/// <summary>
/// 校验Token
/// </summary>
/// <param name="token">待校验的Token字符串</param>
/// <param name="userId">输出型参数,若校验通过值为userId,否则值为null</param>
/// <returns>Token校验结果。Valid:校验通过; Invalid:不合法的Token,校验失败; Expired:过期的Token,校验失败</returns>
public string CheckToken(string token, out string userId)
{
userId = null;
//如果token长度不为256,肯定不合法
if (token.Length != 256)
{
return(TokenState.Invalid.ToString());
}
string realData = CryptHelper.Decrypt(PrivateKeyPath, token);
//验证解密非空,否则token不合法
if (string.IsNullOrEmpty(realData))
{
return(TokenState.Invalid.ToString());
}
string[] splitData = realData.Split('&');
//验证数字签名
if (HashBuilder.GetHMACMD5Hash(splitData[0] + splitData[1] + splitData[2]).Equals(splitData[3]) == false)
{
return(TokenState.Invalid.ToString());
}
//验证是否过期
if (Convert.ToInt32((DateTime.Now - Convert.ToDateTime(splitData[1])).TotalMinutes) > Convert.ToInt32(splitData[2]))
{
return(TokenState.Expired.ToString());
}
//到此验证通过
userId = splitData[0];
return(TokenState.Valid.ToString());
}
public static TicketState CheckTicket(string ticket, string clientIp, out string userId)
{
userId = null;
string realData = CryptHelper.Decrypt(PrivateKeyPath, ticket);
//验证解密非空
if (string.IsNullOrEmpty(realData))
{
return(TicketState.Invalid);
}
string[] splitData = realData.Split('&');
//验证数字签名
if (HashBuilder.GetHMACMD5Hash(splitData[0] + splitData[1] + splitData[2] + splitData[3]).Equals(splitData[4]) == false)
{
return(TicketState.Invalid);
}
//验证ip
if (splitData[1].Equals(clientIp) == false)
{
return(TicketState.Invalid);
}
//验证是否过期
if (Convert.ToInt32((DateTime.Now - Convert.ToDateTime(splitData[2])).TotalMinutes) > Convert.ToInt32(splitData[3]))
{
return(TicketState.Expired);
}
//到此验证通过
userId = splitData[0];
return(TicketState.Valid);
}
//title="userId & createTime & expiredDuration & 签名"
/// <summary>
/// 创建Token
/// </summary>
/// <param name="UserId">当前用户ID</param>
/// <param name="expiredDuration">Token的有效时长(单位:分钟)</param>
/// <returns>Token字符串</returns>
public string CreateToken(string UserId, int expiredDuration)
{
string timeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
string strHashed = HashBuilder.GetHMACMD5Hash(UserId + timeStamp + expiredDuration.ToString());
string concatData = UserId + "&" + timeStamp + "&" + expiredDuration.ToString() + "&" + strHashed;
return(CryptHelper.Encrypt(PublicKeyPath, concatData));
}
/// <summary>
/// 校验Token
/// </summary>
/// <param name="token">待校验的Token字符串</param>
/// <param name="userId">输出型参数,若校验通过值为userId,否则值为null</param>
/// <returns>Token校验结果。Valid:校验通过; Invalid:不合法的Token,校验失败; Expired:过期的Token,校验失败</returns>
public string CheckToken(string token, out string userId)
{
userId = null;
//base64编码后4的倍数长度,AES加密长度大于24位
if (token.Length % 4 != 0 || token.Length < 24)
{
return(TokenState.Invalid.ToString());
}
string realData = CryptHelper.AESDecrypt(token);
//验证解密非空,否则token不合法
if (string.IsNullOrEmpty(realData))
{
return(TokenState.Invalid.ToString());
}
string[] splitData = realData.Split('&');
//如果按照&拆分后不是4个部分,肯定被篡改了
if (splitData.Length != 4)
{
return(TokenState.Invalid.ToString());
}
//验证数字签名
if (HashBuilder.GetHMACMD5Hash(splitData[0] + splitData[1] + splitData[2]).Equals(splitData[3]) == false)
{
return(TokenState.Invalid.ToString());
}
//验证是否过期
if (Convert.ToInt32((DateTime.Now - Convert.ToDateTime(splitData[1])).TotalMinutes) > Convert.ToInt32(splitData[2]))
{
return(TokenState.Expired.ToString());
}
//到此验证通过
userId = splitData[0];
return(TokenState.Valid.ToString());
}
