/// <summary> /// HttpRequest 校验 头部参数是否缺失或为空 /// </summary> /// <param name="context"></param> public bool HeaderParameterVerify(ActionExecutingContext context, out long timeSpan, out string signature) { timeSpan = 0; signature = ""; if (!context.HttpContext.Request.Headers.ContainsKey("timespan") || context.HttpContext.Request.Headers["timespan"].ToString() == "") { context.ExecutingExtend("缺少时间戳参数或参数为空", StatusCodeEnum.TimeSpanDeletion); return(false); } else if (!context.HttpContext.Request.Headers.ContainsKey("signature") || context.HttpContext.Request.Headers["signature"].ToString() == "") { context.ExecutingExtend("缺少签名参数或参数为空", StatusCodeEnum.SignatureDeleTion); return(false); } timeSpan = long.Parse(context.HttpContext.Request.Headers["timespan"].ToString()); signature = context.HttpContext.Request.Headers["signature"].ToString(); if (timeSpan.ToString().Length != 13) { context.ExecutingExtend("时间戳格式有误", StatusCodeEnum.TimeSpanError); return(false); } return(true); }
public override void OnActionExecuting(ActionExecutingContext context) { Result result = new Result(); HttpRequest request = context.HttpContext.Request; //根据请求类型获取参数 string method = context.HttpContext.Request.Method; //时间戳 long timespan = 0; //签名 string signature = string.Empty; if (request.Path.HasValue) { Dictionary <string, string> RequestPar = new Dictionary <string, string>(); if (method == "POST") { //在内存中创建缓冲区存放Request.Body的内容,从而允许反复读取Request.Body的Stream canseek 是否可以访问流中的某个位置,正文可以多次读取多次 request.EnableBuffering(); //重新定义流的位置,读取全部的数据 request.Body.Position = 0; var postRequestStream = new StreamReader(request.Body, Encoding.Default); var postData = postRequestStream.ReadToEnd(); //重置指针 流已到尾部 request.Body.Position = 0; //关闭流 postRequestStream.Close(); string jsonData = postData.TrimStart('"').TrimEnd('"').Replace(@"\", ""); //获取 post 请求参数集合 if (jsonData.Contains("&") || jsonData.Contains("=")) { jsonData.FormStringToDic(ref RequestPar); } else { jsonData.ReqParamesToDic(ref RequestPar); } } if (method == "GET") { var GetRequestPar = request.Query.Keys.ToArray(); //var getForm = request.; foreach (var item in GetRequestPar) { var val = request.Query[item].ToString(); if (val.IndexOf("'") == -1 || val.IndexOf("{") != -1) { RequestPar.Add(item, val); continue; } var valRelase = val.Replace("'", ""); RequestPar.Add(item, valRelase); } } //校验 时间戳、签名 参数是否有误、缺失 if (HeaderParameterVerify(context, out timespan, out signature)) { //请求参数拼接 按照 key1+value1+key2+value2 的方式拼接 string RequestParJoint = RequestPar.GetQueryString(); //按按 密钥+参数+时间戳 字符串拼接 string MD5EncryptStr = BTPardispose.LinkString(BTApiKey, RequestParJoint, timespan.ToString()); //验证时间戳是否过期 if (timespan.TimeSpan()) { //MD5加密 32位 string Md5Str = MD5EncryptStr.MD5Encrypt(); if (Md5Str == signature) { base.OnActionExecuting(context); } else { context.ExecutingExtend("签名校验失败,请求参数可能被篡改", StatusCodeEnum.SignatureFailure); return; } } else { context.ExecutingExtend("请求已超时", StatusCodeEnum.TimeSpanTimeOut); return; } } } }