请求方
try
{
using (var client = new HttpClient())
{
StringContent content = new StringContent(strParam);//参数序列化后,放入StringContent
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");//设置type //放入head的名字可以随意设置(和接收方一直就可以),值需要单独生成,最主要就是auth_param
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("auth名称", auth_param);
var response = client.PostAsync(FlightQueryUrl, content).Result;
if (response.IsSuccessStatusCode)
{
string responseText = response.Content.ReadAsStringAsync().Result;
if (string.IsNullOrEmpty(responseText))
{
return null;
}
return responseText ;
}
return null;
}
}
catch (Exception ex)
{
return null;
}
auth_param的计算方式,需要和接收方的一致:
//认证key
private const string key = "认证key****#####$$$$$$@@@!!!!";
//认证秘钥
private const string secrect = "认证秘钥****#####$$$$$$@@@!!!!";
/// <summary>
/// 获取接口签名
/// </summary>
/// <param name="param">原始的请求参数</param>
/// <param name="url">请求地址</param>
/// <param name="requestId">请求Id,接入方自定义,最好用来区分每个请求</param>
/// <returns></returns>
public static string GetFlightSign(string param,string url,string requestId)
{
string timeStamp = GetTimeStamp();//获取时间戳
url = System.Web.HttpUtility.UrlEncode(url.ToLower());
/*
* {认证key}{原始请求参数}{调用方自定义requestId}{时间戳}{原始URL}{认证秘钥}(被调用方也是如此)
* 替换掉字符串中的换行与空格(被调用方也是如此)
*/
string source = $"{key}{param}{requestId}{timeStamp}{url}{secrect}".Replace(Environment.NewLine, string.Empty).Replace("\n", "").Replace(" ", "");
string hmac = GetMd5(source);
//auth_param 身份验证参数字符串
//{认证key}{}{调用方自定义requestId}{时间戳} 顺序需要更具被调用方设置
return $"{key}:{hmac}:{requestId}:{timeStamp}";
}
/// <summary>
/// 字符串编码
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
private static string GetMd5(string str)
{
if (string.IsNullOrEmpty(str))
return str;
var sb = new StringBuilder(32);
var md5 = MD5.Create();
var output = md5.ComputeHash(Encoding.UTF8.GetBytes(str));
for (int i = 0; i < output.Length; i++)
sb.Append(output[i].ToString("X").PadLeft(2, '0'));
return sb.ToString();
}
/// <summary>
/// 获取时间戳
/// </summary>
/// <returns></returns>
private static string GetTimeStamp()
{
var initTime = new DateTime(1970, 1, 1, 0, 0, 0, 0);
TimeSpan ts = DateTime.UtcNow - initTime;
return Convert.ToInt64(ts.TotalSeconds).ToString();
}
接收方
public class ReqAuthorizeAttribute:System.Web.Http.AuthorizeAttribute
{
/// <summary>
/// 进行验证
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization != null)
{
//获取请求的 认证信息
string info = (actionContext.Request.Headers.Authorization.Parameter).Decrypt(); //todo:采用上面的方式,再次进行获取,然后比较 //也可以再次做调用次数统计等
//判断认证信息是否正确
if (string.Equals(info, secret))
{
IsAuthorized(actionContext);
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
/// <summary>
/// 验证不通过 返回401
/// </summary>
/// <param name="actionContext"></param>
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var challengeMsg = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
challengeMsg.Headers.Add("WWW-Authenticate", "Basic");
throw new System.Web.Http.HttpResponseException(challengeMsg);
}
}