ASP.NET Core使用自定义验证属性控制访问权限详解(2)

[AutoValidateAntiforgeryToken] //在本控制器内自动启用跨站攻击防护 [Route("api/get_accesstoken")] public class GetAccessTokenController : Controller { //尚未限制访问频率 //返回{"access_token":"ACCESS_TOKEN","expires_in":7200} 有效期2个小时 //错误时返回{"errcode":40013,"errmsg":"invalid appid"} [AllowAnonymous] public ActionResult<string> Get() { try { string tmpToken = string.Empty; string appID = HttpContext.Request.Headers["appid"]; string appKey = HttpContext.Request.Headers["appkey"]; if ((appID.Length < 5) || appKey.Length != 32) { return "{'errcode':10000,'errmsg':'appid或appkey未提供'}"; } //token采用im_cloud_sv001-appid-ticks数字 long timeTk = DateTime.Now.Ticks; //输出毫微秒：633603924670937500 //DateTime dt = new DateTime(timeTk);//可以还原时间 string plToken = "im_cloud1-" + appID + "-" + timeTk; tmpToken = OCrypto.AES16Encrypt(plToken, appKey); //使用APPKEY加密 tmpToken = System.Net.WebUtility.UrlEncode(tmpToken); //编码相应的Token(因其中可能会有+=等特殊字符,必须编码后传递) tmpToken = "{'access_token':'" + tmpToken + "','expires_in':7200}"; return tmpToken; } catch (Exception ex) { return "{'errcode':10001,'errmsg':'" + ex.Message +"'}"; } } } GetAccessTokenController.cs