Add timestamp to prevent replay attacks and add timestamp Replay
If the client sends a request to the server interface and the request information is encrypted, the request packet is intercepted by a third party. Although the third party cannot decrypt and obtain the data, however, you can use this request packet to perform repeated request operations. If the server does not defend against replay attacks, the pressure on the parameter server increases and data disorder occurs. This problem can be solved by adding a timestamp.
1 private readonly string TimeStamp = ConfigurationManager. appSettings ["TimeStamp"]; // configure the TimeStamp 2 [HttpPost] 3 public ActionResult TestApi () 4 {5 string RequestTime = Request ["rtime"]; // request time after RSA signature 6 try 7 {8 // request time after RSA decryption plus the timestamp time is the validity time of the Request 9 DateTime Requestdt = DateTime. parse (RSACryptoProvider. decrypt (RequestTime, RSA_Keys.Private )). addMinutes (int. parse (TimeStamp); 10 DateTime Newdt = DateTime. now; // the current time when the server receives the request. 11 // The validity period of the if request. <The current time when the server accepts the request, that is, the request expires. 12 if (Requestdt <Newdt) 13 {14 return Json (new {success = false, message = "this request has expired "}); 15} 16 else17 {18 // perform other operations 19} 20} 21 catch (Exception ex) 22 {23 return Json (new {success = false, message = "Request Parameter not required"}); 24} 25}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
