一、
private static readonly IList<string> BaseParamKey = new List<string>() { "apiId", "timeStamp", "nonce\_Str", "signature" };
\[AcceptVerbs("POST", "GET")\]
\[RiskAssessApi\]
public CommonAPIResult<Object> GetRiskAssess(dynamic model)
{
var res = new CommonAPIResult<Object>();
if (string.IsNullOrWhiteSpace(WebCommon.Public.GetAdminName()))
{
HttpContextBase context = (HttpContextBase)Request.Properties\["MS\_HttpContext"\];
HttpRequestBase reques = context.Request;
var param = new NameValueCollection();
var method = context.Request.HttpMethod.ToUpperInvariant();
param = method.Equals("GET", StringComparison.OrdinalIgnoreCase) ? context.Request.QueryString : context.Request.Form;
if (!BuilderSigner(model.signature, BaseParamKey))
{
res.Message = "该用户不具备查询条件";
res.Code = 503;
res.Result = null;
return res;
}
}
else
{
int UserId = Tbl\_AdminManager.GetTbl\_AdminByName(WebCommon.Public.GetAdminName()).ID;
var ApiKeyInfo = Tbl\_ApiUserManager.GetTbl\_ApiUserAll().Where(x => x.AdminId == UserId).SingleOrDefault();
if (string.IsNullOrWhiteSpace(ApiKeyInfo.ApiId)) {
res.Message = "该用户不具备查询条件";
res.Code = 503;
res.Result = null;
return res;
}
}
Generator.GetRiskAssess(model);
return res;
}
public bool BuilderSigner(string sign,IList<string> param)
{
//按key升序排序的待签名字符串
var str = new StringBuilder();
foreach (var key in param.OrderBy(x => x))
{
if (key.Equals("signature", StringComparison.OrdinalIgnoreCase))
{
continue;
}
str.AppendFormat("{0}={1}&", key, HttpUtility.UrlEncode(key));
}
//str.AppendFormat("apikey={0}", apiUserModel.ApiKey);
var calSignature = Public.MD5Str(str.ToString());
if (!calSignature.Equals(sign, StringComparison.OrdinalIgnoreCase))
return false;//
else
return true;
}
手机扫一扫
移动阅读更方便
你可能感兴趣的文章