/// <summary>
/// 测试sha1加密方法
/// </summary>
public void Sha1EncryptTest()
{
var str = "FreshMan";
var securityStr = ShaHelper.Sha1(str);
securityStr.IsEqualTo("0A3EBF8576F1667B5893B42255BCDBD6C1D56339");
}
/// <summary>
/// 公众号返回验证结果
/// </summary>
/// <returns></returns>
public string GetGZValidityResult()
{
GZValidityEntity validityEntity = Request2Entity(this._request, new GZValidityEntity());
if (validityEntity == null)
{
return("");
}
WXGZConfigEntity gzConfig = XmlToEntity.GetGZConfig();
string[] arrValidity = { gzConfig.Token, validityEntity.Timestamp, validityEntity.Nonce };
Array.Sort(arrValidity);
string strJoin = string.Join("", arrValidity);
string strEncryption = ShaHelper.StrSha1Lower(strJoin);
if (strEncryption.Equals(validityEntity.Signature))
{
return(validityEntity.echostr);
}
else
{
return("");
}
}
public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var request = context.HttpContext.Request;
if (request.Method == "POST")
{
IHttpContextAccessor httpContextAccessor = AspectCoreContainer.CreateScope().Resolve <IHttpContextAccessor>();
var configDataLogic = AspectCoreContainer.CreateScope().Resolve <IConfigDataLogic>();
var ip = httpContextAccessor.HttpContext.GetRequestIp4Address()?.ToString();
var ipWhiteList = configDataLogic.GetByKey(ConfigDataKey.IpWhiteList);
var timestampOffsetMinute = configDataLogic.GetByKey(ConfigDataKey.TimestampOffsetMinute);
double.TryParse(timestampOffsetMinute, out var minute);
var actionParams = StreamHelper.GetStreamText(request.Body);
Dictionary <string, object> jsonDict = JsonConvert.DeserializeObject <Dictionary <string, Object> >(actionParams);
var d = new SortedDictionary <string, object>(jsonDict);
var sss = JsonConvert.SerializeObject(d);
var timeHeader = request.Headers["timestamp"].ToString();
var signHeader = request.Headers["sign"].ToString();
if (timeHeader == "" || signHeader == "")
{
context.Result = new JsonResult(ExcutedResult.FailedResult(BusinessResultCode.NoSign, "调用错误"));
}
else
{
if (long.TryParse(timeHeader, out var timestamp))
{
var time = DateTimeHelper.ConvertFromTimeStamp(timestamp);
if (time == null || time.Value.AddMinutes(minute).ToUniversalTime() < DateTime.UtcNow)
{
context.Result = new JsonResult(ExcutedResult.FailedResult(BusinessResultCode.NoSign, "调用错误"));
}
var sign = ShaHelper.Encrypt(sss + timeHeader);
if (sign != signHeader)
{
context.Result = new JsonResult(ExcutedResult.FailedResult(BusinessResultCode.SignError, "签名错误"));
}
}
else
{
context.Result = new JsonResult(ExcutedResult.FailedResult(BusinessResultCode.NoSign, "调用错误"));
}
}
if (!string.IsNullOrEmpty(ipWhiteList))
{
if (!string.IsNullOrEmpty(ip) && !ipWhiteList.Contains(ip))
{
context.Result =
new JsonResult(ExcutedResult.FailedResult(SysResultCode.ServerException, "Your ip not access"));
}
}
}
return(base.OnActionExecutionAsync(context, next));
}
public bool IsValidPassword(string password)
{
// todo: Find out what is the password
return(true);
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(nameof(password));
}
var hashPass = ShaHelper.GenerateSha256String(password);
return(_configuration.HashPassword.Equals(hashPass));
}
/// <summary>
/// Gets the sign.
/// </summary>
/// <returns></returns>
public async Task <JsApiSign> GetSignature(string url)
{
var sign = new JsApiSign
{
NonceStr = Guid.NewGuid().ToString("N"),
TimeStamp = GetTimeStamp(),
};
var ticket = await GetJsApiTicket();
if (ticket == null)
{
return(null);
}
var dicts = new Dictionary <string, string>
{
{ "noncestr", sign.NonceStr },
{ "jsapi_ticket", ticket },
{ "timestamp", sign.TimeStamp.ToString() }
};
if (!string.IsNullOrEmpty(url))
{
url = url.Split('#')[0];
}
dicts.Add("url", url);
var arrSignature = dicts
.OrderBy(m => m.Key, StringComparer.Ordinal)
.Select(m =>
{
return(string.Format("{0}={1}", m.Key, m.Value));
})
.ToArray();
var forSign = string.Join("&", arrSignature);
sign.Signature = ShaHelper.Sha1(forSign);
sign.AppId = config.AppId;
return(sign);
}
public async Task <IActionResult> Create([Bind("Iduser,Name,Lastname,Surname,Idusertype,Email,Password")] User user, DateTime dob, int idgender, int idstate, string city, List <IFormFile> files)
{
user.Idusertype = 1;
if (ModelState.IsValid)
{
SHA256 mySHA256 = SHA256.Create();
user.Userinfo = new Userinfo
{
Idgender = idgender,
Idstate = idstate,
City = city,
Dob = dob
};
user.Password = ShaHelper.ComputeSha256Hash(user.Password);
_context.Add(user);
await _context.SaveChangesAsync();
List <Documents> Documents = new List <Documents>();
foreach (var item in files)
{
Documents documents = new Documents();
using (var memoryStream = new MemoryStream())
{
item.CopyTo(memoryStream);
documents.Blob = memoryStream.ToArray();
documents.Description = item.FileName;
}
Documents.Add(documents);
}
var register = new Register
{
Isvalid = false,
Iduser = user.Iduser,
Documents = Documents
};
_context.Add(register);
await _context.SaveChangesAsync();
return(Redirect("/Register"));
}
ViewData["Idusertype"] = new SelectList(_context.Usertype, "Idusertype", "Description", user.Idusertype);
return(View(user));
}
public static async Task <IWebHost> SeedDbAsync(this IWebHost webHost)
{
using (var scope = webHost.Services.CreateScope())
{
var services = scope.ServiceProvider;
var usersRepo = services.GetService <IRepositoryAsync <User> >();
var logger = services.GetService <ILogger <IWebHost> >();
var any = await usersRepo.AnyAsync();
if (!any)
{
const string id1 = "e8a76441-56ce-483c-99f7-2dcbfb39ec21";
const string id2 = "2229587e-276d-42d0-93c4-fd0e9bd003c7";
var password = ShaHelper.GetSHA256String("12345");
await Task.WhenAll(
usersRepo.AddOrReplaceAsync(id: id1, item: new User
{
Email = "*****@*****.**",
FirstName = "Vasya",
LastName = "Pupkin",
Password = password,
UserId = id1
}),
usersRepo.AddOrReplaceAsync(id: id2, item: new User
{
Email = "*****@*****.**",
FirstName = "Sasha",
LastName = "Ronin",
Password = password,
UserId = id2
})
);
logger.LogInformation("--- Seeded the database");
}
} // using
return(webHost);
} // SeedDb
/// <summary>
/// 获取JS-SDK权限验证的签名Signature
/// </summary>
/// <param name="jsapi_ticket">jsapi_ticket</param>
/// <param name="noncestr">随机字符串(必须与wx.config中的nonceStr相同)</param>
/// <param name="timestamp">时间戳(必须与wx.config中的timestamp相同)</param>
/// <param name="url">当前网页的URL,不包含#及其后面部分(必须是调用JS接口页面的完整URL)</param>
/// <returns></returns>
public static string GetSignature(string jsapi_ticket, string noncestr, string timestamp, string url)
{
Dictionary <string, string> signData = new Dictionary <string, string>()
{
{ "noncestr", noncestr },
{ "jsapi_ticket", jsapi_ticket },
{ "timestamp", timestamp },
{ "url", url.IndexOf("#") >= 0 ? url.Substring(0, url.IndexOf("#")) : url }
};
var dataList = signData.ToList();
//按照字段名的ASCII码从小到大排序(字典序)
dataList.Sort((KeyValuePair <string, string> x, KeyValuePair <string, string> y) => { return(x.Key.CompareTo(y.Key)); });
//使用URL键值对的格式拼接成字符串
var queryString = dataList.Aggregate(string.Empty, (query, item) => string.Concat(query, "&", item.Key, "=", item.Value)).TrimStart('&');
//StringBuilder sb = new StringBuilder();
//sb.Append( "jsapi_ticket=" ).Append( jsapi_ticket ).Append( "&" )
// .Append( "noncestr=" ).Append( noncestr ).Append( "&" )
// .Append( "timestamp=" ).Append( timestamp ).Append( "&" )
// .Append( "url=" ).Append( url.IndexOf( "#" ) >= 0 ? url.Substring( 0, url.IndexOf( "#" ) ) : url );
return(ShaHelper.StrSha1Lower(queryString.ToString()));
}
public async Task <JsonResult> OnPostCreateUser([DataSourceRequest] DataSourceRequest request, User user)
{
try
{
await Task.Run(async() =>
{
user.UserId = Guid.NewGuid().ToString();
user.Password = ShaHelper.GetSHA256String(user.Password);
_users.Add(new UserViewModel
{
UserId = user.UserId,
Password = user.Password,
Email = user.Email,
FirstName = user.FirstName,
LastName = user.LastName,
Permissions = "No permissions"
});
// Сохраняем в кэш (наша мини-базочка sqlite, которая хранится в памяти)
await _uow.Users.AddAsync(user);
await _uow.SaveChangesAsync();
// Производим добавление непосредственно в базу на сервер
await _usersStorageService.AddOrReplaceUserAsync(user);
});
//await PopulateDropDownListsAsync();
}
catch (Exception e)
{
_logger.LogWarning($"--- OnPostCreateUser something wrong.\n\n Reason: {e.Message}");
_logger.LogDebug(3000, e, "------------------------------------------------------");
}
return(new JsonResult(new[] { user }.ToDataSourceResult(request, ModelState)));
}
public bool AddItemsToBoard(FileInputModel uploadBoard)
{
var uploads = Path.Combine(_hostingEnvironment.WebRootPath, "assets");
var board = LoadBoard(uploadBoard.id);
if (board != null)
{
bool IsUploadOk = false;
foreach (var item in uploadBoard.files)
{
var fullpath = FileHelper.UploadFile(uploads, item, ShaHelper.GenerateSHA256String(DateTime.Now.ToString()));
if (fullpath == null)
{
IsUploadOk = false;
break;
}
board.Items.Add(new SharedBoardItemBoard()
{
Name = item.FileName,
ShortText = "",
Path = fullpath,
Type = SharedBoardItemBoard.ItemBoardType.Image
});
IsUploadOk = true;
}
if (IsUploadOk)
{
UpdateBoard(board);
}
}
return(true);
}
public async Task <IActionResult> Index(string username, string password)
{
LoginData loginData = new LoginData
{
Username = username,
Password = password
};
if (ModelState.IsValid)
{
var user = await _context.User.FirstOrDefaultAsync(t => t.Email == loginData.Username && t.Password == ShaHelper.ComputeSha256Hash(password));
if (user == null)
{
ModelState.AddModelError("", "username or password is invalid");
return(View());
}
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginData.Username));
identity.AddClaim(new Claim(ClaimTypes.Name, loginData.Username));
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties
{
IsPersistent = loginData.RememberMe
});
return(Redirect("/User/Index"));
}
else
{
ModelState.AddModelError("", "username or password is blank");
return(View());
}
}
public static string Sha256Hash(string value)
{
var portableCrypto = new ShaHelper();
return(portableCrypto.Sha256Hash(value));
}
