一、
private static readonly IList<string> BaseParamKey = new List<string>() { "apiId", "timeStamp", "nonce_Str", "signature" };
[AcceptVerbs("POST", "GET")]
[RiskAssessApi]
public CommonAPIResult<Object> GetRiskAssess(dynamic model)
{
var res = new CommonAPIResult<Object>();
if (string.IsNullOrWhiteSpace(WebCommon.Public.GetAdminName()))
{
HttpContextBase context = (HttpContextBase)Request.Properties["MS_HttpContext"];
HttpRequestBase reques = context.Request;
var param = new NameValueCollection();
var method = context.Request.HttpMethod.ToUpperInvariant();
param = method.Equals("GET", StringComparison.OrdinalIgnoreCase) ? context.Request.QueryString : context.Request.Form;
if (!BuilderSigner(model.signature, BaseParamKey))
{
res.Message = "该用户不具备查询条件";
res.Code = 503;
res.Result = null;
return res;
}
}
else
{
int UserId = Tbl_AdminManager.GetTbl_AdminByName(WebCommon.Public.GetAdminName()).ID;
var ApiKeyInfo = Tbl_ApiUserManager.GetTbl_ApiUserAll().Where(x => x.AdminId == UserId).SingleOrDefault();
if (string.IsNullOrWhiteSpace(ApiKeyInfo.ApiId)) {
res.Message = "该用户不具备查询条件";
res.Code = 503;
res.Result = null;
return res;
}
}
Generator.GetRiskAssess(model);
return res;
}
public bool BuilderSigner(string sign,IList<string> param)
{
//按key升序排序的待签名字符串
var str = new StringBuilder();
foreach (var key in param.OrderBy(x => x))
{
if (key.Equals("signature", StringComparison.OrdinalIgnoreCase))
{
continue;
}
str.AppendFormat("{0}={1}&", key, HttpUtility.UrlEncode(key));
}
//str.AppendFormat("apikey={0}", apiUserModel.ApiKey);
var calSignature = Public.MD5Str(str.ToString());
if (!calSignature.Equals(sign, StringComparison.OrdinalIgnoreCase))
return false;//
else
return true;
}