If the client is making a request to the server-side interface, if the request information is encrypted, it is intercepted by a third party to the request packet, although the third party cannot decrypt the obtained data, but can use the request package for repeated request operation. If the service side does not carry out anti-replay attacks, the parameter server pressure increases, the consequences of data disturbance. You can solve this problem by using the way you add timestamps.
The simple demo is as follows:
Private ReadOnly stringTimeStamp = configurationmanager.appsettings["TimeStamp"];//Configuring Timestamps[HttpPost] PublicActionResult Testapi () {stringRequestTime = request["Rtime"];//Request time passed RSA signature Try { //The time at which the request time RSA is decrypted, plus the timestamp, is the valid time of the requestDateTime Requestdt = DateTime.Parse (Rsacryptoprovider.decrypt (RequestTime, rsa_keys.private)). AddMinutes (int. Parse (TimeStamp)); DateTime NEWDT= DateTime.Now;//the current time the server received the request//The if request is valid < Now the server accepts the request at the time that the request is invalidated if(Requestdt <NEWDT) { returnJson (New{success =false, message ="the request has expired" }); } Else{//do other things } } Catch(Exception ex) {returnJson (New{success =false, message ="request parameters not and requirements" }); } }
. NET add timestamps to prevent replay attacks