. NET add timestamps to prevent replay attacks

If the client is making a request to the server-side interface, if the request information is encrypted, it is intercepted by a third party to the request packet, although the third party cannot decrypt the obtained data, but can use the request package for repeated request operation. If the service side does not carry out anti-replay attacks, the parameter server pressure increases, the consequences of data disturbance. You can solve this problem by using the way you add timestamps.

Private readonly String TimeStamp = configurationmanager.appsettings["TimeStamp"];//configuration timestamp    [HttpPost] public    ActionResult Testapi ()    {        string requesttime = request["Rtime"];//Request time passed RSA signature        try        {          // The time that the request time RSA is decrypted with a timestamp is the valid time for the request          DateTime Requestdt = DateTime.Parse (Rsacryptoprovider.decrypt (RequestTime, Rsa_ keys.private)). AddMinutes (int. Parse (TimeStamp));           DateTime NEWDT = DateTime.Now; The server receives the requested current time//if the request is valid for the time          < now the server accepts the request at the time that the request expires          if (Requestdt < NEWDT)          {            return Json (new { Success = FALSE, message = "The request has expired"});          else          {      //other Actions      }        }        catch (Exception ex)        {          return Json (New {success = False, message = "Request parameter not and requirement"});        }    }

The above is. NET add timestamp to prevent replay attack content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!

