VOOZH about

URL: https://www.nuget.org/packages/NetPro.Sign/

⇱ NuGet Gallery | NetPro.Sign 6.0.16



👁 Image
 NetPro.Sign 6.0.16 

dotnet add package NetPro.Sign --version 6.0.16
 
 
NuGet\Install-Package NetPro.Sign -Version 6.0.16
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="NetPro.Sign" Version="6.0.16" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="NetPro.Sign" Version="6.0.16" />
 


 Directory.Packages.props
 

 

 
<PackageReference Include="NetPro.Sign" />
 


 Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add NetPro.Sign --version 6.0.16
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: NetPro.Sign, 6.0.16"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package NetPro.Sign@6.0.16
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=NetPro.Sign&version=6.0.16
 


 Install as a Cake Addin
 

 

 
#tool nuget:?package=NetPro.Sign&version=6.0.16
 


 Install as a Cake Tool
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

接口签名

主要防范请求参数被篡改和增加爬虫难度,签名组件应该在所有中间件之前执行,以保证其他组件不影响签名的正常执行(签名组件如在拦截类型的缓存中间件等之后执行,会让大部分请求绕过签名直接请求成功)

接口签名使用

默认为url参数与body参数根据参数名升序排序合并成一个字符串再utf-8编码后进行摘要计算,得到的值转为16进制小写 例如http://localhost:5000/api/user?timestamp=111111&appid=knasdfnas&name=yuhun&age=17&sign=jasdfksnlfsmf98sdflmdf8 body:{"police":"noPo"}

签名规则:将query参数名和"body"升序排序后: HMACSHA256(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun&timestamp=111111,secret)

如果是md5,则在query参数末尾追加secret md5(body={"police":"noPo"}&appid=knasdfnas&age=17&name=yuhun&timestamp=111111+secret)

startup注入

public void ConfigureServices(IServiceCollection services)
{
 services.AddVerifySign(s =>
 {
 s.OperationFilter<VerifySignCustomer>();//VerifySignCustomer为自定义摘要与获取secret,如默认规则。则不需要OperationFilter
 });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
 application.Use(next => context =>
 { 
 //此设置用于其他地方读取Body https://stackoverflow.com/questions/31389781/read-request-body-twice
 context.Request.EnableBuffering();
 return next(context);
 });
}

自定义摘要算法

 public class VerifySignCustomer : IOperationFilter
 {
 private readonly IConfiguration _configuration;

 public VerifySignCustomer(IConfiguration configuration)
 {
 _configuration = configuration;
 }

 /// <summary>
 /// 根据appid获取secret
 /// </summary>
 /// <param name="appid"></param>
 /// <returns></returns>
 public string GetSignSecret(string appid)
 {
 var secret = "1111";//自定义通过appid获取对应的secret
 return secret;
 }

 /// <summary>
 /// 定义摘要算法
 /// </summary>
 /// <param name="message"></param>
 /// <param name="secret"></param>
 /// <returns></returns>
 public string GetSignhHash(string message, string secret)
 {
 return "5555555";//对message进行摘要,secret作为干扰项
 }
 }

appsetting.json

"VerifySignOption": {
"Enabled": true,//是否启用
"IsForce":true,//是否强制实名校验 ,false 签名错误只记录日志
"IsDebug": true,//是否调试,显示更多敏感信息action加特式签名,global则全局
"ExpireSeconds": 60,//时间戳过期时长,单位秒
"CommonParameters": { //公共参数名的定义
	"TimestampName": "timestamp",
	"AppIdName": "appid",
	"SignName": "sign"
},
"AppSecret": { //默认AK/SK
	"AppId":{
	 "你的appid1": "对应的secret1",
	 "你的appid2": "对应的secret2"
	} 
 }
}

Attribute模式使用方式(废弃,签名只适合中间件方式)

  • 设置需签名的控制器或方法
 [Route("api/v1/[controller]")]
 [VerifySign]//此控制器将签名访问
 public class WeatherForecastController : ControllerBase

 ...


 [HttpPost]
 [Route("pay/create")]
 [ProducesResponseType(200)]
 [VerifySign]//此action将签名访问
 public IActionResult Get()

忽略签名(废弃,此特性在中间件中无效)

 [HttpPost]
 [Route("pay/create")]
 [ProducesResponseType(200)]
 [IgnoreSign]//此方法忽略签名
 public IActionResult Get()

生成签名

 /// <summary>
 /// 生成签名(签名公共参数必须以url方式提供,便于查看与快速调试) 
 /// </summary>
 /// <returns></returns>
 [HttpGet("createsign")]
 public IActionResult CreateSign()
 {
 object body=new { a = 1, b = "1" };
 var query = HttpUtility.ParseQueryString(string.Empty);
 query["appid"] = "111"; //必传 应用id 
 query["acount"] = "我是你+"; //必传;加密方法

 long timestamp=SignCommon.CreateTimestamp();
 query["timestamp"] = timestamp; //必传;时间戳 
 var sign = SignCommon.CreateSign("secret", queryDic: query, body: body);//如果为Get请求,Body参数为空即可
 query["sign"] =sign; //必传;加密方法
 //得到的queryDic便是完整url参数字典
 return Ok(sign);
 }
Product Versions Compatible and additional computed target framework versions.
.NET net5.0 net5.0 was computed.  net5.0-windows net5.0-windows was computed.  net6.0 net6.0 is compatible.  net6.0-android net6.0-android was computed.  net6.0-ios net6.0-ios was computed.  net6.0-maccatalyst net6.0-maccatalyst was computed.  net6.0-macos net6.0-macos was computed.  net6.0-tvos net6.0-tvos was computed.  net6.0-windows net6.0-windows was computed.  net7.0 net7.0 was computed.  net7.0-android net7.0-android was computed.  net7.0-ios net7.0-ios was computed.  net7.0-maccatalyst net7.0-maccatalyst was computed.  net7.0-macos net7.0-macos was computed.  net7.0-tvos net7.0-tvos was computed.  net7.0-windows net7.0-windows was computed.  net8.0 net8.0 was computed.  net8.0-android net8.0-android was computed.  net8.0-browser net8.0-browser was computed.  net8.0-ios net8.0-ios was computed.  net8.0-maccatalyst net8.0-maccatalyst was computed.  net8.0-macos net8.0-macos was computed.  net8.0-tvos net8.0-tvos was computed.  net8.0-windows net8.0-windows was computed.  net9.0 net9.0 was computed.  net9.0-android net9.0-android was computed.  net9.0-browser net9.0-browser was computed.  net9.0-ios net9.0-ios was computed.  net9.0-maccatalyst net9.0-maccatalyst was computed.  net9.0-macos net9.0-macos was computed.  net9.0-tvos net9.0-tvos was computed.  net9.0-windows net9.0-windows was computed.  net10.0 net10.0 was computed.  net10.0-android net10.0-android was computed.  net10.0-browser net10.0-browser was computed.  net10.0-ios net10.0-ios was computed.  net10.0-maccatalyst net10.0-maccatalyst was computed.  net10.0-macos net10.0-macos was computed.  net10.0-tvos net10.0-tvos was computed.  net10.0-windows net10.0-windows was computed. 
.NET Core netcoreapp3.1 netcoreapp3.1 is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on NetPro.Sign:

Package Downloads
NetPro.Web.Core

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
6.0.16 444 7/24/2023
6.0.15 684 7/19/2022
6.0.14 634 7/10/2022
6.0.13 636 6/15/2022
6.0.12 643 6/15/2022
6.0.11 602 6/15/2022
6.0.10 658 6/11/2022
6.0.9 650 6/8/2022
6.0.8 636 5/26/2022
6.0.8-beta.3 276 5/24/2022
6.0.8-beta.2 281 5/24/2022
6.0.7 670 5/18/2022
6.0.6 633 4/28/2022
6.0.5-beta.20 268 4/27/2022
6.0.5-beta.19 268 4/25/2022
6.0.5-beta.18 268 4/22/2022
6.0.5-beta.17 296 4/16/2022
6.0.5-beta.16 281 4/8/2022
6.0.5-beta.15 293 4/8/2022
6.0.5-beta.14 305 4/7/2022
Loading failed