Exemple #1
0
 //uid 암호화
 public override VirtualPathData GetVirtualPath(RequestContext requestContext, RouteValueDictionary values)
 {
     //Get uid from route data
     string uid = values["uid"] == null ? string.Empty : values["uid"].ToString();
     if(!string.IsNullOrWhiteSpace(uid))
     {
         //Encrypt and url encode uid
         AesCryptography helper = new AesCryptography();
         byte[] encryptedId = helper.EncryptStringToBytes(uid);
         values["uid"] = HttpServerUtility.UrlTokenEncode(encryptedId); 
     }
     return base.GetVirtualPath(requestContext, values);
 }
Exemple #2
0
        public ActionResult GotoPartnerSite(string uid)
        {
            AesCryptography cipher = new AesCryptography();

            string dateTime = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ");
            byte[] hmac = cipher.Hmac(dateTime, uid);

            UriBuilder target = new UriBuilder("http", "localhost", 65103, "/Home/PartnerSite");
            target.Query = string.Format("i={0}&t={1}&h={2}",
                HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(uid)),
                HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(dateTime)), 
                HttpServerUtility.UrlTokenEncode(hmac)
            );

            return Redirect(target.Uri.AbsoluteUri);
        }
Exemple #3
0
        public string PartnerSite(string i, string t, string h)
        {
            AesCryptography cipher = new AesCryptography();

            try
            {
                string uid = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["i"]));
                string dateTime = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["t"]));
                byte[] hmac = HttpServerUtility.UrlTokenDecode(Request.QueryString["h"]);

                DateTime dateTimeToCompare = Convert.ToDateTime(dateTime);

                //2분제약
                double allowedTime = 2;
                if (DateTime.Now.AddMinutes(allowedTime * -1) > dateTimeToCompare || DateTime.Now.AddMinutes(allowedTime) < dateTimeToCompare)
                {
                    return "Access is not allowed due to the URL expiration";
                }

                //HMC 점검
                byte[] hmacHere = cipher.Hmac(dateTime, uid);
                if (!hmac.SequenceEqual(hmacHere))
                {
                    return "Access is not permitted due to the tampered URL [" + Encoding.UTF8.GetString(hmac) + "]/[" + Encoding.UTF8.GetString(hmacHere) + "]";
                }
                else
                {
                    return "Welcome UID [" + uid + "]";
                }

            }
            catch (Exception ex)
            {
                return "Error: " + ex.Message;
            }


        }
Exemple #4
0
        //uid 복호화
        public override RouteData GetRouteData(HttpContextBase httpContext)
        {
            //Get the base class to build the route data
            var routeData = base.GetRouteData(httpContext);

            //url not matched
            if (routeData == null) return null;

            //all ids are supposed to be encrypted. Decrypt it!
            if(routeData.Values["uid"] != System.Web.Mvc.UrlParameter.Optional)
            {
                string encryptedUid = (string)routeData.Values["uid"];
                byte[] byteId = HttpServerUtility.UrlTokenDecode(encryptedUid);
                if (byteId == null) return null;

                AesCryptography helper = new AesCryptography();
                string uid = helper.DecryptStringFromBytes(byteId);

                //Modify uid value for controller to see it as normal
                routeData.Values["uid"] = uid;
            }

            return routeData;
        }