SignAttribute

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.IO;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Routing;

using Web.APIs.Integration.Common;

namespace Web.APIs.Integration.WebApi
{
    public class SignAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            DateTime dtBegin = DateTime.Now;
            bool flag = false;
            string errorMsg = string.Empty;
            string exceptionMsg = string.Empty;
            Dictionary<string, string> dictionary = new Dictionary<string, string>();
            try
            {
                if (ConfigurationManager.AppSettings["Debug"].ToUpper() == "TRUE")
                {
                    flag = true;
                }
                else
                {
                    IHttpRouteData routeData = actionContext.Request.GetRouteData();
                    if (routeData != null && routeData.Values != null)
                    {
                        foreach (string current in routeData.Values.Keys)
                        {
                            dictionary.Add(current, routeData.Values[current].ToString());
                        }
                    }
                    if (actionContext.Request.Method == HttpMethod.Post)
                    {
                        HttpContextBase httpContextBase = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];
                        if (httpContextBase.Request.InputStream != null)
                        {
                            Stream inputStream = httpContextBase.Request.InputStream;
                            inputStream.Position = 0L;
                            StreamReader streamReader = new StreamReader(inputStream);
                            string text = streamReader.ReadToEnd();
                            if (text != string.Empty)
                            {
                                text = text.Replace("\"", "");
                                string decryptKey = ConfigurationManager.AppSettings["DESKey"];
                                string text2 = DES.Decrypt(text, decryptKey);
                                Dictionary<string, string> dictionary2 = JsonConvert.DeserializeObject<Dictionary<string, string>>(text2);
                                if (dictionary2 != null)
                                {
                                    foreach (string current2 in dictionary2.Keys)
                                    {
                                        dictionary.Add(current2, dictionary2[current2]);
                                    }
                                }
                            }
                        }
                    }
                    flag = this.Vertify(dictionary, dtBegin, out errorMsg, out exceptionMsg);
                }
            }
            catch (Exception ex)
            {
                errorMsg = "验签失败";
                exceptionMsg = "验签时发生异常。原因:" + ex.Message;
            }
            if (flag)
            {
                this.IsAuthorized(actionContext);
            }
            else
            {
                Task.Factory.StartNew(delegate
                {
                    var objResult = new
                    {
                        Msg = errorMsg,
                        Exp = exceptionMsg
                    };
                    Error.Write(actionContext, exceptionMsg, objResult, dtBegin);
                });
                BaseResult baseResult = new BaseResult();
                baseResult.Result = flag;
                baseResult.ReturnMsg = errorMsg;
                HttpResponseMessage httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
                httpResponseMessage.Content = new StringContent(JsonConvert.SerializeObject(baseResult));
                actionContext.Response = httpResponseMessage;
                this.HandleUnauthorizedRequest(actionContext);
            }
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
        }

        private bool Vertify(Dictionary<string, string> dicParams, DateTime dtBegin, out string errorMsg, out string exceptionMsg)
        {
            bool result = true;
            errorMsg = string.Empty;
            exceptionMsg = string.Empty;
            if (dicParams == null || dicParams.Count == 0)
            {
                result = false;
                errorMsg = "无请求参数";
                exceptionMsg = "无请求参数";
            }
            else
            {
                SortedDictionary<string, string> sortedDictionary = new SortedDictionary<string, string>();
                string text = string.Empty;
                int num = 0;
                foreach (string current in dicParams.Keys)
                {
                    if (current.ToLower() != "sign")
                    {
                        sortedDictionary.Add(current, dicParams[current]);
                        if (current.ToLower() == "timestamp")
                        {
                            num = Convert.ToInt32(dicParams[current]);
                        }
                    }
                    else
                    {
                        text = dicParams[current];
                    }
                }
                bool flag = false;
                if (num > 0)
                {
                    try
                    {
                        DateTime time = this.GetTime(num);
                        int num2 = Convert.ToInt32(ConfigurationManager.AppSettings["TimeStampExpire"]);
                        if (num2 > 0)
                        {
                            if (Math.Abs((time - dtBegin).TotalMinutes) <= (double)num2)
                            {
                                flag = true;
                            }
                        }
                        else
                        {
                            flag = true;
                        }
                    }
                    catch (Exception ex)
                    {
                        exceptionMsg = "转换时间戳格式时出错,原因:" + ex.Message;
                    }
                }
                if (!flag)
                {
                    result = false;
                    errorMsg = "请求时间过期";
                }
                else
                {
                    string empty = string.Empty;
                    string secret = ConfigurationManager.AppSettings["MD5KEY"];
                    string sign = ToponeMD5.GetSign(sortedDictionary, secret, ref empty);
                    if (sign != text)
                    {
                        result = false;
                        errorMsg = "请求的签名不正确";
                        exceptionMsg = string.Format("签名错误!请求的签名为:{0}, 本地生成的签名为:{1},本地接受的签名明文为:{2}", text, sign, empty);
                    }
                }
            }
            return result;
        }

        private Dictionary<string, string> ConvertToDictionary(string input)
        {
            Dictionary<string, string> dictionary = new Dictionary<string, string>();
            if (input.IndexOf("&") > 0)
            {
                string[] array = input.Split("&".ToCharArray());
                for (int i = 0; i < array.Length; i++)
                {
                    if (array[i] != string.Empty)
                    {
                        string[] array2 = array[i].Split("=".ToCharArray());
                        dictionary.Add(array2[0], HttpUtility.UrlDecode(array2[1]));
                    }
                }
            }
            return dictionary;
        }

        private DateTime GetTime(int timeStamp)
        {
            DateTime dateTime = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1));
            long ticks = long.Parse(timeStamp + "0000000");
            TimeSpan value = new TimeSpan(ticks);
            return dateTime.Add(value);
        }
    }
}
时间: 2024-10-25 00:29:00

SignAttribute的相关文章