|
上面是以前写的,有点bug,下面是新版的通用验证方案
- #region - 版 权 信 息 -
- //======================================================
- //
- // 创 建 人:小渣渣
- // 创建时间:2017/06/26 15:39:31
- // 邮 箱:help@itsvse.com
- // 个人网站:http://www.itsvse.com
- // 功 能:
- // 修改纪录:
- //
- //======================================================
- #endregion
- public class AuthFilterAttribute : ActionFilterAttribute
- {
- private const string Origin = "Origin";
- private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
- private const string originHeaderdefault = "*";
- /// <summary>
- /// 签名
- /// </summary>
- private static string[] sign = { "nonce", "timestamp", "signature" };
- /// <summary>
- /// 走完api之后
- /// </summary>
- /// <param name="actionExecutedContext"></param>
- public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
- {
- actionExecutedContext.Response.Headers.Add(AccessControlAllowOrigin, originHeaderdefault);
- }
- /// <summary>
- /// 进api之前
- /// </summary>
- /// <param name="actionContext"></param>
- public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
- {
- try
- {
- HttpContextBase context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];
- #region 判断签名必要的参数
- foreach (var item in sign)
- {
- if (!context.Request.QueryString.AllKeys.Any(x => x.Equals(item, StringComparison.OrdinalIgnoreCase)))
- {
- //不包含
- ReturnModel model = new ReturnModel()
- {
- result = false,
- code = 15,
- message = "Missing " + item
- };
- actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, model);
- return;
- }
- }
- #endregion
- #region 判断时间戳
- long time = long.Parse(context.Request.QueryString["timestamp"]);
- bool result = Tools.TimeHelp.IsTime(time, Convert.ToDouble(ConfigurationManager.AppSettings["TimestampInterval"]));
- if (!result)
- {
- //时间戳不正确
- ReturnModel model = new ReturnModel()
- {
- result = false,
- code = 15,
- message = "Time is not right!"
- };
- actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, model);
- return;
- }
- #endregion
- #region 签名
- SortedDictionary<string, string> dic_sign = new SortedDictionary<string, string>();
- foreach (var item in context.Request.QueryString.AllKeys)
- {
- if (!item.Equals("signature", StringComparison.OrdinalIgnoreCase))
- {
- dic_sign.Add(item, context.Request.QueryString[item]);
- }
- }
- bool resultsign = Tools.SignHelper.Sign(ConfigurationManager.AppSettings["secretkey"], context.Request.QueryString["signature"], dic_sign);
- if (!resultsign)
- {
- //签名不正确
- ReturnModel model = new ReturnModel()
- {
- result = false,
- code = 15,
- message = "The signature is not correct!"
- };
- actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, model);
- return;
- }
- #endregion
- }
- catch (Exception ex)
- {
- ReturnModel model = new ReturnModel()
- {
- result = false,
- code = 15,
- message = "Exception " + ex
- };
- actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, model);
- }
- }
- }
复制代码
返回的model模型:
- /// <summary>
- /// 统一的返回模型
- /// </summary>
- [Serializable]
- [DataContract]
- public class ReturnModel
- {
- [DataMember]
- public bool result { get; set; }
- [DataMember]
- public int code { get; set; }
- [DataMember]
- public string message { get; set; }
- [DataMember]
- public object data { get; set; }
- }
复制代码
在请求的接口,要求客户端必须携带时间戳、随机数、签名在url参数里面
签名判断方法如下:
|
上一篇:webapi ModelState.IsValid模型验证下一篇:C# task.waitall会卡死界面
|