protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
var site_config = Tools.ConfigHelper.LoadConfig <Tools.WebSiteModel>(Tools.ConfigFileEnum.SiteConfig);
IEnumerable <string> monsterApiKeyHeaderValues = null;
//如果关闭验证
if (!site_config.WebAPIAuthentication)
{
return(base.SendAsync(request, cancellationToken));
}
//验证HTTP报文头
if (request.Headers.TryGetValues(site_config.WebAPITokenKey, out monsterApiKeyHeaderValues))
{
string oauth = monsterApiKeyHeaderValues.First();
if (string.IsNullOrWhiteSpace(oauth))
{
return(requestCancel(request, cancellationToken, "缺少授权参数"));
}
Tools.Crypto3DES des = new Tools.Crypto3DES(SiteKey.DES3KEY);
string[] vals = des.DESDeCode(oauth).Split('!');
if (vals.Length != 2)
{
return(requestCancel(request, cancellationToken, "授权格式错误"));
}
if (!vals[0].Equals(site_config.WebAPIMixer))
{
return(requestCancel(request, cancellationToken, "授权数据错误1"));
}
DateTime dt_now = DateTime.Now;
DateTime dt_old = Tools.WebHelper.GetTime(vals[1], dt_now);
double diff = Tools.WebHelper.DateTimeDiff(dt_now, dt_old, "am"); //分钟
if (dt_now == dt_old)
{
return(requestCancel(request, cancellationToken, "授权时间有误"));//如果时间一样,则客户端传上来的时间戳不正确
}
if (site_config.WebAPITmeOut == 0)
{
requestOK();
}
else
{
if (diff >= site_config.WebAPITmeOut)
{
return(requestCancel(request, cancellationToken, "请求超时"));
}
else
{
requestOK();
}
}
}
else
{
return(requestCancel(request, cancellationToken, "Unauthorized"));
}
return(base.SendAsync(request, cancellationToken));
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
APIResponseEntity <int> result = new APIResponseEntity <int>();
IEnumerable <string> monsterApiKeyHeaderValues = null;
//验证HTTP报文头
if (request.Headers.TryGetValues("X-MonsterAccountToken", out monsterApiKeyHeaderValues))
{
string oauth = monsterApiKeyHeaderValues.First();
if (!string.IsNullOrWhiteSpace(oauth))
{
Tools.Crypto3DES des = new Tools.Crypto3DES(ServiceConfig.DES3KEY);
string[] vals = des.DESDeCode(oauth).Split('&');
if (vals.Length == 3)
{
string valstr = "lizd@2sfqlyalsd!";
if (vals[0].Equals(valstr))
{
DateTime dt_now = DateTime.Now;
DateTime dt_old = Tools.TypeHelper.GetTime(vals[2], dt_now);
double diff = Tools.TypeHelper.DateTimeDiff(dt_old, dt_now, "as");
int ss = 10;
if (diff < ss) //10秒前的数据,则失败
{
var userNameClaim = new Claim(ClaimTypes.Name, vals[1]);
var identity = new ClaimsIdentity(new[] { userNameClaim }, "MonsterAppApiKey");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
if (System.Web.HttpContext.Current != null)
{
System.Web.HttpContext.Current.User = principal;
}
}
else
{
result.msgbox = "超时";
return(requestCancel(request, cancellationToken, result));
}
}
else
{
result.msgbox = "授权数据错误1";
return(requestCancel(request, cancellationToken, result));
}
}
else
{
result.msgbox = "授权格式错误";
return(requestCancel(request, cancellationToken, result));
}
}
else
{
result.msgbox = "缺少授权参数";
return(requestCancel(request, cancellationToken, result));
}
}
else
{
result.msgbox = "未经授权";
return(requestCancel(request, cancellationToken, result));
}
return(base.SendAsync(request, cancellationToken));
}
