public JObject Get() { HttpRequest request = HttpContext.Current.Request; string appid = request.Params.Get("appid"); string timestamp = request.Params.Get("timestamp"); string sign = request.Params.Get("sign"); string err = string.Empty; if (!authenticate(appid, timestamp, sign, out err)) { JObject error = new JObject(); error.Add("code", -1); error.Add("error", err); return(error); } JObject ret = new JObject(); ret.Add("code", 0); userA_access_token = AuthenticateUtil.newToken(); userA_expires_timestamp = AuthenticateUtil.nowTimeStamp() + AuthenticateUtil.token_expires_in; ret.Add("access_token", userA_access_token); ret.Add("expires_in", AuthenticateUtil.token_expires_in); return(ret); }
private bool authenticate(string appid, string timestamp, string sign, out string error) { if (!AuthenticateUtil.isValidRequest(Convert.ToInt64(timestamp, 10))) { error = "请求超时"; return(false); } if (appid != userA_APPID) { error = "非法用户"; return(false); } StringBuilder string1Builder = new StringBuilder(); string1Builder.Append("appid=").Append(appid).Append("&") .Append("timestamp=").Append(timestamp); string Sign = AuthenticateUtil.HMAC(string1Builder.ToString()); if (!Sign.Equals(sign)) { error = "sign无效"; return(false); } error = string.Empty; return(true); }