.NET adds timestamp to prevent replay attacks

黄舟
Release: 2017-02-22 10:34:06
Original
2283 people have browsed it

If the client makes a request to the server interface, if the request information is encrypted and the request package is intercepted by a third party, although the third party cannot decrypt and obtain the data, it can use the request package for repeated processing. Request action. If the server does not prevent replay attacks, the pressure on the server will increase and the data will be disordered. This problem can be solved by adding a timestamp.

private readonly string TimeStamp = ConfigurationManager.AppSettings["TimeStamp"];//配置时间戳
    [HttpPost]
    public ActionResult TestApi()
    {
        string RequestTime = Request["rtime"]; //请求时间经过RSA签名
        try
        {
          //请求时间RSA解密后加上时间戳的时间即该请求的有效时间
          DateTime Requestdt = DateTime.Parse(RSACryptoProvider.Decrypt(RequestTime, RSA_Keys.Private)).AddMinutes(int.Parse(TimeStamp)); 
          DateTime Newdt = DateTime.Now; //服务器接收请求的当前时间
          //if 请求的有效时间 < 现在服务器接受请求的时间 即该请求失效
          if (Requestdt < Newdt)
          {
            return Json(new { success = false, message = "该请求已经失效" });
          }
          else
          {
      //进行其他操作
      }
        }
        catch (Exception ex)
        {
          return Json(new { success = false, message = "请求参数不和要求" });
        }
    }
Copy after login



The above is the content of .NET adding timestamp to prevent replay attacks. For more related content, please pay attention to the PHP Chinese website (www .php.cn)!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template