public ActionResult GotoPartnerSite(string uid) { AesCryptography cipher = new AesCryptography(); string dateTime = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ"); byte[] hmac = cipher.Hmac(dateTime, uid); UriBuilder target = new UriBuilder("http", "localhost", 65103, "/Home/PartnerSite"); target.Query = string.Format("i={0}&t={1}&h={2}", HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(uid)), HttpServerUtility.UrlTokenEncode(cipher.EncryptStringToBytes(dateTime)), HttpServerUtility.UrlTokenEncode(hmac) ); return Redirect(target.Uri.AbsoluteUri); }
public string PartnerSite(string i, string t, string h) { AesCryptography cipher = new AesCryptography(); try { string uid = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["i"])); string dateTime = cipher.DecryptStringFromBytes(HttpServerUtility.UrlTokenDecode(Request.QueryString["t"])); byte[] hmac = HttpServerUtility.UrlTokenDecode(Request.QueryString["h"]); DateTime dateTimeToCompare = Convert.ToDateTime(dateTime); //2분제약 double allowedTime = 2; if (DateTime.Now.AddMinutes(allowedTime * -1) > dateTimeToCompare || DateTime.Now.AddMinutes(allowedTime) < dateTimeToCompare) { return "Access is not allowed due to the URL expiration"; } //HMC 점검 byte[] hmacHere = cipher.Hmac(dateTime, uid); if (!hmac.SequenceEqual(hmacHere)) { return "Access is not permitted due to the tampered URL [" + Encoding.UTF8.GetString(hmac) + "]/[" + Encoding.UTF8.GetString(hmacHere) + "]"; } else { return "Welcome UID [" + uid + "]"; } } catch (Exception ex) { return "Error: " + ex.Message; } }