protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { var site_config = Tools.ConfigHelper.LoadConfig <Tools.WebSiteModel>(Tools.ConfigFileEnum.SiteConfig); IEnumerable <string> monsterApiKeyHeaderValues = null; //如果关闭验证 if (!site_config.WebAPIAuthentication) { return(base.SendAsync(request, cancellationToken)); } //验证HTTP报文头 if (request.Headers.TryGetValues(site_config.WebAPITokenKey, out monsterApiKeyHeaderValues)) { string oauth = monsterApiKeyHeaderValues.First(); if (string.IsNullOrWhiteSpace(oauth)) { return(requestCancel(request, cancellationToken, "缺少授权参数")); } Tools.Crypto3DES des = new Tools.Crypto3DES(SiteKey.DES3KEY); string[] vals = des.DESDeCode(oauth).Split('!'); if (vals.Length != 2) { return(requestCancel(request, cancellationToken, "授权格式错误")); } if (!vals[0].Equals(site_config.WebAPIMixer)) { return(requestCancel(request, cancellationToken, "授权数据错误1")); } DateTime dt_now = DateTime.Now; DateTime dt_old = Tools.WebHelper.GetTime(vals[1], dt_now); double diff = Tools.WebHelper.DateTimeDiff(dt_now, dt_old, "am"); //分钟 if (dt_now == dt_old) { return(requestCancel(request, cancellationToken, "授权时间有误"));//如果时间一样,则客户端传上来的时间戳不正确 } if (site_config.WebAPITmeOut == 0) { requestOK(); } else { if (diff >= site_config.WebAPITmeOut) { return(requestCancel(request, cancellationToken, "请求超时")); } else { requestOK(); } } } else { return(requestCancel(request, cancellationToken, "Unauthorized")); } return(base.SendAsync(request, cancellationToken)); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { APIResponseEntity <int> result = new APIResponseEntity <int>(); IEnumerable <string> monsterApiKeyHeaderValues = null; //验证HTTP报文头 if (request.Headers.TryGetValues("X-MonsterAccountToken", out monsterApiKeyHeaderValues)) { string oauth = monsterApiKeyHeaderValues.First(); if (!string.IsNullOrWhiteSpace(oauth)) { Tools.Crypto3DES des = new Tools.Crypto3DES(ServiceConfig.DES3KEY); string[] vals = des.DESDeCode(oauth).Split('&'); if (vals.Length == 3) { string valstr = "lizd@2sfqlyalsd!"; if (vals[0].Equals(valstr)) { DateTime dt_now = DateTime.Now; DateTime dt_old = Tools.TypeHelper.GetTime(vals[2], dt_now); double diff = Tools.TypeHelper.DateTimeDiff(dt_old, dt_now, "as"); int ss = 10; if (diff < ss) //10秒前的数据,则失败 { var userNameClaim = new Claim(ClaimTypes.Name, vals[1]); var identity = new ClaimsIdentity(new[] { userNameClaim }, "MonsterAppApiKey"); var principal = new ClaimsPrincipal(identity); Thread.CurrentPrincipal = principal; if (System.Web.HttpContext.Current != null) { System.Web.HttpContext.Current.User = principal; } } else { result.msgbox = "超时"; return(requestCancel(request, cancellationToken, result)); } } else { result.msgbox = "授权数据错误1"; return(requestCancel(request, cancellationToken, result)); } } else { result.msgbox = "授权格式错误"; return(requestCancel(request, cancellationToken, result)); } } else { result.msgbox = "缺少授权参数"; return(requestCancel(request, cancellationToken, result)); } } else { result.msgbox = "未经授权"; return(requestCancel(request, cancellationToken, result)); } return(base.SendAsync(request, cancellationToken)); }