web api 安全

时间:2022-09-07 21:14:43

这方面的文章已经有很多了,我只是记录一下自己在项目中应用的具体实现

客户端

  DateTime t = DateTime.Now;
long timeStamp = SignHelper.ConvertDateTimeInt(t);
var param = new SortedDictionary<string, string>();
param.Add("id=", id);
param.Add("timeStamp=", timeStamp.ToString());
string pwdKey = "***";
var sign = SignHelper.GetSign(param, pwdKey);
TempData["path"] = "Authorize?id=" + id + "&sign="+sign + "&timeStamp="+timeStamp;
return View();

服务端

            DateTime requestTime =
SignHelper.GetDateTimeByTicks(timeStamp.ToString()); if (requestTime.AddMinutes(20) < DateTime.Now)
{
TempData["msg"] = "请求超时";
return View("../Home/Error");
}
var param = new SortedDictionary<string, string>();
param.Add("id=", id);
param.Add("timeStamp=", timeStamp.ToString());
string pwdKey = "****";
var _sign = SignHelper.GetSign(param, pwdKey);
if (sign != _sign)
{
TempData["msg"] = "非法登录";
return View("../Home/Error");
}
SysUserEntity userEntity = new SysUserEntity();
try
{
userEntity = new UserApp().CheckUser(id);
}
catch (Exception ex)
{
TempData["msg"] = ex.Message;
return View("../Home/Error");
}

  SignHelper 类:

  public class SignHelper
{
public static string GetSign(SortedDictionary<string, string> paramList, string appKey)
{
paramList.Remove("_sign");
StringBuilder sb = new StringBuilder();
foreach (var p in paramList)
sb.Append(p.Key).Append(p.Value);
sb.Append(appKey);
return GetMD5(sb.ToString());
}
public static string GetMD5(string str)
{
if (string.IsNullOrEmpty(str))
return str;
var sb = new StringBuilder();
var md5 = System.Security.Cryptography.MD5.Create();
var output = md5.ComputeHash(Encoding.UTF8.GetBytes(str));
for (int i = ; i < output.Length; i++)
sb.Append(output[i].ToString("x").PadLeft(, ''));
return sb.ToString();
} public static DateTime GetDateTimeByTicks(string timeStamp)
{
DateTime dtStart = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(, , ));
long lTime = long.Parse(timeStamp + "");
TimeSpan toNow = new TimeSpan(lTime);
return dtStart.Add(toNow);
} public static int ConvertDateTimeInt(DateTime time)
{
System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(, , ));
return (int)(time - startTime).TotalSeconds;
} }

md5 类:

 /// <summary>
/// MD5加密
/// </summary>
public class Md5
{
/// <summary>
/// MD5加密
/// </summary>
/// <param name="str">加密字符</param>
/// <param name="code">加密位数16/32</param>
/// <returns></returns>
public static string md5(string str, int code)
{
string strEncrypt = string.Empty;
if (code == )
{
strEncrypt = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(str, "MD5").Substring(, );
} if (code == )
{
strEncrypt = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(str, "MD5");
} return strEncrypt;
} public static string GetMD5(string str)
{
if (string.IsNullOrEmpty(str))
return str;
var sb = new StringBuilder();
var md5 = System.Security.Cryptography.MD5.Create();
var output = md5.ComputeHash(Encoding.UTF8.GetBytes(str));
for (int i = ; i < output.Length; i++)
sb.Append(output[i].ToString("X").PadLeft(, ''));
return sb.ToString();
}
}