SignedUrl 1.0.1
See the version list below for details.
dotnet add package SignedUrl --version 1.0.1
NuGet\Install-Package SignedUrl -Version 1.0.1
<PackageReference Include="SignedUrl" Version="1.0.1" />
paket add SignedUrl --version 1.0.1
#r "nuget: SignedUrl, 1.0.1"
// Install SignedUrl as a Cake Addin #addin nuget:?package=SignedUrl&version=1.0.1 // Install SignedUrl as a Cake Tool #tool nuget:?package=SignedUrl&version=1.0.1
SignedUrl
A NuGet package that generates signed query strings.
Usage
Currently, only ASP.NET projects are supported. If you can't use it, you need to implement
ISignatureProtector
yourself.
The implementation MUST NOT return the bytes as is, as this would make your signature prone to brute force attacks.
Install two NuGet packages:
SignedUrl
andSignedUrl.AspNet
// use dependency injection
builder.Services.AddSingleton<ISignatureProtector, DataProtectionSignatureProtector>();
builder.Services.AddSingleton<IQuerySigner, DigestQuerySigner>();
Then consume the IQuerySigner
:
public class MyUrlService(IQuerySigner signer) {
public string GenerateSomeUrl() {
var query = new Dictionary<string, string?>
{
{ "time", CurrentUnixTimestamp().ToString() },
};
return "https://example.com/?" + signer.GenerateSignature(query);
}
}
The above class will generate a URL like this:
https://example.com/?time=1702855023&s=vJ89aMd%2bkkZaLamPOKuCgGAiuDDRqn7XtIdM%2bXpCYZw%3d
Observations:
- The dictionary containing a key
time
and a value of the current Unix timestamp is appended to the query string - The
s
parameter is the signature of the query string
And to verify the signature:
public class MyUrlService(IQuerySigner signer) {
// [...omitted for brevity...]
public bool VerifySomeUrl(string url) {
var query = HttpUtility.ParseQueryString(new Uri(url).Query);
return signer.VerifySignature(query);
}
}
Development
Pre-requisites
- .NET 8
Extensions
If you want to write extensions, you can use the SignedUrl.Abstractions
package, which contains the interfaces used
by the SignedUrl
implementations.
Testing
The project uses xUnit
for testing. To run the tests, run dotnet test
in the root directory.
Publishing
There are 3 NuGet packages that need to be published:
SignedUrl
SignedUrl.Abstractions
SignedUrl.AspNet
Make sure all the versions are the same. Then, run dotnet pack
in each project directory.
License
Licensed under MIT.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- SignedUrl.Abstractions (>= 1.0.1)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on SignedUrl:
Package | Downloads |
---|---|
SignedUrl.Extensions
Package Description |
GitHub repositories
This package is not used by any popular GitHub repositories.
1.0.1
-----
* Handle `FormatException`s and `ProtectorException`s in `DigestQuerySigner::ValidateSignature`
* Forward exceptions thrown in `DigestQuerySigner::GenerateSignature` as `SignatureGenerationException`s
1.0.0
-----
* Initial release