Sang.AspNetCore.SignAuthorization 1.0.5

There is a newer version of this package available.
See the version list below for details.
dotnet add package Sang.AspNetCore.SignAuthorization --version 1.0.5                
NuGet\Install-Package Sang.AspNetCore.SignAuthorization -Version 1.0.5                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Sang.AspNetCore.SignAuthorization" Version="1.0.5" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Sang.AspNetCore.SignAuthorization --version 1.0.5                
#r "nuget: Sang.AspNetCore.SignAuthorization, 1.0.5"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Sang.AspNetCore.SignAuthorization as a Cake Addin
#addin nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.0.5

// Install Sang.AspNetCore.SignAuthorization as a Cake Tool
#tool nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.0.5                

SignAuthorization

NuGet version (Sang.AspNetCore.SignAuthorization)

简易的 API url 签名验证中间件,通过简单的url参数验证请求是否合法。

  1. 将token、timestamp、nonce三个参数进行字典序排序
  2. 将三个参数字符串拼接成一个字符串进行sha1加密
  3. 开发者获得加密后的字符串可与 signature 对比

<hr>

Simple API url signature verification middleware.Verify that the request is legitimate with a simple url parameter.

  1. Sort the three parameters of token, timestamp and nonce in lexicographic order
  2. Concatenate the three parameter strings into one string for sha1 encryption
  3. The developer obtains the encrypted string which can be compared with the signature

Instructions:

Step 1

Add this package.

Install-Package Sang.AspNetCore.SignAuthorization

or

dotnet add package Sang.AspNetCore.SignAuthorization
Step 2

Enable this middleware before app.MapControllers();.

app.MapControllers(); 前启用这个中间件。

app.UseSignAuthorization(opt => {
    opt.sToken = "you-api-token";
});
Step 3

Add SignAuthorizeAttribute where signing is required.

在需要签名的地方添加 SignAuthorizeAttribute

like this:

app.MapGet("/weatherforecast", () =>
{
    // your code
}).WithMetadata(new SignAuthorizeAttribute());

or:

[HttpGet]
[SignAuthorize]
public IEnumerable<WeatherForecast> Get()
{
    // your code
}

Setting

SignAuthorizationOptions

参数 default 说明
UnauthorizedBack {"success":false,"status":10000,"msg":"Unauthorized"} json return content after validation failure <br> 验证失败后的 json 返回
sToken SignAuthorizationMiddleware API token for sign <br> API签名使用的token
WithPath false Need to include the requested path when signing, starting with '/' <br> 签名时需要包含请求的路径,以 '/' 开头
Expire 5 Signature expiration time (unit: second) <br> 签名过期时间(单位:秒)
nTimeStamp timestamp GET parameter name for timestamp <br> 时间戳的GET参数名
nNonce nonce GET parameter name of random number <br> 随机数的GET参数名
nSign signature Sign GET parameter name <br> 签名的GET参数名

PHP example

$sToken = "you-api-token";
$sReqTimeStamp = time();
$sReqNonce = getNonce();
$tmpArr = array($sToken, $sReqTimeStamp, $sReqNonce);
sort($tmpArr, SORT_STRING);
$sign = sha1(implode($tmpArr));
$url = "http://localhost:5177/weatherforecast?timestamp=$sReqTimeStamp&nonce=$sReqNonce&signature=$sign";
echo "$url\n";
echo file_get_contents($url);

function getNonce(){
    $str = '1234567890abcdefghijklmnopqrstuvwxyz';
    $t1='';
    for($i=0;$i<30;$i++){
        $j=rand(0,35);
        $t1 .= $str[$j];
    }
    return $t1;
}

.Net example

var unixTimestamp = DateTimeOffset.Now.ToUnixTimeSeconds();
var sNonce = Guid.NewGuid().ToString();

ArrayList AL = new ArrayList();
AL.Add("you-api-token");
AL.Add(unixTimestamp.ToString());
AL.Add(sNonce);
AL.Sort(StringComparer.Ordinal);

var raw = string.Join("", AL.ToArray());
using System.Security.Cryptography.SHA1 sha1 = System.Security.Cryptography.SHA1.Create();
byte[] encry = sha1.ComputeHash(Encoding.UTF8.GetBytes(raw));
string sign = string.Join("", encry.Select(b => string.Format("{0:x2}", b)).ToArray()).ToLower();

var client = new HttpClient();
string jsoninfo = await client.GetStringAsync($"http://localhost:5177/weatherforecast?timestamp={unixTimestamp}&nonce={sNonce}&signature={sign}");
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
  • net6.0

    • No dependencies.
  • net7.0

    • No dependencies.
  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.1.0 126 4/26/2024
1.0.6 144 1/20/2024
1.0.5 215 11/15/2023
1.0.4 133 10/31/2023
1.0.2 209 8/29/2022
1.0.1 200 8/29/2022
1.0.0 198 8/29/2022