NetPro.Sign
6.0.16
dotnet add package NetPro.Sign --version 6.0.16
NuGet\Install-Package NetPro.Sign -Version 6.0.16
<PackageReference Include="NetPro.Sign" Version="6.0.16" />
paket add NetPro.Sign --version 6.0.16
#r "nuget: NetPro.Sign, 6.0.16"
// Install NetPro.Sign as a Cake Addin #addin nuget:?package=NetPro.Sign&version=6.0.16 // Install NetPro.Sign as a Cake Tool #tool nuget:?package=NetPro.Sign&version=6.0.16
接口签名
主要防范请求参数被篡改和增加爬虫难度,签名组件应该在所有中间件之前执行,以保证其他组件不影响签名的正常执行(签名组件如在拦截类型的缓存中间件等之后执行,会让大部分请求绕过签名直接请求成功)
接口签名使用
默认为url参数与body参数根据参数名升序排序合并成一个字符串再utf-8编码后进行摘要计算,得到的值转为16进制小写 例如http://localhost:5000/api/user?timestamp=111111&appid=knasdfnas&name=yuhun&age=17&sign=jasdfksnlfsmf98sdflmdf8 body:{"police":"noPo"}
签名规则:将query参数名和"body"升序排序后: HMACSHA256(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun×tamp=111111,secret)
如果是md5,则在query参数末尾追加secret md5(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun×tamp=111111+secret)
startup注入
public void ConfigureServices(IServiceCollection services)
{
services.AddVerifySign(s =>
{
s.OperationFilter<VerifySignCustomer>();//VerifySignCustomer为自定义摘要与获取secret,如默认规则。则不需要OperationFilter
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
application.Use(next => context =>
{
//此设置用于其他地方读取Body https://stackoverflow.com/questions/31389781/read-request-body-twice
context.Request.EnableBuffering();
return next(context);
});
}
自定义摘要算法
public class VerifySignCustomer : IOperationFilter
{
private readonly IConfiguration _configuration;
public VerifySignCustomer(IConfiguration configuration)
{
_configuration = configuration;
}
/// <summary>
/// 根据appid获取secret
/// </summary>
/// <param name="appid"></param>
/// <returns></returns>
public string GetSignSecret(string appid)
{
var secret = "1111";//自定义通过appid获取对应的secret
return secret;
}
/// <summary>
/// 定义摘要算法
/// </summary>
/// <param name="message"></param>
/// <param name="secret"></param>
/// <returns></returns>
public string GetSignhHash(string message, string secret)
{
return "5555555";//对message进行摘要,secret作为干扰项
}
}
appsetting.json
"VerifySignOption": {
"Enabled": true,//是否启用
"IsForce":true,//是否强制实名校验 ,false 签名错误只记录日志
"IsDebug": true,//是否调试,显示更多敏感信息action加特式签名,global则全局
"ExpireSeconds": 60,//时间戳过期时长,单位秒
"CommonParameters": { //公共参数名的定义
"TimestampName": "timestamp",
"AppIdName": "appid",
"SignName": "sign"
},
"AppSecret": { //默认AK/SK
"AppId":{
"你的appid1": "对应的secret1",
"你的appid2": "对应的secret2"
}
}
}
Attribute模式使用方式(废弃,签名只适合中间件方式)
- 设置需签名的控制器或方法
[Route("api/v1/[controller]")]
[VerifySign]//此控制器将签名访问
public class WeatherForecastController : ControllerBase
...
[HttpPost]
[Route("pay/create")]
[ProducesResponseType(200)]
[VerifySign]//此action将签名访问
public IActionResult Get()
忽略签名(废弃,此特性在中间件中无效)
[HttpPost]
[Route("pay/create")]
[ProducesResponseType(200)]
[IgnoreSign]//此方法忽略签名
public IActionResult Get()
生成签名
/// <summary>
/// 生成签名(签名公共参数必须以url方式提供,便于查看与快速调试)
/// </summary>
/// <returns></returns>
[HttpGet("createsign")]
public IActionResult CreateSign()
{
object body=new { a = 1, b = "1" };
var query = HttpUtility.ParseQueryString(string.Empty);
query["appid"] = "111"; //必传 应用id
query["acount"] = "我是你+"; //必传;加密方法
long timestamp=SignCommon.CreateTimestamp();
query["timestamp"] = timestamp; //必传;时间戳
var sign = SignCommon.CreateSign("secret", queryDic: query, body: body);//如果为Get请求,Body参数为空即可
query["sign"] =sign; //必传;加密方法
//得到的queryDic便是完整url参数字典
return Ok(sign);
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- Microsoft.Extensions.DependencyInjection (>= 6.0.0)
- NetPro.NetProShareRequestBody (>= 6.0.16)
- NetPro.Startup (>= 6.0.16)
-
net6.0
- Microsoft.Extensions.DependencyInjection (>= 6.0.0)
- NetPro.NetProShareRequestBody (>= 6.0.16)
- NetPro.Startup (>= 6.0.16)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on NetPro.Sign:
Package | Downloads |
---|---|
NetPro.Web.Core
Package Description |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
6.0.16 | 239 | 7/24/2023 |
6.0.15 | 522 | 7/19/2022 |
6.0.14 | 468 | 7/10/2022 |
6.0.13 | 469 | 6/15/2022 |
6.0.12 | 469 | 6/15/2022 |
6.0.11 | 448 | 6/15/2022 |
6.0.10 | 467 | 6/11/2022 |
6.0.9 | 465 | 6/8/2022 |
6.0.8 | 465 | 5/26/2022 |
6.0.8-beta.3 | 130 | 5/24/2022 |
6.0.8-beta.2 | 127 | 5/24/2022 |
6.0.7 | 493 | 5/18/2022 |
6.0.6 | 460 | 4/28/2022 |
6.0.5 | 469 | 3/30/2022 |
6.0.5-beta.20 | 127 | 4/27/2022 |
6.0.5-beta.19 | 129 | 4/25/2022 |
6.0.5-beta.18 | 126 | 4/22/2022 |
6.0.5-beta.17 | 138 | 4/16/2022 |
6.0.5-beta.16 | 134 | 4/8/2022 |
6.0.5-beta.15 | 139 | 4/8/2022 |
6.0.5-beta.14 | 148 | 4/7/2022 |
6.0.5-beta.13 | 147 | 4/7/2022 |
6.0.5-beta.12 | 143 | 4/6/2022 |
6.0.5-beta.11 | 135 | 4/6/2022 |
6.0.5-beta.10 | 141 | 3/31/2022 |
6.0.5-beta.9 | 143 | 3/26/2022 |
6.0.5-beta.8 | 141 | 3/22/2022 |
6.0.5-beta.7 | 135 | 3/21/2022 |
6.0.5-beta.6 | 139 | 3/14/2022 |
6.0.5-beta.5 | 136 | 3/2/2022 |
6.0.5-beta.4 | 135 | 2/22/2022 |
6.0.5-beta.3 | 146 | 2/18/2022 |
6.0.5-beta.2 | 136 | 2/18/2022 |
6.0.5-beta.1 | 144 | 2/16/2022 |
6.0.4 | 501 | 2/10/2022 |
6.0.3 | 454 | 2/9/2022 |
6.0.3-beta.9 | 130 | 2/10/2022 |
6.0.3-beta.7 | 151 | 1/27/2022 |
6.0.3-beta.6 | 147 | 1/19/2022 |
6.0.3-beta.5 | 146 | 1/17/2022 |
6.0.3-beta.4 | 150 | 1/16/2022 |
6.0.3-beta.3 | 145 | 1/14/2022 |
6.0.3-beta.2 | 152 | 1/13/2022 |
6.0.3-beta.1 | 159 | 1/11/2022 |
6.0.2 | 343 | 1/6/2022 |
6.0.1 | 1,067 | 12/3/2021 |
3.1.11 | 474 | 11/19/2021 |
3.1.10 | 1,900 | 7/29/2021 |
3.1.9 | 1,695 | 7/1/2021 |
3.1.8 | 1,686 | 12/15/2020 |
3.1.6 | 1,825 | 9/16/2020 |
3.1.5 | 1,731 | 9/8/2020 |
3.1.0 | 1,880 | 6/30/2020 |