Can I validate HTTP request signature tokens and nonces using Model Binding?
I am setting up an end-point using ASP.NET MVC to which requests can be made to manipulate and retri开发者_开发技巧eve data (basically, an API). I am using a 2-legged OAuth model to validate that requests be signed using a secret key and signing method as well as a nonce table to prevent hi-jacking.
Since Model Binding is so handy in ASP.NET MVC I am going to take advantage of it to consume requests, but I wonder if I can bake the signature verification and nonce/timestamp handling right into the model binder. Is this possible? That way I can just re-use the implementation on the various Actions that I create.
I reckon you should be able to. Try this:
public class FooModelBinder : IModelBinder
{
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
FooModel fooModel = bindingContext.Model as fooModel;
if (fooModel != null)
{
// Do your verification stuff in here
// Updating any properties of your Model.
// Or you could retrieve something else entirely and return it if you like
// Let's pretend we just want to verify the model and set some property or other.
fooModel.NonceOkay = DoVerification(fooModel);
fooModel.NextAction = WorkOutWhereToGoNext(fooModel);
// or whatever
}
return fooModel;
}
}
DoVerification
could live in your ModelBinder, but it might be better for it to live somewhere else.
Then stick this in Application_Start in your Global.asax:
ModelBinders.Binders.Add(typeof(Foo), new FooModelBinder());
精彩评论