我可以验证使用模型绑定的HTTP请求签名令牌和随机数? [英] Can I validate HTTP request signature tokens and nonces using Model Binding?
问题描述
我设立使用可制成的ASP.NET MVC到哪些请求来操纵和检索数据(基本上,一个API)终点。我使用的是两方模式OAuth模型来验证请求签名使用密钥和签名方法,以及一个随机数表,以prevent喜顶进。
I am setting up an end-point using ASP.NET MVC to which requests can be made to manipulate and retrieve data (basically, an API). I am using a 2-legged OAuth model to validate that requests be signed using a secret key and signing method as well as a nonce table to prevent hi-jacking.
由于模型绑定是ASP.NET MVC那么得心应手,我要利用它消耗的要求,但我不知道我是否可以烤签名验证和随机数/时间戳处理直接进入模型绑定。这可能吗?这样,我就可以重新使用上,我创造的各种行动的执行情况。
Since Model Binding is so handy in ASP.NET MVC I am going to take advantage of it to consume requests, but I wonder if I can bake the signature verification and nonce/timestamp handling right into the model binder. Is this possible? That way I can just re-use the implementation on the various Actions that I create.
推荐答案
我想你应该可以。试试这个:
I reckon you should be able to. Try this:
public class FooModelBinder : IModelBinder
{
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
FooModel fooModel = bindingContext.Model as fooModel;
if (fooModel != null)
{
// Do your verification stuff in here
// Updating any properties of your Model.
// Or you could retrieve something else entirely and return it if you like
// Let's pretend we just want to verify the model and set some property or other.
fooModel.NonceOkay = DoVerification(fooModel);
fooModel.NextAction = WorkOutWhereToGoNext(fooModel);
// or whatever
}
return fooModel;
}
}
DoVerification 可以住在你的ModelBinder的,但它可能会更好吧,住到别处。
DoVerification could live in your ModelBinder, but it might be better for it to live somewhere else.
然后在的Application_Start在Global.asax中坚持这样的:
Then stick this in Application_Start in your Global.asax:
ModelBinders.Binders.Add(typeof(Foo), new FooModelBinder());
这篇关于我可以验证使用模型绑定的HTTP请求签名令牌和随机数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
