NetPro.Sign 6.0.16

dotnet add package NetPro.Sign --version 6.0.16                
NuGet\Install-Package NetPro.Sign -Version 6.0.16                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="NetPro.Sign" Version="6.0.16" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add NetPro.Sign --version 6.0.16                
#r "nuget: NetPro.Sign, 6.0.16"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install NetPro.Sign as a Cake Addin
#addin nuget:?package=NetPro.Sign&version=6.0.16

// Install NetPro.Sign as a Cake Tool
#tool nuget:?package=NetPro.Sign&version=6.0.16                

接口签名

主要防范请求参数被篡改和增加爬虫难度,签名组件应该在所有中间件之前执行,以保证其他组件不影响签名的正常执行(签名组件如在拦截类型的缓存中间件等之后执行,会让大部分请求绕过签名直接请求成功)

接口签名使用

默认为url参数与body参数根据参数名升序排序合并成一个字符串再utf-8编码后进行摘要计算,得到的值转为16进制小写 例如http://localhost:5000/api/user?timestamp=111111&appid=knasdfnas&name=yuhun&age=17&sign=jasdfksnlfsmf98sdflmdf8 body:{"police":"noPo"}

签名规则:将query参数名和"body"升序排序后: HMACSHA256(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun&timestamp=111111,secret)

如果是md5,则在query参数末尾追加secret md5(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun&timestamp=111111+secret)

startup注入

public void ConfigureServices(IServiceCollection services)
{
    services.AddVerifySign(s =>
            {
                s.OperationFilter<VerifySignCustomer>();//VerifySignCustomer为自定义摘要与获取secret,如默认规则。则不需要OperationFilter
            });
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
     application.Use(next => context =>
     {       
         //此设置用于其他地方读取Body https://stackoverflow.com/questions/31389781/read-request-body-twice
         context.Request.EnableBuffering();
         return next(context);
     });
}

自定义摘要算法

 public class VerifySignCustomer : IOperationFilter
    {
        private readonly IConfiguration _configuration;

        public VerifySignCustomer(IConfiguration configuration)
        {
            _configuration = configuration;
        }

        /// <summary>
        /// 根据appid获取secret
        /// </summary>
        /// <param name="appid"></param>
        /// <returns></returns>
        public string GetSignSecret(string appid)
        {
            var secret = "1111";//自定义通过appid获取对应的secret
            return secret;
        }

        /// <summary>
        /// 定义摘要算法
        /// </summary>
        /// <param name="message"></param>
        /// <param name="secret"></param>
        /// <returns></returns>
        public string GetSignhHash(string message, string secret)
        {
            return "5555555";//对message进行摘要,secret作为干扰项
        }
    }

appsetting.json

"VerifySignOption": {
"Enabled": true,//是否启用
"IsForce":true,//是否强制实名校验  ,false 签名错误只记录日志
"IsDebug": true,//是否调试,显示更多敏感信息action加特式签名,global则全局
"ExpireSeconds": 60,//时间戳过期时长,单位秒
"CommonParameters": { //公共参数名的定义
	"TimestampName": "timestamp",
	"AppIdName": "appid",
	"SignName": "sign"
},
"AppSecret": {  //默认AK/SK
	"AppId":{
	    "你的appid1": "对应的secret1",
	    "你的appid2": "对应的secret2"
	} 
    }
}

Attribute模式使用方式(废弃,签名只适合中间件方式)

  • 设置需签名的控制器或方法
    [Route("api/v1/[controller]")]
    [VerifySign]//此控制器将签名访问
    public class WeatherForecastController : ControllerBase

    ...


    [HttpPost]
    [Route("pay/create")]
    [ProducesResponseType(200)]
    [VerifySign]//此action将签名访问
    public IActionResult Get()

忽略签名(废弃,此特性在中间件中无效)

    [HttpPost]
    [Route("pay/create")]
    [ProducesResponseType(200)]
    [IgnoreSign]//此方法忽略签名
    public IActionResult Get()

生成签名

        /// <summary>
        /// 生成签名(签名公共参数必须以url方式提供,便于查看与快速调试) 
        /// </summary>
        /// <returns></returns>
        [HttpGet("createsign")]
        public IActionResult CreateSign()
        {
            object body=new { a = 1, b = "1" };
            var query = HttpUtility.ParseQueryString(string.Empty);
            query["appid"] = "111";       //必传 应用id    
            query["acount"] = "我是你+"; //必传;加密方法

            long timestamp=SignCommon.CreateTimestamp();
             query["timestamp"] = timestamp;    //必传;时间戳                     
            var sign = SignCommon.CreateSign("secret", queryDic: query, body: body);//如果为Get请求,Body参数为空即可
             query["sign"] =sign;    //必传;加密方法
            //得到的queryDic便是完整url参数字典
            return Ok(sign);
        }
Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.1 is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on NetPro.Sign:

Package Downloads
NetPro.Web.Core

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
6.0.16 239 7/24/2023
6.0.15 522 7/19/2022
6.0.14 468 7/10/2022
6.0.13 469 6/15/2022
6.0.12 469 6/15/2022
6.0.11 448 6/15/2022
6.0.10 467 6/11/2022
6.0.9 465 6/8/2022
6.0.8 465 5/26/2022
6.0.8-beta.3 130 5/24/2022
6.0.8-beta.2 127 5/24/2022
6.0.7 493 5/18/2022
6.0.6 460 4/28/2022
6.0.5 469 3/30/2022
6.0.5-beta.20 127 4/27/2022
6.0.5-beta.19 129 4/25/2022
6.0.5-beta.18 126 4/22/2022
6.0.5-beta.17 138 4/16/2022
6.0.5-beta.16 134 4/8/2022
6.0.5-beta.15 139 4/8/2022
6.0.5-beta.14 148 4/7/2022
6.0.5-beta.13 147 4/7/2022
6.0.5-beta.12 143 4/6/2022
6.0.5-beta.11 135 4/6/2022
6.0.5-beta.10 141 3/31/2022
6.0.5-beta.9 143 3/26/2022
6.0.5-beta.8 141 3/22/2022
6.0.5-beta.7 135 3/21/2022
6.0.5-beta.6 139 3/14/2022
6.0.5-beta.5 136 3/2/2022
6.0.5-beta.4 135 2/22/2022
6.0.5-beta.3 146 2/18/2022
6.0.5-beta.2 136 2/18/2022
6.0.5-beta.1 144 2/16/2022
6.0.4 501 2/10/2022
6.0.3 454 2/9/2022
6.0.3-beta.9 130 2/10/2022
6.0.3-beta.7 151 1/27/2022
6.0.3-beta.6 147 1/19/2022
6.0.3-beta.5 146 1/17/2022
6.0.3-beta.4 150 1/16/2022
6.0.3-beta.3 145 1/14/2022
6.0.3-beta.2 152 1/13/2022
6.0.3-beta.1 159 1/11/2022
6.0.2 343 1/6/2022
6.0.1 1,067 12/3/2021
3.1.11 474 11/19/2021
3.1.10 1,900 7/29/2021
3.1.9 1,695 7/1/2021
3.1.8 1,686 12/15/2020
3.1.6 1,825 9/16/2020
3.1.5 1,731 9/8/2020
3.1.0 1,880 6/30/2020