stackoom
  简体   繁体   中英

C# .Net Core Web API Check CustomSignature

 原文  2022-02-10 10:47:28       c#/ custom-attributes

Question

I am new the API in general, let me give you the background of the API and what I want it to do.

I have a API have that are external facing and so every incoming request are required to check the signature from header. literality my code in every controller call are checking the signature and created many duplicated code.

my question is how can reduces those duplicated code? do I use Custom Attributes , or AuthorizeAttribute

here are some of the example code:

[Route("[controller]")]
[ApiController]
public class ExampleController : ControllerBase
{
  public async Task<Result> Call_1(Rquest request)
  {
    string signaturel;
    signature = Util.getHeaderSignature(request);

    if(unit.IsSinatureValid(signaturel, someVar1, someVar2))
    {
      (My logic)
    }
    else{ return "InvalidSinaturemessage" }
  }
  public async Task<Result> Call_2(Rquest request)
  {
    string signaturel;
    signature = Util.getHeaderSignature(request);

    if(unit.IsSinatureValid(signaturel, someVar1, someVar2))
    {
      (My logic)
    }
    else{ return "InvalidSinaturemessage" }
  }
}

above code is just for showing, the actual Sinature checking logic is around 20 lines of code on every single controller method.

2 answers

solution1
 0 ACCPTED  2022-02-10 11:05:20

Yes, you can do that using action filters. It's described in documentation

Put your code for checking into OnActionExecuting method. So, you can write Result in the action filter if the signature isn't valid.

In case you need specific result structure you can create your own ObjectResult :

public class ForbiddenObjectResult : ObjectResult
{
    public string Message { get; private set; }
    public ForbiddenObjectResult(object value, string message)
        : base(value)
    {
        StatusCode = StatusCodes.Status403Forbidden;
        Message = message;
    }
}

...
string signaturel;
signature = Util.getHeaderSignature(context.HttpContext.Request);

if(!unit.IsSinatureValid(signaturel, someVar1, someVar2))
{
    context.Result = new ForbiddenObjectResult(filterContext.ModelState, "InvalidSinaturemessage");
}

And to register it for all your endpoints(if needed):

services.AddControllersWithViews(options =>
{
    options.Filters.Add<YourActionFilter>();
});

solution2
 0  2022-02-10 11:09:12

You can use token based authentication or filter method. For reference

Token based authentication

Custom Filter

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# .net core web api post parameter always null C# .Net Core Web Api Azure Active Directory & Claims C# net core Odata web api json format exception Google authentication with C# ASP.NET Core Web API Identity in C# ASP.NET Core Web API user C# ASP.NET Core Web API include with where C# .net core WEB-API "proxy" file download Check file Permission in C# .NET Core C# Console application wont post large dataset to asp.net .net core 3.0 web api Call a SalesForce API from .NET Core Web API and deserialize the response in to a c# object?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM