在 ASP.NET Web API 项目中,我想加密所有响应中的所有实体 ID,并解密所有请求中的加密值。
(注意:我知道如何加密/解密数据,这不是我的问题。)
我认为如果我只使用自定义属性来装饰需要在响应/请求中加密/解密的属性,那就太好了。
这就是我喜欢的工作方式:
public class Person
{
[EncryptDecrypt]
public int PersonID {get; set;}
public string Name {get; set;}
public IEnumerable<Order> Orders {get; set;}
}
public class Order
{
[EncryptDecrypt]
public long OrderID {get; set;}
public string Title {get; set;}
public float Price {get; set;}
}
然后在 Web API 方法中:
// GET: api/persons/xhj$j78dPs (xhj$j78dPs is an encrypted PersonID)
public Person Get([EncryptDecrypt]int personId)
{
// Now, I expect personId to be a normal ID, like: 187356
Person person = _repository.GetPerson(personId);
return person;
}
上述 Web API 的期望响应是:
{
"personId": "xhj$j78dPs",
"name": "Joe Williams",
"orders": [
{
"orderId": "a#jd75mlzed0ihd",
"title": "Buying a new item",
"price": 19.99
}
]
}
这是另一个示例,这次是 PUT 动词的 Web API:
/* PUT Request body: */
{
"orderId": "a#jd75mlzed0ihd",
"title": "Buying a new item - edited",
"price": 13.00
}
相关Web API方法:
// PUT: api/persons/xhj$j78dPs/orders/ (xhj$j78dPs is an encrypted PersonID)
public void Put([EncryptDecrypt]int personId, Order editedOrder)
{
// I expect personId to be a normal ID, like: 187356
// I expect editedOrder.OrderID to be a normal ID, like: 10000089765
_repository.UpdateOrder(personId, editedOrder);
}
如何开发[EncryptDecrypt]属性?
[EncryptDecrypt] 实际上应该是 JsonConverter attribute ?或者我应该开发一个自定义Media Formatter或模型绑定(bind)器或值提供者或参数绑定(bind)器?我很困惑。
最佳答案
How can I develop the [EncryptDecrypt] attribute?
Is [EncryptDecrypt] should be actually a JsonConverter attribute? Or should I develop a custom Media Formatter or Model Binder or Value Provider or Parameter Binder? I am confused.
你需要两者都发展一点;定制JsonConverter用于(反)序列化 JSON 数据,以及自定义 ModelBinder用于将(加密的 int/long)值绑定(bind)到端点参数。
尝试这样的事情:
public class EncryptDecrypt : JsonConverter, IModelBinder
{
public override bool CanConvert(Type objectType)
{
return typeof(int).IsAssignableFrom(objectType) ||
typeof(long).IsAssignableFrom(objectType);
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
// Deserialize the provided value as string
// and decrypt it to its exprected int/long type
var value = serializer.Deserialize<string>(reader);
return Decrypt(value, objectType);
}
public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
{
// obviously Encrypt() should convert the int/ long value
// to its encrypted string representation.
var encrypted = Encrypt(value);
writer.WriteValue(encrypted);
}
public bool BindModel(HttpActionContext actionContext, ModelBindingContext bindingContext)
{
if (!CanConvert(bindingContext.ModelType)) return false;
var val = bindingContext.ValueProvider.GetValue(bindingContext.ModelName);
if (val == null) return false;
// bindingContext.ModelType should tell us whether the decrypted value
// is expected as an int/ long.
var decrypted = Decrypt(val.RawValue as string, bindingContext.ModelType);
if (decrypted != null)
{
bindingContext.Model = decrypted;
return true;
}
bindingContext.ModelState.AddModelError(bindingContext.ModelName, "Cannot convert value");
return false;
}
}
然后您可以像这样装饰模型:
public class Person
{
[JsonConverter(typeof(EncryptDecrypt))]
public int PersonID { get; set; }
public string Name { get; set; }
public IEnumerable<Order> Orders { get; set; }
}
public class Order
{
[JsonConverter(typeof(EncryptDecrypt))]
public long OrderID { get; set; }
public string Title { get; set; }
public float Price { get; set; }
}
对于Web API方法,你需要像这样装饰它:
public IHttpActionResult Get([ModelBinder(typeof(EncryptDecrypt))] int personId)
{
// Now, I expect personId to be a normal ID, like: 187356
Person person = _repository.GetPerson(personId);
return Json(person);
}
public void Put([ModelBinder(typeof(EncryptDecrypt))] int personId, Order editedOrder)
{
// I expect personId to be a normal ID, like: 187356
// I expect editedOrder.OrderID to be a normal ID, like: 10000089765
_repository.UpdateOrder(personId, editedOrder);
}
关于asp.net-mvc - ASP.NET Web API 中简单属性的自定义类型转换器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36361705/