在開發鷹眼軌跡控制台時,發現ak,sk都是暴露狀態。這樣非常不安全!
摘自提醒:管理台DEMO默認獲取service_id和AK的方式是通過解析URL,為了您的數據安全,強烈將他們隱藏在后端。
這里主要是要把ak和service_id參數在轉發請求時再加入到參數中,去請求真實路徑,然后把請求結構返回前台。
客戶端 -> 服務A -> 服務B ,然后再原路返回。轉發發生在服務A中。
如果區分不開轉發和重定向。可以 點擊這里理解 區別
此實例在開發鷹眼軌跡服務中運用,其他服務如需要請忽略callback 的影響。既
if (result.IndexOf("(") > -1)
{ result = result.Substring(result.IndexOf("(") + 1, result.LastIndexOf(")") - result.IndexOf("(") - 1);//取消相應時的不必要數據(callback說明) }
使用一般處理程序進行處理前台的請求,然后再轉發到前台傳入的參數url 去處理,請求方式同樣由前台傳入的參數agency_metbod
ah: 說明http: 還是 https: 如果傳入的url 已經帶上,則請刪除
eagleEyeHandler .ashx
/// <summary> /// eagleEyeHandler 的摘要說明 /// </summary> public class eagleEyeHandler : IHttpHandler { /// <summary> /// 處理開始 /// </summary> /// <param name="context"></param> public void ProcessRequest(HttpContext context) { string ak = "";//ak string service_id = "";//service_id var ah = "http:"; //轉發地址 var url = context.Request["url"]; var agency_metbod = context.Request["agency_metbod"]; var callback = context.Request["callback"]; var metbod = context.Request.HttpMethod.ToUpper(); if (metbod != "GET" && metbod != "POST") { return;/* 非合法請求 停止處理業務 */ } //參數裝載 Dictionary<string, string> id = new Dictionary<string, string>(); if (url == null) return;/*沒有傳輸請求路徑 停止處理業務*/ if (agency_metbod == null) agency_metbod = "GET"; //接到請求數據 代理轉發 一律接收跨域請求 ajax jsonp (只能get傳參) var sParams = string.Format("?ak={0}&service_id={1}&", ak, service_id); var QueryString = context.Request.QueryString; foreach (string item in QueryString.Keys) { /* callback說明 待定 是否要屏蔽callback參數 問題:如果相同的callback 並發足夠快 服務器應該會返回 [callback] && [callback] ( jsonData ) */ if (item == "url" || item == "metbod") { continue; }//屏蔽不需要的參數 減少傳輸量 //|| item == "callback" sParams += string.Format("{0}={1}&", item, context.Request[item].ToString()); } HttpWebResponse hr = null; if (agency_metbod == "GET") hr = HttpWebResponseUtility.CreateGetHttpResponse(ah + url + sParams, null, null, null);//GET else hr = HttpWebResponseUtility.CreatePostHttpResponse(ah + url, sParams, null, null, System.Text.Encoding.UTF8, null);//POST StreamReader sr = new StreamReader(hr.GetResponseStream()); var result = sr.ReadToEnd();//讀取所有數據 if (result.IndexOf("(") > -1) { result = result.Substring(result.IndexOf("(") + 1, result.LastIndexOf(")") - result.IndexOf("(") - 1);//取消相應時的不必要數據(callback說明) } sr.Close(); if (callback == null) context.Response.Write(result); else context.Response.Write(callback.ToString() + "(" + result + ")"); //LogWrite.AddUpdateLog("LOG", "http:" + url + sParams);//寫入日志 //LogWrite.AddUpdateLog("LOG", callback.ToString() + "(" + result + ")"); context.Response.End(); } public bool IsReusable { get { return false; } } }
HttpWebResponseUtility.cs
/// /// 有關HTTP請求的輔助類 /// public class HttpWebResponseUtility { private static readonly string DefaultUserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"; /// /// 創建GET方式的HTTP請求 /// /// public static HttpWebResponse CreateGetHttpResponse(string url, int? timeout, string userAgent, CookieCollection cookies) { if (string.IsNullOrEmpty(url)) { throw new ArgumentNullException("url"); } HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest; request.Method = "GET"; request.UserAgent = DefaultUserAgent; if (!string.IsNullOrEmpty(userAgent)) { request.UserAgent = userAgent; } if (timeout.HasValue) { request.Timeout = timeout.Value; } if (cookies != null) { request.CookieContainer = new CookieContainer(); request.CookieContainer.Add(cookies); } return request.GetResponse() as HttpWebResponse; } /// <summary> /// CreatePostHttpResponse 創建post請求 /// </summary> /// <param name="url">請求地址</param> /// <param name="parameters">請求參數</param> /// <param name="timeout">過期時間 可為空</param> /// <param name="userAgent">userAgent 可為空</param> /// <param name="requestEncoding">編碼格式</param> /// <param name="cookies">cookies</param> /// <returns></returns> public static HttpWebResponse CreatePostHttpResponse(string url, IDictionary parameters, int? timeout, string userAgent, Encoding requestEncoding, CookieCollection cookies) { if (string.IsNullOrEmpty(url)) { throw new ArgumentNullException("url"); } if (requestEncoding == null) { throw new ArgumentNullException("requestEncoding"); } HttpWebRequest request = null; //如果是發送HTTPS請求 if (url.StartsWith("https", StringComparison.OrdinalIgnoreCase)) { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult); request = WebRequest.Create(url) as HttpWebRequest; request.ProtocolVersion = HttpVersion.Version10; } else { request = WebRequest.Create(url) as HttpWebRequest; } request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; if (!string.IsNullOrEmpty(userAgent)) { request.UserAgent = userAgent; } else { request.UserAgent = DefaultUserAgent; } if (timeout.HasValue) { request.Timeout = timeout.Value; } if (cookies != null) { request.CookieContainer = new CookieContainer(); request.CookieContainer.Add(cookies); } //如果需要POST數據 if (!(parameters == null || parameters.Count == 0)) { StringBuilder buffer = new StringBuilder(); int i = 0; foreach (string key in parameters.Keys) { if (i > 0) { buffer.AppendFormat("&{0}={1}", key, parameters[key]); } else { buffer.AppendFormat("{0}={1}", key, parameters[key]); } i++; } byte[] data = requestEncoding.GetBytes(buffer.ToString()); using (Stream stream = request.GetRequestStream()) { stream.Write(data, 0, data.Length); } } return request.GetResponse() as HttpWebResponse; } /// <summary> /// CreatePostHttpResponse 創建post請求 /// </summary> /// <param name="url">請求地址</param> /// <param name="sParameters">請求參數 (?key=value&key1=value1...)</param> /// <param name="timeout">過期時間 可為空</param> /// <param name="userAgent">userAgent 可為空</param> /// <param name="requestEncoding">編碼格式</param> /// <param name="cookies">cookies</param> /// <returns></returns> public static HttpWebResponse CreatePostHttpResponse(string url, string sParameters, int? timeout, string userAgent, Encoding requestEncoding, CookieCollection cookies) { if (string.IsNullOrEmpty(url)) { throw new ArgumentNullException("url"); } if (requestEncoding == null) { throw new ArgumentNullException("requestEncoding"); } HttpWebRequest request = null; //如果是發送HTTPS請求 if (url.StartsWith("https", StringComparison.OrdinalIgnoreCase)) { ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult); request = WebRequest.Create(url) as HttpWebRequest; request.ProtocolVersion = HttpVersion.Version10; } else { request = WebRequest.Create(url) as HttpWebRequest; } request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; if (!string.IsNullOrEmpty(userAgent)) { request.UserAgent = userAgent; } else { request.UserAgent = DefaultUserAgent; } if (timeout.HasValue) { request.Timeout = timeout.Value; } if (cookies != null) { request.CookieContainer = new CookieContainer(); request.CookieContainer.Add(cookies); } //如果需要POST數據 if (sParameters != null && sParameters != "") { StringBuilder buffer = new StringBuilder(); buffer = buffer.Append(sParameters); byte[] data = requestEncoding.GetBytes(buffer.ToString()); using (Stream stream = request.GetRequestStream()) { stream.Write(data, 0, data.Length); } } return request.GetResponse() as HttpWebResponse; } private static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; //總是接受 } }