We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
sobharaj m.
10 years agoNew member | Level 1
URL Unauthorized access error while accessing files from dropbox?
we are accessing having a problem in URL we have a file named xyx (1).jpg while passing this to server we are getting response as Unauthorized Access. May I Know how to pass this request to Server?
Here am using DropBox API for Winrt C#.
- Steve M.Dropbox Staff
My guess would be that the library you're using makes request with OAuth 1 with an HMAC signature, and the signing code has a bug relating to URL encoding. Does the error happen for all files that have parentheses in it?
Can you tell us what library you're using? (Ideally, give us a link to it.)
- sobharaj m.New member | Level 1
Yes Error happens for all files with that name.
And this is the code we are using to retrieve the thumbnails of images.
public async Task<string> getThumbnailUrl(string path) { string url = string.Empty; try { WebProvider objWebProvider = new WebProvider(); var uri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); uri = await objWebProvider.GETRequest(uri).ConfigureAwait(false); if (!string.IsNullOrEmpty(uri) && !uri.Equals(AppConstants.Unauthorized)) { DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(uri); if (result != null) url = result.url; } else { path = WebUtility.UrlEncode(path); var newuri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); newuri = await objWebProvider.GETRequest(newuri).ConfigureAwait(false); if (!string.IsNullOrEmpty(newuri) && !newuri.Equals(AppConstants.Unauthorized)) { DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(newuri); if (result != null) url = result.url; } else { } } } catch { url = path; } return url; }
- sobharaj m.New member | Level 1
Yes we are using HMAC-SHA1 Signature.
- Steve M.Dropbox Staff
The bug is presumably in
GenerateSignature
, but I don't see that code. Is that something you wrote, or is it from a library you're using?If at all possible, I'd recommend switching to OAuth 2, or at least OAuth 1 with PLAINTEXT signatures. Both are simpler than using HMAC signatures, so you're less likely to have this kind of bug.
- sobharaj m.New member | Level 1
Yes exactly what you are saying. Some times the login also not possible with that api. Could you please help me out.
- sobharaj m.New member | Level 1
Hi This is Code for Generating Signature.
public static string GenerateSignature(Uri uri, string Method, string DropBox_AccessToken, string DropBox_AccessTokenSecret) { var oAuth = new OAuthBase(); var nonce = oAuth.GenerateNonce(); var timeStamp = oAuth.GenerateTimeStamp(); string parameters; string normalizedUrl; var signature = oAuth.GenerateSignature(uri, AppConstants.DropBoxConsumerKey, AppConstants.DropBoxConsumerSecret, DropBox_AccessToken, DropBox_AccessTokenSecret, Method, timeStamp, nonce, OAuthBase.SignatureTypes.HMACSHA1, out normalizedUrl, out parameters); //signature = HttpUtility.UrlEncode(signature); signature = WebUtility.UrlEncode(signature); StringBuilder requestUri = new StringBuilder(uri.ToString()); requestUri.AppendFormat("?oauth_consumer_key={0}&", AppConstants.DropBoxConsumerKey); if (!string.IsNullOrEmpty(DropBox_AccessToken)) requestUri.AppendFormat("oauth_token={0}&", DropBox_AccessToken); requestUri.AppendFormat("oauth_nonce={0}&", nonce); requestUri.AppendFormat("oauth_timestamp={0}&", timeStamp); requestUri.AppendFormat("oauth_signature_method={0}&", "HMAC-SHA1"); requestUri.AppendFormat("oauth_version={0}&", "1.0"); requestUri.AppendFormat("oauth_signature={0}", signature); return requestUri.ToString(); }
- Steve M.Dropbox Staff
We're getting closer. :-)
It looks like the actual signature is created via
oAuth.GenerateSignature
. Is that code you wrote or a library you're using? Could you share that code? - sobharaj m.New member | Level 1
Here the code is .
public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, out string normalizedUrl, out string normalizedRequestParameters) { normalizedUrl = null; normalizedRequestParameters = null; string signatureBase = string.Empty; string secretBase = string.Empty; switch (signatureType) { case SignatureTypes.PLAINTEXT: return UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret)); //signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters); case SignatureTypes.HMACSHA1: signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters); secretBase = string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? " : UrlEncode(tokenSecret)); var crypt = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha1); var buffer = CryptographicBuffer.ConvertStringToBinary(signatureBase, BinaryStringEncoding.Utf8); var keyBuffer = CryptographicBuffer.ConvertStringToBinary(secretBase, BinaryStringEncoding.Utf8); var key = crypt.CreateKey(keyBuffer); var sigBuffer = CryptographicEngine.Sign(key, buffer); return CryptographicBuffer.EncodeToBase64String(sigBuffer); case SignatureTypes.RSASHA1: throw new NotImplementedException(); default: throw new ArgumentException("Unknown signature type", "signatureType"); } }
- Steve M.Dropbox Staff
I searched for little bits of that code, and I'm pretty sure that code comes from this project: https://code.google.com/p/oauth/. Is that right? Are you using that library? Have you asked the owners of that library for help?
It does look like that library supports PLAINTEXT signatures, so I still recommend switching to that so you don't need to debug this particular encoding problem.
- sobharaj m.New member | Level 1
yes exactly we are using that one only. So you recommend me to use PlainText Signature with oAuth1. Thank you for your response if i have any problem get back to you again.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,877 PostsLatest Activity: 12 months agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!