/// <summary> /// /// </summary> /// <param name="url">要请求的地址</param> /// <param name="queryStringData">querystring参数键值对</param> /// <returns></returns> public async Task <SDKResult> GetAsync(string url, IDictionary <string, object> queryStringData) { // var orderedQS = queryStringData.OrderBy(kv => kv.Key); //var qsItems = orderedQS.Select(kv=>kv.Key+"="+kv.Value); if (queryStringData == null) { throw new ArgumentNullException("queryStringData不能为null"); } var qsItems = queryStringData.OrderBy(kv => kv.Key) .Select(kv => kv.Key + "=" + kv.Value); var queryString = string.Join("&", qsItems); string sign = MD5Helper.ComputeMd5(queryString + appSecret); using (HttpClient hc = new HttpClient()) { hc.DefaultRequestHeaders.Add("AppKey", appKey); hc.DefaultRequestHeaders.Add("Sign", sign); var resp = await hc.GetAsync(serverRoot + url + "?" + queryString); SDKResult sdkResult = new SDKResult(); sdkResult.Result = await resp.Content.ReadAsStringAsync(); sdkResult.StatusCode = resp.StatusCode; return(sdkResult); } }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { //获得报文头中的AppKey和Sign IEnumerable <string> appKeys; if (!actionContext.Request.Headers.TryGetValues("AppKey", out appKeys)) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { Content = new StringContent("报文头中的AppKey为空") }); } IEnumerable <string> signs; if (!actionContext.Request.Headers.TryGetValues("Sign", out signs)) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { Content = new StringContent("报文头中的Sign为空") }); } string appKey = appKeys.First(); string sign = signs.First(); var appInfo = await appInfoService.GetByAppKeyAsync(appKey); if (appInfo == null) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { Content = new StringContent("不存在的AppKey") }); } if (!appInfo.IsEnabled) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { Content = new StringContent("AppKey已经被封禁") }); } //计算用户输入参数的连接+AppSecret的Md5值 //orderedQS就是按照key(参数的名字)进行排序的QueryString集合 var orderedQS = actionContext.Request.GetQueryNameValuePairs().OrderBy(kv => kv.Key); var segments = orderedQS.Select(kv => kv.Key + "=" + kv.Value); //拼接key=value的数组 string qs = string.Join("&", segments); //用&符号拼接起来 string computedSign = MD5Helper.ComputeMd5(qs + appInfo.AppSecret); //计算qs+secret的md5值 //用户传进来md5值和计算出来的比对一下,就知道数据是否有被篡改过 if (sign.Equals(computedSign, StringComparison.CurrentCultureIgnoreCase)) { return(await continuation()); } else { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { Content = new StringContent("sign验证失败") }); } }
public async Task <bool> CheckLoginAsync(string phoneNum, string password) { using (UCDbContext ctx = new UCDbContext()) { var user = await ctx.Users.SingleOrDefaultAsync(e => e.PhoneNum == phoneNum); if (user == null) { return(false); } string inputHash = MD5Helper.ComputeMd5(password + user.PasswordSalt); return(user.PasswordHash == inputHash); } }
public async Task <long> AddNewAsync(string phoneNum, string nickName, string password) { using (UCDbContext ctx = new UCDbContext()) { if (await ctx.Users.AnyAsync(u => u.PhoneNum == phoneNum)) { throw new ApplicationException("手机号" + phoneNum + "已经存在"); } User user = new User(); user.NickName = nickName; user.PhoneNum = phoneNum; string salt = new Random().Next(10000, 99999).ToString(); string hash = MD5Helper.ComputeMd5(password + salt); user.PasswordHash = hash; user.PasswordSalt = salt; ctx.Users.Add(user); await ctx.SaveChangesAsync(); return(user.Id); } }
/// <summary> /// /// </summary> /// <param name="url">要请求的地址</param> /// <param name="queryStringData">queryStringData参数键值对</param> /// <returns></returns> public async Task <SDKResult> GetAsync(string url, IDictionary <string, object> queryStringData) { if (queryStringData == null) { throw new ArgumentException("参数queryStringData不能为null"); } var orderedQS = queryStringData.OrderBy(kv => kv.Key); var qsList = orderedQS.Select(q => q.Key + "=" + q.Value); var qsStr = String.Join("&", qsList); string sign = MD5Helper.ComputeMd5(qsStr + appSecret); using (HttpClient httpClient = new HttpClient()) { httpClient.DefaultRequestHeaders.Add("appKey", appKey); httpClient.DefaultRequestHeaders.Add("sign", sign); var response = await httpClient.GetAsync(serverRoot + url + "?" + qsStr); SDKResult skdResult = new SDKResult(); skdResult.Result = await response.Content.ReadAsStringAsync(); skdResult.StatusCode = response.StatusCode; return(skdResult); } }