How to hash an authorisation signature for a REST request



The last step in the procedure I am following, from the Twitter docs, says, “the signature is calculated by passing the signature base string and signing key to the HMAC-SHA1 hashing algorithm”.

I’ve found the .NET HMACSHA1 class, as they stipulate the hash algorithm must be HMAC-SHA1, but I have two strings, a “signature base” and a “signing key”, and I must combine these and convert to a byte array to call the HMACSHA1.ComputeHash() method. By combining the strings I assume concatenation, but they don’t stipulate any order. Should I just assume the “signature base” comes first, because it does so in the documentation?