmac;
HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(sAPIKeyUtf8);
byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(sParams);
byte[] hashBytes = hmacsha1.ComputeHash(dataBuffer);
shmac = Convert.ToBase64String(hashBytes);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(YUBICO_AUTH_SRV_URL + _authId + "&otp=" + otp + "&h=" + shmac);
Login
FAQ
Search
: