public ActionResult GotoPartnerSite(string uid)
{
AesCryptography cipher = new AesCryptography();
string dateTime = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ");
byte[] hmac = cipher.Hmac(dateTime, uid);
UriBuilder target = new UriBuilder("http", "localhost", 65103, "/Home/PartnerSite");
target.Query = string.Format("i={0}&t={1}&h={2}",
HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(uid)),
HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(dateTime)),
HttpServerUtility.UrlTokenEncode(hmac)
);
return Redirect(target.Uri.AbsoluteUri);
}
public string PartnerSite(string i, string t, string h)
{
AesCryptography cipher = new AesCryptography();
try
{
string uid = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["i"]));
string dateTime = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["t"]));
byte[] hmac = HttpServerUtility.UrlTokenDecode(Request.QueryString["h"]);
DateTime dateTimeToCompare = Convert.ToDateTime(dateTime);
//2분제약
double allowedTime = 2;
if (DateTime.Now.AddMinutes(allowedTime * -1) > dateTimeToCompare || DateTime.Now.AddMinutes(allowedTime) < dateTimeToCompare)
{
return "Access is not allowed due to the URL expiration";
}
//HMC 점검
byte[] hmacHere = cipher.Hmac(dateTime, uid);
if (!hmac.SequenceEqual(hmacHere))
{
return "Access is not permitted due to the tampered URL [" + Encoding.UTF8.GetString(hmac) + "]/[" + Encoding.UTF8.GetString(hmacHere) + "]";
}
else
{
return "Welcome UID [" + uid + "]";
}
}
catch (Exception ex)
{
return "Error: " + ex.Message;
}
}