Sang.AspNetCore.SignAuthorization
1.1.0
dotnet add package Sang.AspNetCore.SignAuthorization --version 1.1.0
NuGet\Install-Package Sang.AspNetCore.SignAuthorization -Version 1.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Sang.AspNetCore.SignAuthorization" Version="1.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Sang.AspNetCore.SignAuthorization --version 1.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Sang.AspNetCore.SignAuthorization, 1.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Sang.AspNetCore.SignAuthorization as a Cake Addin
#addin nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.1.0
// Install Sang.AspNetCore.SignAuthorization as a Cake Tool
#tool nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
SignAuthorization
A simple API URL signature verification middleware to validate requests through straightforward URL parameters.
English | 简体中文
How It Works
- Sort the
token,timestamp, andnonceparameters in lexicographic order. - Concatenate the three parameters into a single string and encrypt it using SHA1.
- Developers can then compare the obtained encrypted string with the
signature.
Instructions
Step 1: Add the Package
Install-Package Sang.AspNetCore.SignAuthorization
or
dotnet add package Sang.AspNetCore.SignAuthorization
Step 2: Enable the Middleware
Enable this middleware before app.MapControllers();.
app.UseSignAuthorization(opt => {
opt.sToken = "your-api-token";
});
Step 3: Use SignAuthorizeAttribute
Add SignAuthorizeAttribute where signing is required.
Example:
app.MapGet("/weatherforecast", () =>
{
// your code
}).WithMetadata(new SignAuthorizeAttribute());
or:
[HttpGet]
[SignAuthorize]
public IEnumerable<WeatherForecast> Get()
{
// your code
}
Settings
SignAuthorizationOptions
| Parameter | Default Value | Description |
|---|---|---|
| UnauthorizedBack | {"success":false,"status":10000,"msg":"Unauthorized"} | JSON return content after validation failure |
| sToken | SignAuthorizationMiddleware | API token for signing |
| WithPath | false | Include the requested path in the signature, starting with '/' |
| Expire | 5 | Signature expiration time (unit: seconds) |
| nTimeStamp | timestamp | GET parameter name for timestamp |
| nNonce | nonce | GET parameter name for the random number |
| nSign | signature | GET parameter name for the signature |
| nExtra | Extra GET parameter name | |
| UseHeader | false | Use the header to pass the signature |
Examples
PHP Example
$sToken = "your-api-token";
$sReqTimeStamp = time();
$sReqNonce = getNonce();
$tmpArr = array($sToken, $sReqTimeStamp, $sReqNonce);
sort($tmpArr, SORT_STRING);
$sign = sha1(implode($tmpArr));
$url = "http://localhost:5177/weatherforecast?timestamp=$sReqTimeStamp&nonce=$sReqNonce&signature=$sign";
echo "$url\n";
echo file_get_contents($url);
function getNonce(){
$str = '1234567890abcdefghijklmnopqrstuvwxyz';
$t1='';
for($i=0;$i<30;$i++){
$j=rand(0,35);
$t1 .= $str[$j];
}
return $t1;
}
.Net Example
var unixTimestamp = DateTimeOffset.Now.ToUnixTimeSeconds();
var sNonce = Guid.NewGuid().ToString();
ArrayList AL = new ArrayList();
AL.Add("your-api-token");
AL.Add(unixTimestamp.ToString());
AL.Add(sNonce);
AL.Sort(StringComparer.Ordinal);
var raw = string.Join("", AL.ToArray());
using System.Security.Cryptography.SHA1 sha1 = System.Security.Cryptography.SHA1.Create();
byte[] encry = sha1.ComputeHash(Encoding.UTF8.GetBytes(raw));
string sign = string.Join("", encry.Select(b => string.Format("{0:x2}", b)).ToArray()).ToLower();
var client = new HttpClient();
string jsoninfo = await client.GetStringAsync($"http://localhost:5177/weatherforecast?timestamp={unixTimestamp}&nonce={sNonce}&signature={sign}");
Use MakeSignAuthorization
Make sign authorization string.
var unixTimestamp = DateTimeOffset.Now.ToUnixTimeSeconds().ToString();
var sNonce = Guid.NewGuid().ToString("N");
var sToken = "your-api-token";
var sPath = "/weatherforecast";
var sExtra = "1"; // extra parameter: extra=1
string sign = MakeSignAuthorization.MakeSign(sToken, unixTimestamp, sNonce, sPath, sExtra);
Make sign URL.
var url = MakeSignAuthorization.MakeSignUrl("http://localhost:5177", new SignAuthorizationOptions());
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net6.0
- No dependencies.
-
net7.0
- No dependencies.
-
net8.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.