URL Unauthorized access error while accessing files from dropbox?

My guess would be that the library you're using makes request with OAuth 1 with an HMAC signature, and the signing code has a bug relating to URL encoding. Does the error happen for all files that have parentheses in it?

Can you tell us what library you're using? (Ideally, give us a link to it.)

Yes Error happens for all files with that name.

And this is the code we are using to retrieve the thumbnails of images.

public async Task<string> getThumbnailUrl(string path)
{
    string url = string.Empty;
    try
    {
        WebProvider objWebProvider = new WebProvider();

        var uri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute),
                      "GET", DropBox_AccessToken, DropBox_AccessTokenSecret);

        uri = await objWebProvider.GETRequest(uri).ConfigureAwait(false);
        if (!string.IsNullOrEmpty(uri) && !uri.Equals(AppConstants.Unauthorized))
        {
            DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(uri);

            if (result != null)
                url = result.url;
        }
        else
        {
            path = WebUtility.UrlEncode(path);
            var newuri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute),
                     "GET", DropBox_AccessToken, DropBox_AccessTokenSecret);
            newuri = await objWebProvider.GETRequest(newuri).ConfigureAwait(false);
            if (!string.IsNullOrEmpty(newuri) && !newuri.Equals(AppConstants.Unauthorized))
            {
                DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(newuri);

                if (result != null)
                    url = result.url;
            }
            else
            {

            }
        }
    }
    catch { url = path; }
    return url;
}

Yes we are using HMAC-SHA1 Signature.

The bug is presumably in GenerateSignature, but I don't see that code. Is that something you wrote, or is it from a library you're using?

If at all possible, I'd recommend switching to OAuth 2, or at least OAuth 1 with PLAINTEXT signatures. Both are simpler than using HMAC signatures, so you're less likely to have this kind of bug.

Yes exactly what you are saying. Some times the login also not possible with that api. Could you please help me out.

Hi This is Code for Generating Signature.

public static string GenerateSignature(Uri uri, string Method, string DropBox_AccessToken, string DropBox_AccessTokenSecret)
{
    var oAuth = new OAuthBase();

    var nonce = oAuth.GenerateNonce();
    var timeStamp = oAuth.GenerateTimeStamp();
    string parameters;
    string normalizedUrl;

    var signature = oAuth.GenerateSignature(uri, AppConstants.DropBoxConsumerKey, AppConstants.DropBoxConsumerSecret,
        DropBox_AccessToken, DropBox_AccessTokenSecret, Method, timeStamp, nonce,
        OAuthBase.SignatureTypes.HMACSHA1, out normalizedUrl, out parameters);

    //signature = HttpUtility.UrlEncode(signature);
    signature = WebUtility.UrlEncode(signature);

    StringBuilder requestUri = new StringBuilder(uri.ToString());
    requestUri.AppendFormat("?oauth_consumer_key={0}&", AppConstants.DropBoxConsumerKey);
    if (!string.IsNullOrEmpty(DropBox_AccessToken))
        requestUri.AppendFormat("oauth_token={0}&", DropBox_AccessToken);
    requestUri.AppendFormat("oauth_nonce={0}&", nonce);
    requestUri.AppendFormat("oauth_timestamp={0}&", timeStamp);
    requestUri.AppendFormat("oauth_signature_method={0}&", "HMAC-SHA1");
    requestUri.AppendFormat("oauth_version={0}&", "1.0");
    requestUri.AppendFormat("oauth_signature={0}", signature);

    return requestUri.ToString();
}

We're getting closer. :-)

It looks like the actual signature is created via oAuth.GenerateSignature. Is that code you wrote or a library you're using? Could you share that code?

Here the code is .

public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, out string normalizedUrl, out string normalizedRequestParameters)
    {
        normalizedUrl = null;
        normalizedRequestParameters = null;
        string signatureBase = string.Empty;
        string secretBase = string.Empty;
        switch (signatureType)
        {
            case SignatureTypes.PLAINTEXT:
                return UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret));
            //signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters);
            case SignatureTypes.HMACSHA1:
                signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters);
                secretBase = string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? " : UrlEncode(tokenSecret));
                var crypt = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha1);
                var buffer = CryptographicBuffer.ConvertStringToBinary(signatureBase, BinaryStringEncoding.Utf8);
                var keyBuffer = CryptographicBuffer.ConvertStringToBinary(secretBase, BinaryStringEncoding.Utf8);
                var key = crypt.CreateKey(keyBuffer); var sigBuffer = CryptographicEngine.Sign(key, buffer);
                return CryptographicBuffer.EncodeToBase64String(sigBuffer);
            case SignatureTypes.RSASHA1:
                throw new NotImplementedException();
            default:
                throw new ArgumentException("Unknown signature type", "signatureType");
        }
    }

I searched for little bits of that code, and I'm pretty sure that code comes from this project: https://code.google.com/p/oauth/. Is that right? Are you using that library? Have you asked the owners of that library for help?

It does look like that library supports PLAINTEXT signatures, so I still recommend switching to that so you don't need to debug this particular encoding problem.

yes exactly we are using that one only. So you recommend me to use PlainText Signature with oAuth1. Thank you for your response if i have any problem get back to you again.