Can I validate HTTP request signature tokens and n

2019-05-26 01:45发布

问题:

I am setting up an end-point using ASP.NET MVC to which requests can be made to manipulate and retrieve data (basically, an API). I am using a 2-legged OAuth model to validate that requests be signed using a secret key and signing method as well as a nonce table to prevent hi-jacking.

Since Model Binding is so handy in ASP.NET MVC I am going to take advantage of it to consume requests, but I wonder if I can bake the signature verification and nonce/timestamp handling right into the model binder. Is this possible? That way I can just re-use the implementation on the various Actions that I create.

回答1:

I reckon you should be able to. Try this:

public class FooModelBinder : IModelBinder
    {
        public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
        {
            FooModel fooModel = bindingContext.Model as fooModel;
            if (fooModel != null)
            {
               // Do your verification stuff in here
               // Updating any properties of your Model.
               // Or you could retrieve something else entirely and return it if you like
               // Let's pretend we just want to verify the model and set some property or other.
               fooModel.NonceOkay = DoVerification(fooModel);
               fooModel.NextAction = WorkOutWhereToGoNext(fooModel);
               // or whatever
            }
            return fooModel;
        }
    }

DoVerification could live in your ModelBinder, but it might be better for it to live somewhere else.

Then stick this in Application_Start in your Global.asax:

ModelBinders.Binders.Add(typeof(Foo), new FooModelBinder());