码迷,mamicode.com
首页 > Windows程序 > 详细

webAPI过滤器添加参数签名

时间:2018-01-30 16:33:57      阅读:243      评论:0      收藏:0      [点我收藏+]

标签:new   tomat   data   attribute   ons   ase   time   white   api   

项目需求:

  接口对安卓和IOS开发接口,需要房子用户窜改数据请求接口。添加sign签名校验参数。

代码如下:加上特性标签就可以控制部分接口验证

 public class SignAuthorizeFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(HttpActionContext filterContext)
        {

            var actionList = filterContext.ActionDescriptor.GetCustomAttributes<EncryptDataAttribute>();
            var controllList = filterContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<EncryptDataAttribute>();

            if (actionList.Any()|| controllList.Any())
            {
                string key = ConfigSection.Get("Key");
                if (!string.IsNullOrWhiteSpace(key))
                {
                    var result = new AjaxResCode();
                    //1.验证入参
                    string token = HttpContext.Current.Request.Params["token"];
                    string appkey = HttpContext.Current.Request.Params["appkey"];
                    string timestamp = HttpContext.Current.Request.Params["timestamp"];
                    string digest = HttpContext.Current.Request.Params["digest"];
                    string v = HttpContext.Current.Request.Params["v"];

                    if (string.IsNullOrWhiteSpace(token) ||
                        string.IsNullOrWhiteSpace(appkey) ||
                        string.IsNullOrWhiteSpace(timestamp) ||
                        string.IsNullOrWhiteSpace(digest) ||
                        string.IsNullOrWhiteSpace(v))
                    {
                        result.Message = "请求非法。。。。!";
                        result.ResultCode = (int)ResultCode.Nopermit;
                        filterContext.Response = filterContext.Request.CreateResponse(HttpStatusCode.OK, result);
                    }


                    NameValueCollection coll = HttpContext.Current.Request.Form;
                    StringBuilder paramStr = new StringBuilder();

                    var keys = new List<string>();
                    foreach (string param in coll.Keys)
                    {
                        if (!string.IsNullOrEmpty(param))
                        {
                            keys.Add(param.ToLower());
                        }
                    }

                    keys.Sort();
                    foreach (string p in keys)
                    {
                        if (p != "digest")
                        {
                            if (!string.IsNullOrEmpty(coll[p]))
                            {
                                paramStr.Append(coll[p]);
                            }
                        }
                    }
                    paramStr.Append(key);
                    if (DESEncrypt.MD5ToUpper(paramStr.ToString()) != digest)
                    {
                        result.Message = "请求非法!。。。。。";
                        result.ResultCode = (int)ResultCode.Nopermit;
                        filterContext.Response = filterContext.Request.CreateResponse(HttpStatusCode.OK, result);
                    }
                }
            }

            base.OnActionExecuting(filterContext);
        }

    }

 

webAPI过滤器添加参数签名

标签:new   tomat   data   attribute   ons   ase   time   white   api   

原文地址:https://www.cnblogs.com/zhuyapeng/p/8384140.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!