如何在授权期间在服务器上解密有效载荷并映射到Web API模型中

huangapple go评论63阅读模式
英文:

How to Decrypt the payload on server during authorization and map to model in web api

问题

I've been trying to follow this answer trying to decrypt the Encrypted payload during the Authorization before it gets model mapped to the controller.

From the client only the Payload will be encrypted and on the server side I'm trying to decrypt. Thing is the entire Response.content cannot be decrypted as only the payload needs to decrypted.

如何在授权期间在服务器上解密有效载荷并映射到Web API模型中

Inside the content we're receiving the payload in Result and when I'm trying to change that it is showing that it is read only and I couldn't see any other options. In the image above the result is not encrypted yet, I was testing to see if we can change that.

I've done it in another way where I'll be passing the entire encrypted string to the controller and then decrypting it and mapping to model inside the controller like this:

[Route("api/xxxxxx")]
[HttpPost]
public HttpResponseMessage PostTest(string encryptedValue)
{
    //creating an instance of class
    HttpResponseMessage response = new HttpResponseMessage();
    
    try
    {
       string decryptJson = AES.DecryptString(encryptedValue);
       Model list = JsonConvert.DeserializeObject<Model>(decryptJson);
       
       //rest of the operation


    }
    //to catch exceptions if any
    catch (Exception ex)
    {
        output.Success = false;
        output.Message = Literals.GetErrorMessage(ex.Message);
    }
    //creating response
    response = Request.CreateResponse(HttpStatusCode.OK, JObject.FromObject(output));

    //returning response
    return response;
}

This is working as expected but I'm trying if at all it's possible to do this at Authorization instead of doing it individually to every controller.

Any advice is appreciated.

英文:

I've been trying to follow this answer trying to decrypt the Encrypted payload during the Authorization before it gets model mapped to the controller.

From the client only the Payload will be encrypted and on the server side I'm trying to decrypt. Thing is the entire Response.content cannot be decrypted as only the payload needs to decrypted.

如何在授权期间在服务器上解密有效载荷并映射到Web API模型中

Inside the content we're receiving the payload in Result and when I'm trying to change that it is showing that it is read only and I couldn't see any other options. In the image above the result is not encrypted yet, I was testing to see if we can change that.

I've done it in another way where I'll be passing the entire encrypted string to the controller and then decrypting it and mapping to model inside the controller like this:

        [Route(&quot;api/xxxxxx&quot;)]
        [HttpPost]
        public HttpResponseMessage PostTest(string encryptedValue)
        {
            //creating an instance of class
            HttpResponseMessage response = new HttpResponseMessage();
            
            try
            {
               string decryptJson = AES.DecryptString(encryptedValue);
               Model list = JsonConvert.DeserializeObject&lt;Model&gt;(decryptJson);
               
               //rest of the operation


            }
            //to catch exceptions if any
            catch (Exception ex)
            {
                output.Success = false;
                output.Message = Literals.GetErrorMessage(ex.Message);
            }
            //creating response
            response = Request.CreateResponse(HttpStatusCode.OK, JObject.FromObject(output));

            //returning response
            return response;
        }

This is working as expected but I'm trying if at all it's possible to do this at Authorization instead of doing it individually to every controller.

Any advice is appreciated.

答案1

得分: 0

使用new StringContent()将解密后的字符串添加到Response.Content

public class LogAttribute : AuthorizeAttribute
{

    public override void OnAuthorization(HttpActionContext actionContext)
    {
        try
        {
           var responseContent = actionContext.Request.Content.ReadAsStringAsync();

            var result = responseContent.Result;

            var decryptedString = AESEncryptDecrypt.DecryptStringAES(result);

            actionContext.Request.Content = new StringContent(decryptedString, Encoding.UTF8, "application/json");

            var checkingDecryptedResponseContent = actionContext.Request.Content.ReadAsStringAsync();

        }
        catch (Exception ex)
        {
        }
    }
}

在更新新内容后,模型将自动映射到控制器:

[LogAttribute]
[Route("api/xxxxxx")]
[HttpPost]
public HttpResponseMessage PostTest(Model data)
{
    //创建类的实例
    HttpResponseMessage response = new HttpResponseMessage();

    try
    {

       //其余操作

    }
    //捕获异常(如果有)
    catch (Exception ex)
    {
        output.Success = false;
        output.Message = Literals.GetErrorMessage(ex.Message);
    }
    //创建响应
    response = Request.CreateResponse(HttpStatusCode.OK, JObject.FromObject(output));

    //返回响应
    return response;
}
英文:

Using new StringContent() to add the decrypted string to the Response.Content:

public class LogAttribute : AuthorizeAttribute
    {

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            try
            {
               var resoponseContent = actionContext.Request.Content.ReadAsStringAsync();

                var result = resoponseContent.Result;

                var decryptedString = AESEncryptDecrypt.DecryptStringAES(result);

                actionContext.Request.Content = new StringContent(decryptedString, Encoding.UTF8, &quot;application/json&quot;);

                var checkingDecryptedResponseContent = actionContext.Request.Content.ReadAsStringAsync();

            }
            catch (Exception ex)
            {
            }
        }
    }

After updating the new content the Model will be auto mapped to the controller.

        [LogAttribute]
        [Route(&quot;api/xxxxxx&quot;)]
        [HttpPost]
        public HttpResponseMessage PostTest(Model data)
        {
            //creating an instance of class
            HttpResponseMessage response = new HttpResponseMessage();
            
            try
            {
               
               //rest of the operation

            }
            //to catch exceptions if any
            catch (Exception ex)
            {
                output.Success = false;
                output.Message = Literals.GetErrorMessage(ex.Message);
            }
            //creating response
            response = Request.CreateResponse(HttpStatusCode.OK, JObject.FromObject(output));

            //returning response
            return response;
        }

huangapple
  • 本文由 发表于 2023年2月8日 15:21:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/75382493.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定