/// <summary> /// 验证签名 /// </summary> /// <param name="ticket"></param> /// <param name="dictionary"></param> /// <returns></returns> private BusinessBaseViewModel <string> ValidateSignature(string ticket, Dictionary <string, object> dictionary) { BusinessBaseViewModel <string> response = new BusinessBaseViewModel <string> { Status = ResponseStatus.Fail }; string appSecret = string.Empty; if (string.IsNullOrEmpty(ticket)) { if (!dictionary.ContainsKey("AppId")) { response.Status = ResponseStatus.ParameterError; return(response); } var appModel = new AuthenticationDataHelper().GetApplocationAuthorModel(dictionary["AppId"].ToString()); appSecret = appModel.AppSecret; } else { var ticketModel = AuthenticationHelper.GetDecryptTicket(ticket);// new AuthenticationDataHelper().GetApplocationAuthorModel(ticket); appSecret = ticketModel.AppSecret; } if (!dictionary.ContainsKey(signKey)) { response.Status = ResponseStatus.UnSignatureParamsError; return(response); } string signature = dictionary[signKey].ToString(); dictionary.Remove(signKey); //验证签名 string codesign = AuthenticationHelper.GetAuthenticationCode(dictionary, appSecret); if (!signature.Equals(codesign, StringComparison.CurrentCultureIgnoreCase)) { bool flag = HttpContext.Current.Request.Url.Host.Equals("localhost", StringComparison.CurrentCultureIgnoreCase); response.Status = ResponseStatus.UnSignatureError; response.BusinessData = flag ? codesign : ""; return(response); } //验证时效性 if (!dictionary.ContainsKey("Timestamp")) { response.Status = ResponseStatus.UnTimeSpanFromatError; return(response); } response.Status = AuthenticationHelper.CheckTimeStamp(dictionary["Timestamp"].ToString()); return(response); }
/// <summary> /// 验证签名 /// </summary> /// <param name="ticket"></param> /// <param name="dictionary"></param> /// <returns></returns> private ApiResultModel <string> ValidateSignature(Dictionary <string, object> dictionary, string secret) { var result = new ApiResultModel <string>() { Code = ApiResultCode.SignError }; var sign = dictionary[SignKey].ToString(); dictionary.Remove(SignKey); var paramSign = AuthenticationHelper.GetSign(dictionary, secret); if (paramSign == sign) { //验证签名时效 var code = AuthenticationHelper.CheckTimeStamp(dictionary[TimestampKey].ToString()); result.Code = code; } return(result); }