Webapi server connected to app, webapi server app
Currently, mobile terminals are popular. This article mainly describes how to connect your (novice) Development and app to the server. Please correct the deficiencies
To connect to an app, a common site interface needs to be mapped to the Internet (that is, the external network can directly access this interface project). This requires the project data confidentiality and verification.
Currently, the following technologies are used in my interfaces:
1: Data Encryption/Decryption: Data Encryption/decryption is required during transmission to effectively protect data security (aes encryption and decryption built in. net framwork is used in my project)
2. Signature Verification: the app encrypts the data and places it in the header of the http request. The server obtains the data in the same irreversible encryption mode to obtain the ciphertext, match the ciphertext parsed by the app and the server (data can be protected to a certain extent)
3: Timestamp verification: the app adds timestamp data to the http request. The server obtains timestamp to verify the timestamp set by the app and the server to prevent replay attacks.
4: logon validity verification: A unique token verification code is generated during each logon and stored in the database. The token is returned to the APP. The app verifies that the token is out of date for each request, if the logon times out, log on again.
The above verification suggestions should be handled in a unified manner during project development.
1. decrypt and verify the parameters when the request data enters.
Method: The uniform decryption webapi project can inherit the MessageProcessingHandler class and rewrite the ProcessRequest and ProcessResponse methods.
Decrypt data in the ProcessRequest Method
Encrypt data in the ProcessResponse Method
2. data Verification inheritance class DelegatingHandler, and rewrite the SendAsync method for data verification. Generally, if the verification result passes, return base directly. sendAsync (request, token); that is, the final effect is to distribute the message to the corresponding interface for processing.
If the verification fails, you can directly return the information as follows:
/// <Summary>
/// Return the client error message
/// </Summary>
/// <Param name = "request"> http request </param>
/// <Param name = "needEncrypt"> whether to encrypt Response Information </param>
/// <Param name = "errorMessage"> error message </param>
/// <Returns>
/// Error message returned in asynchronous mode
/// </Returns>
Private Task <HttpResponseMessage> GenerateErrorResponse (HttpRequestMessage request,
Bool needEncrypt,
String errorMessage = "request parameter error ")
{
// Record the error request log
LogErrorRequest (request );
// Generate an Error Response Message
Var response = new HttpResponseMessage ();
Var error = JsonConvert. SerializeObject (new ApiResult () {Message = errorMessage });
Response. Content = new StringContent (error, Encoding. GetEncoding ("UTF-8"), "application/json ");
Response. StatusCode = System. Net. HttpStatusCode. OK;
If (needEncrypt)
Response. Content. Headers. Add ("toencrypt ","");
Return Task <HttpResponseMessage>. Factory. StartNew () => response );
}