|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Collections;
using System.Security.Cryptography;
namespace SecureUrl.Models
{
//The custom attribute to check the request coming from the site
public class IsPostedFromThisSiteAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
// we have to call the base authorization to verufy the passwords n all
if (filterContext.HttpContext != null)
{
if (filterContext.HttpContext.Request.UrlReferrer == null)
throw new System.Web.HttpException("Invalid submission");
/*Add code here to check the domain name the request come from*/
}
}
}
public static class SecureUrlToken
{
//This method accepts the partial path, starts from the controller and end with the parameters. Also It accepts a password
public static string generateUrlToken(string controllerName, string actionName, ArrayList argumentParams, string password)
{
string token = "";
//The salt can be defined global
string salt = "#testsalt";
//generating the partial url
string stringToToken = controllerName + "/" + actionName + "/";
foreach (string param in argumentParams)
{
stringToToken += "/" + param;
}
//Converting the salt in to a byte array
byte[] saltValueBytes = System.Text.Encoding.ASCII.GetBytes(salt);
//Encrypt the salt bytes with the password
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(password, saltValueBytes);
//get the key bytes from the above process
byte[] secretKey = key.GetBytes(16);
//generate the hash
HMACSHA1 tokenHash = new HMACSHA1(secretKey);
tokenHash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(stringToToken));
//convert the hash to a base64string
token = Convert.ToBase64String(tokenHash.Hash);
return token;
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
I am developer in .Net and GIS. albin_gis@yahoo.com