If the client is making a request to the server-side interface, if the request information is encrypted, it is intercepted by a third party to the request packet, although the third party cannot decrypt the obtained data, but can use the request package for repeated request operation. If the service side does not carry out anti-replay attacks, the parameter server pressure increases, the consequences of data disturbance. You can solve this problem by using the way you add timestamps.
Private readonly String TimeStamp = configurationmanager.appsettings["TimeStamp"];//configuration timestamp [HttpPost] public ActionResult Testapi () { string requesttime = request["Rtime"];//Request time passed RSA signature try { // The time that the request time RSA is decrypted with a timestamp is the valid time for the request DateTime Requestdt = DateTime.Parse (Rsacryptoprovider.decrypt (RequestTime, Rsa_ keys.private)). AddMinutes (int. Parse (TimeStamp)); DateTime NEWDT = DateTime.Now; The server receives the requested current time//if the request is valid for the time < now the server accepts the request at the time that the request expires if (Requestdt < NEWDT) { return Json (new { Success = FALSE, message = "The request has expired"}); else { //other Actions } } catch (Exception ex) { return Json (New {success = False, message = "Request parameter not and requirement"}); } }
The above is. NET add timestamp to prevent replay attack content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!