Home  >  Article  >  Backend Development  >  .NET adds timestamp to prevent replay attacks

.NET adds timestamp to prevent replay attacks

黄舟
黄舟Original
2017-02-22 10:34:062285browse

If the client makes a request to the server interface, if the request information is encrypted and the request package is intercepted by a third party, although the third party cannot decrypt and obtain the data, it can use the request package for repeated processing. Request action. If the server does not prevent replay attacks, the pressure on the server will increase and the data will be disordered. This problem can be solved by adding a timestamp.

private readonly string TimeStamp = ConfigurationManager.AppSettings["TimeStamp"];//配置时间戳
    [HttpPost]
    public ActionResult TestApi()
    {
        string RequestTime = Request["rtime"]; //请求时间经过RSA签名
        try
        {
          //请求时间RSA解密后加上时间戳的时间即该请求的有效时间
          DateTime Requestdt = DateTime.Parse(RSACryptoProvider.Decrypt(RequestTime, RSA_Keys.Private)).AddMinutes(int.Parse(TimeStamp)); 
          DateTime Newdt = DateTime.Now; //服务器接收请求的当前时间
          //if 请求的有效时间 < 现在服务器接受请求的时间 即该请求失效
          if (Requestdt < Newdt)
          {
            return Json(new { success = false, message = "该请求已经失效" });
          }
          else
          {
      //进行其他操作
      }
        }
        catch (Exception ex)
        {
          return Json(new { success = false, message = "请求参数不和要求" });
        }
    }



The above is the content of .NET adding timestamp to prevent replay attacks. For more related content, please pay attention to the PHP Chinese website (www .php.cn)!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn