Sang.AspNetCore.SignAuthorization 1.1.0

dotnet add package Sang.AspNetCore.SignAuthorization --version 1.1.0                
NuGet\Install-Package Sang.AspNetCore.SignAuthorization -Version 1.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Sang.AspNetCore.SignAuthorization" Version="1.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Sang.AspNetCore.SignAuthorization --version 1.1.0                
#r "nuget: Sang.AspNetCore.SignAuthorization, 1.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Sang.AspNetCore.SignAuthorization as a Cake Addin
#addin nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.1.0

// Install Sang.AspNetCore.SignAuthorization as a Cake Tool
#tool nuget:?package=Sang.AspNetCore.SignAuthorization&version=1.1.0                

SignAuthorization

NuGet version (Sang.AspNetCore.SignAuthorization)

A simple API URL signature verification middleware to validate requests through straightforward URL parameters.

English | 简体中文

How It Works

  1. Sort the token, timestamp, and nonce parameters in lexicographic order.
  2. Concatenate the three parameters into a single string and encrypt it using SHA1.
  3. Developers can then compare the obtained encrypted string with the signature.

Instructions

Step 1: Add the Package

Install-Package Sang.AspNetCore.SignAuthorization

or

dotnet add package Sang.AspNetCore.SignAuthorization

Step 2: Enable the Middleware

Enable this middleware before app.MapControllers();.

app.UseSignAuthorization(opt => {
    opt.sToken = "your-api-token";
});

Step 3: Use SignAuthorizeAttribute

Add SignAuthorizeAttribute where signing is required.

Example:

app.MapGet("/weatherforecast", () =>
{
    // your code
}).WithMetadata(new SignAuthorizeAttribute());

or:

[HttpGet]
[SignAuthorize]
public IEnumerable<WeatherForecast> Get()
{
    // your code
}

Settings

SignAuthorizationOptions

Parameter Default Value Description
UnauthorizedBack {"success":false,"status":10000,"msg":"Unauthorized"} JSON return content after validation failure
sToken SignAuthorizationMiddleware API token for signing
WithPath false Include the requested path in the signature, starting with '/'
Expire 5 Signature expiration time (unit: seconds)
nTimeStamp timestamp GET parameter name for timestamp
nNonce nonce GET parameter name for the random number
nSign signature GET parameter name for the signature
nExtra Extra GET parameter name
UseHeader false Use the header to pass the signature

Examples

PHP Example

$sToken = "your-api-token";
$sReqTimeStamp = time();
$sReqNonce = getNonce();
$tmpArr = array($sToken, $sReqTimeStamp, $sReqNonce);
sort($tmpArr, SORT_STRING);
$sign = sha1(implode($tmpArr));
$url = "http://localhost:5177/weatherforecast?timestamp=$sReqTimeStamp&nonce=$sReqNonce&signature=$sign";
echo "$url\n";
echo file_get_contents($url);

function getNonce(){
    $str = '1234567890abcdefghijklmnopqrstuvwxyz';
    $t1='';
    for($i=0;$i<30;$i++){
        $j=rand(0,35);
        $t1 .= $str[$j];
    }
    return $t1;
}

.Net Example

var unixTimestamp = DateTimeOffset.Now.ToUnixTimeSeconds();
var sNonce = Guid.NewGuid().ToString();

ArrayList AL = new ArrayList();
AL.Add("your-api-token");
AL.Add(unixTimestamp.ToString());
AL.Add(sNonce);
AL.Sort(StringComparer.Ordinal);

var raw = string.Join("", AL.ToArray());
using System.Security.Cryptography.SHA1 sha1 = System.Security.Cryptography.SHA1.Create();
byte[] encry = sha1.ComputeHash(Encoding.UTF8.GetBytes(raw));
string sign = string.Join("", encry.Select(b => string.Format("{0:x2}", b)).ToArray()).ToLower();

var client = new HttpClient();
string jsoninfo = await client.GetStringAsync($"http://localhost:5177/weatherforecast?timestamp={unixTimestamp}&nonce={sNonce}&signature={sign}");

Use MakeSignAuthorization

Make sign authorization string.

var unixTimestamp = DateTimeOffset.Now.ToUnixTimeSeconds().ToString();
var sNonce = Guid.NewGuid().ToString("N");
var sToken = "your-api-token";
var sPath = "/weatherforecast";
var sExtra = "1"; // extra parameter: extra=1
string sign = MakeSignAuthorization.MakeSign(sToken, unixTimestamp, sNonce, sPath, sExtra);

Make sign URL.

var url = MakeSignAuthorization.MakeSignUrl("http://localhost:5177",  new SignAuthorizationOptions());
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
  • net6.0

    • No dependencies.
  • net7.0

    • No dependencies.
  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.1.0 138 4/26/2024
1.0.6 149 1/20/2024
1.0.5 220 11/15/2023
1.0.4 138 10/31/2023
1.0.2 216 8/29/2022
1.0.1 207 8/29/2022
1.0.0 206 8/29/2022