web api 安全
这方面的文章已经有很多了,我只是记录一下自己在项目中应用的具体实现
客户端
1 DateTime t = DateTime.Now; 2 long timeStamp = SignHelper.ConvertDateTimeInt(t); 3 var param = new SortedDictionary<string, string>(); 4 param.Add("id=", id); 5 param.Add("timeStamp=", timeStamp.ToString()); 6 string pwdKey = "***"; 7 var sign = SignHelper.GetSign(param, pwdKey); 8 TempData["path"] = "Authorize?id=" + id + "&sign="+sign + "&timeStamp="+timeStamp; 9 return View();
服务端
DateTime requestTime =
SignHelper.GetDateTimeByTicks(timeStamp.ToString());
if (requestTime.AddMinutes(20) < DateTime.Now)
{
TempData["msg"] = "请求超时";
return View("../Home/Error");
}
var param = new SortedDictionary<string, string>();
param.Add("id=", id);
param.Add("timeStamp=", timeStamp.ToString());
string pwdKey = "****";
var _sign = SignHelper.GetSign(param, pwdKey);
if (sign != _sign)
{
TempData["msg"] = "非法登录";
return View("../Home/Error");
}
SysUserEntity userEntity = new SysUserEntity();
try
{
userEntity = new UserApp().CheckUser(id);
}
catch (Exception ex)
{
TempData["msg"] = ex.Message;
return View("../Home/Error");
}
SignHelper 类:
1 public class SignHelper 2 { 3 public static string GetSign(SortedDictionary<string, string> paramList, string appKey) 4 { 5 paramList.Remove("_sign"); 6 StringBuilder sb = new StringBuilder(); 7 foreach (var p in paramList) 8 sb.Append(p.Key).Append(p.Value); 9 sb.Append(appKey); 10 return GetMD5(sb.ToString()); 11 } 12 public static string GetMD5(string str) 13 { 14 if (string.IsNullOrEmpty(str)) 15 return str; 16 var sb = new StringBuilder(32); 17 var md5 = System.Security.Cryptography.MD5.Create(); 18 var output = md5.ComputeHash(Encoding.UTF8.GetBytes(str)); 19 for (int i = 0; i < output.Length; i++) 20 sb.Append(output[i].ToString("x").PadLeft(2, '0')); 21 return sb.ToString(); 22 } 23 24 public static DateTime GetDateTimeByTicks(string timeStamp) 25 { 26 DateTime dtStart = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1)); 27 long lTime = long.Parse(timeStamp + "0000"); 28 TimeSpan toNow = new TimeSpan(lTime); 29 return dtStart.Add(toNow); 30 } 31 32 public static int ConvertDateTimeInt(DateTime time) 33 { 34 System.DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1)); 35 return (int)(time - startTime).TotalSeconds; 36 } 37 38 39 }
md5 类:
1 /// <summary> 2 /// MD5加密 3 /// </summary> 4 public class Md5 5 { 6 /// <summary> 7 /// MD5加密 8 /// </summary> 9 /// <param name="str">加密字符</param> 10 /// <param name="code">加密位数16/32</param> 11 /// <returns></returns> 12 public static string md5(string str, int code) 13 { 14 string strEncrypt = string.Empty; 15 if (code == 16) 16 { 17 strEncrypt = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(str, "MD5").Substring(8, 16); 18 } 19 20 if (code == 32) 21 { 22 strEncrypt = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(str, "MD5"); 23 } 24 25 return strEncrypt; 26 } 27 28 public static string GetMD5(string str) 29 { 30 if (string.IsNullOrEmpty(str)) 31 return str; 32 var sb = new StringBuilder(32); 33 var md5 = System.Security.Cryptography.MD5.Create(); 34 var output = md5.ComputeHash(Encoding.UTF8.GetBytes(str)); 35 for (int i = 0; i < output.Length; i++) 36 sb.Append(output[i].ToString("X").PadLeft(2, '0')); 37 return sb.ToString(); 38 } 39 }
