using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.IO;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Routing;
using Web.APIs.Integration.Common;
namespace Web.APIs.Integration.WebApi
{
public class SignAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
DateTime dtBegin = DateTime.Now;
bool flag = false;
string errorMsg = string.Empty;
string exceptionMsg = string.Empty;
Dictionary<string, string> dictionary = new Dictionary<string, string>();
try
{
if (ConfigurationManager.AppSettings["Debug"].ToUpper() == "TRUE")
{
flag = true;
}
else
{
IHttpRouteData routeData = actionContext.Request.GetRouteData();
if (routeData != null && routeData.Values != null)
{
foreach (string current in routeData.Values.Keys)
{
dictionary.Add(current, routeData.Values[current].ToString());
}
}
if (actionContext.Request.Method == HttpMethod.Post)
{
HttpContextBase httpContextBase = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];
if (httpContextBase.Request.InputStream != null)
{
Stream inputStream = httpContextBase.Request.InputStream;
inputStream.Position = 0L;
StreamReader streamReader = new StreamReader(inputStream);
string text = streamReader.ReadToEnd();
if (text != string.Empty)
{
text = text.Replace("\"", "");
string decryptKey = ConfigurationManager.AppSettings["DESKey"];
string text2 = DES.Decrypt(text, decryptKey);
Dictionary<string, string> dictionary2 = JsonConvert.DeserializeObject<Dictionary<string, string>>(text2);
if (dictionary2 != null)
{
foreach (string current2 in dictionary2.Keys)
{
dictionary.Add(current2, dictionary2[current2]);
}
}
}
}
}
flag = this.Vertify(dictionary, dtBegin, out errorMsg, out exceptionMsg);
}
}
catch (Exception ex)
{
errorMsg = "验签失败";
exceptionMsg = "验签时发生异常。原因:" + ex.Message;
}
if (flag)
{
this.IsAuthorized(actionContext);
}
else
{
Task.Factory.StartNew(delegate
{
var objResult = new
{
Msg = errorMsg,
Exp = exceptionMsg
};
Error.Write(actionContext, exceptionMsg, objResult, dtBegin);
});
BaseResult baseResult = new BaseResult();
baseResult.Result = flag;
baseResult.ReturnMsg = errorMsg;
HttpResponseMessage httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
httpResponseMessage.Content = new StringContent(JsonConvert.SerializeObject(baseResult));
actionContext.Response = httpResponseMessage;
this.HandleUnauthorizedRequest(actionContext);
}
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
}
private bool Vertify(Dictionary<string, string> dicParams, DateTime dtBegin, out string errorMsg, out string exceptionMsg)
{
bool result = true;
errorMsg = string.Empty;
exceptionMsg = string.Empty;
if (dicParams == null || dicParams.Count == 0)
{
result = false;
errorMsg = "无请求参数";
exceptionMsg = "无请求参数";
}
else
{
SortedDictionary<string, string> sortedDictionary = new SortedDictionary<string, string>();
string text = string.Empty;
int num = 0;
foreach (string current in dicParams.Keys)
{
if (current.ToLower() != "sign")
{
sortedDictionary.Add(current, dicParams[current]);
if (current.ToLower() == "timestamp")
{
num = Convert.ToInt32(dicParams[current]);
}
}
else
{
text = dicParams[current];
}
}
bool flag = false;
if (num > 0)
{
try
{
DateTime time = this.GetTime(num);
int num2 = Convert.ToInt32(ConfigurationManager.AppSettings["TimeStampExpire"]);
if (num2 > 0)
{
if (Math.Abs((time - dtBegin).TotalMinutes) <= (double)num2)
{
flag = true;
}
}
else
{
flag = true;
}
}
catch (Exception ex)
{
exceptionMsg = "转换时间戳格式时出错,原因:" + ex.Message;
}
}
if (!flag)
{
result = false;
errorMsg = "请求时间过期";
}
else
{
string empty = string.Empty;
string secret = ConfigurationManager.AppSettings["MD5KEY"];
string sign = ToponeMD5.GetSign(sortedDictionary, secret, ref empty);
if (sign != text)
{
result = false;
errorMsg = "请求的签名不正确";
exceptionMsg = string.Format("签名错误!请求的签名为:{0}, 本地生成的签名为:{1},本地接受的签名明文为:{2}", text, sign, empty);
}
}
}
return result;
}
private Dictionary<string, string> ConvertToDictionary(string input)
{
Dictionary<string, string> dictionary = new Dictionary<string, string>();
if (input.IndexOf("&") > 0)
{
string[] array = input.Split("&".ToCharArray());
for (int i = 0; i < array.Length; i++)
{
if (array[i] != string.Empty)
{
string[] array2 = array[i].Split("=".ToCharArray());
dictionary.Add(array2[0], HttpUtility.UrlDecode(array2[1]));
}
}
}
return dictionary;
}
private DateTime GetTime(int timeStamp)
{
DateTime dateTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1));
long ticks = long.Parse(timeStamp + "0000000");
TimeSpan value = new TimeSpan(ticks);
return dateTime.Add(value);
}
}
}
浙公网安备 33010602011771号