public string PartnerSite(string i, string t, string h)
{
AesCryptography cipher = new AesCryptography();
try
{
string uid = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["i"]));
string dateTime = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["t"]));
byte[] hmac = HttpServerUtility.UrlTokenDecode(Request.QueryString["h"]);
DateTime dateTimeToCompare = Convert.ToDateTime(dateTime);
//2분제약
double allowedTime = 2;
if (DateTime.Now.AddMinutes(allowedTime * -1) > dateTimeToCompare || DateTime.Now.AddMinutes(allowedTime) < dateTimeToCompare)
{
return "Access is not allowed due to the URL expiration";
}
//HMC 점검
byte[] hmacHere = cipher.Hmac(dateTime, uid);
if (!hmac.SequenceEqual(hmacHere))
{
return "Access is not permitted due to the tampered URL [" + Encoding.UTF8.GetString(hmac) + "]/[" + Encoding.UTF8.GetString(hmacHere) + "]";
}
else
{
return "Welcome UID [" + uid + "]";
}
}
catch (Exception ex)
{
return "Error: " + ex.Message;
}
}
//uid 복호화
public override RouteData GetRouteData(HttpContextBase httpContext)
{
//Get the base class to build the route data
var routeData = base.GetRouteData(httpContext);
//url not matched
if (routeData == null) return null;
//all ids are supposed to be encrypted. Decrypt it!
if(routeData.Values["uid"] != System.Web.Mvc.UrlParameter.Optional)
{
string encryptedUid = (string)routeData.Values["uid"];
byte[] byteId = HttpServerUtility.UrlTokenDecode(encryptedUid);
if (byteId == null) return null;
AesCryptography helper = new AesCryptography();
string uid = helper.DecryptStringFromBytes(byteId);
//Modify uid value for controller to see it as normal
routeData.Values["uid"] = uid;
}
return routeData;
}