How can I get the same HMAC256-results in C# like in the PHP unit tests?

Question

I thought I would try and get the new Signed Request logic added to my facebook canvas application, to make this \"easy\" on myself I went to the facebook PHP sdk over at Gi

Answer 1

Thank, James! Your code helped me a lot.

cdpnet, add like Newtonsoft.Json to your project, and then it's this:

        JObject UnencodedPayload = JObject.Parse(Encoding.GetString(ActualPayload));

-Kevin

Answer 2

You are not supposed to base64-decode the payload before calculating the HMAC.

Use this line:

var Hmac = SignWithHMAC(Encoding.GetBytes(Payload), Encoding.GetBytes(ApplicationSecret));

and it should work.

A few more pointers:

• Instead of fiddling with Substring() and IndexOf() try using String.Split()
• You have switched the YAY and BOO comments around
• C# code is more readable if you follow the common rule of starting the names of local variables with lowercase (like this: var applicationSecret = "...";)