GitHub demo https://github.com/zhanglilong23/Asp.NetCore.Demo
本项目使用中间件拦截请求数据,并对请求数据解密。 访问接口成功后拦截返回数据,然后将返回数据加密后返回。
其中log4net部分不再赘述(demo中有介绍)
将Post方法中Body中的数据进行AES解密
将返回数据进行AES加密
1:自定义中间件,并默认实现Invoke方法. 附带使用日志记录错误和访问时间等,写的比较糙。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
public class HttpContextMiddleware { private readonly RequestDelegate _next; private readonly ILogger _logger; /// <summary> /// 计时器 /// </summary> private Stopwatch _stopwatch; //加密解密key private readonly string securitykey = "0123456789abcdef"; /// <summary> /// 构造 Http 请求中间件 /// </summary> /// <param name="next"></param> /// <param name="loggerFactory"></param> /// <param name="cacheService"></param> public HttpContextMiddleware(RequestDelegate next, ILoggerFactory loggerFactory) { _next = next; _logger = loggerFactory.CreateLogger<HttpContextMiddleware>(); } /// <summary> /// 1:将Post方法中Body中的数据进行AES解密 /// 2:将返回数据进行AES加密 /// </summary> /// <param name="context"></param> /// <returns></returns> public async Task Invoke(HttpContext context) { context.Request.EnableBuffering(); _stopwatch = new Stopwatch(); _stopwatch.Start(); _logger.LogInformation($"Handling request: " + context.Request.Path); var api = new ApiRequestInputViewModel { HttpType = context.Request.Method, Query = context.Request.QueryString.Value, RequestUrl = context.Request.Path, RequestName = "", RequestIP = context.Request.Host.Value }; var request = context.Request.Body; var response = context.Response.Body; try { using (var newRequest = new MemoryStream()) { //替换request流 context.Request.Body = newRequest; using (var newResponse = new MemoryStream()) { //替换response流 context.Response.Body = newResponse; using (var reader = new StreamReader(request)) { //读取原始请求流的内容 api.Body = await reader.ReadToEndAsync(); if (string.IsNullOrEmpty(api.Body)) await _next.Invoke(context); //示例加密字符串,使用 AES-ECB-PKCS7 方式加密,密钥为:0123456789abcdef // 加密参数:{"value":"哈哈哈"} // 加密后数据: oedwSKGyfLX8ADtx2Z8k1Q7+pIoAkdqllaOngP4TvQ4= api.Body = SecurityHelper.AESDecrypt(api.Body, securitykey); } using (var writer = new StreamWriter(newRequest)) { await writer.WriteAsync(api.Body); await writer.FlushAsync(); newRequest.Position = 0; context.Request.Body = newRequest; await _next(context); } using (var reader = new StreamReader(newResponse)) { newResponse.Position = 0; api.ResponseBody = await reader.ReadToEndAsync(); if (!string.IsNullOrWhiteSpace(api.ResponseBody)) { api.ResponseBody = SecurityHelper.AESEncrypt(api.ResponseBody, securitykey); } } using (var writer = new StreamWriter(response)) { await writer.WriteAsync(api.ResponseBody); await writer.FlushAsync(); } } } } catch (Exception ex) { _logger.LogError($" http中间件发生错误: " + ex.ToString()); } finally { context.Request.Body = request; context.Response.Body = response; } // 响应完成时存入缓存 context.Response.OnCompleted(() => { _stopwatch.Stop(); api.ElapsedTime = _stopwatch.ElapsedMilliseconds; _logger.LogDebug($"RequestLog:{DateTime.Now.ToString("yyyyMMddHHmmssfff") + (new Random()).Next(0, 10000)}-{api.ElapsedTime}ms", $"{JsonConvert.SerializeObject(api)}"); return Task.CompletedTask; }); _logger.LogInformation($"Finished handling request.{_stopwatch.ElapsedMilliseconds}ms"); } } |
2:实现中间件扩展
|
1 2 3 4 5 6 7 |
public static class MiddlewareExtensions { public static IApplicationBuilder UseHttpContextMiddleware(this IApplicationBuilder builder) { return builder.UseMiddleware<HttpContextMiddleware>(); } } |
3:在Startup使用中间件
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
public void Configure(IApplicationBuilder app, IHostingEnvironment env,ILoggerFactory loggerFactory) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpContextMiddleware(); //引入自定义的HtppContextMiddleware中间件 loggerFactory.AddLog4Net(); //引入log4net app.UseHttpsRedirection(); app.UseMvc(); } |