/驗(yàn)證URL // @param sMsgSignature: 簽名串�����,對(duì)應(yīng)URL參數(shù)的msg_signature // @param sTimeStamp: 時(shí)間戳�����,對(duì)應(yīng)URL參數(shù)的timestamp // @param sNonce: 隨機(jī)串�,對(duì)應(yīng)URL參數(shù)的nonce // @param sEchoStr: 隨機(jī)串���,對(duì)應(yīng)URL參數(shù)的echostr // @param sReplyEchoStr: 解密之后的echostr,當(dāng)return返回0時(shí)有效 // @return:成功0����,失敗返回對(duì)應(yīng)的錯(cuò)誤碼
public int VerifyURL(string sMsgSignature, string sTimeStamp, string sNonce, string sEchoStr, ref string sReplyEchoStr)
{ int ret = 0; if (m_sEncodingAESKey.Length != 43)
{ return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_IllegalAesKey;
}
ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEchoStr, sMsgSignature); if (0 != ret)
{ return ret;
}
sReplyEchoStr = ""; string cpid = ""; try
{
sReplyEchoStr = Cryptography.AES_decrypt(sEchoStr, m_sEncodingAESKey, ref cpid); //m_sCorpID); } catch (Exception)
{
sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_DecryptAES_Error;
} if (cpid != m_sCorpID)
{
sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ValidateCorpid_Error;
} return 0;
}以上是一段微信逛網(wǎng)提供的多年校驗(yàn)URL代碼,單此代碼我在微信企業(yè)號(hào)中使用過(guò)���。目前由于公司需要做微信服務(wù)號(hào)使用時(shí)死活就報(bào)“簽名錯(cuò)誤-40001”.最后根據(jù)博客了解自己編寫(xiě)一個(gè)校驗(yàn)簡(jiǎn)單的方法。 #region 自己額外添加 /// <summary>
/// MD5 加密 /// </summary>
/// <param name="s"></param>
/// <returns></returns>
public static string Sha1(string s)
{ using (var sha1 = SHA1.Create())
{ var result = sha1.ComputeHash(Encoding.UTF8.GetBytes(s)); var strResult = BitConverter.ToString(result); return strResult.Replace("-", "").ToUpper();
}
} /// <summary>
/// 驗(yàn)證微信簽名 /// </summary>
/// <param name="token">token</param>
/// <param name="signature">簽名</param>
/// <param name="timestamp">時(shí)間戳</param>
/// <param name="nonce">隨機(jī)數(shù)</param>
/// <returns></returns>
public static bool WooCheckSignature(string token, string signature, string timestamp, string nonce)
{ string[] ArrTmp = { token, timestamp, nonce }; //字典排序 Array.Sort(ArrTmp); //拼接
string tmpStr = string.Join("", ArrTmp); //sha1驗(yàn)證
tmpStr = Sha1(tmpStr); //FormsAuthentication.HashPasswordForStoringInConfigFile(tmpStr, "SHA1"); //tmpStr = Membership.CreateUser(tmpStr, "SHA1");
tmpStr = tmpStr.ToLower(); if (tmpStr == signature)
{ return true;
} else
{ return false;
}
} #endregion 自己額外添加用以上方法就方法就可以了��。.net core 控制器使用 /// <summary>
///回調(diào)地址 /// </summary>
/// <returns></returns>
public IActionResult InitWxPort(string echoStr, string signature, string timestamp, string nonce)
{ var httpcontext = _accessor.HttpContext; if (httpcontext.Request.Method.ToLower().Equals("get"))
{ string token = Constant.CorpToken; //WeixinUtiliy weixin = new WeixinUtiliy();
if (WeixinUtiliy.WooCheckSignature(token, signature, timestamp, nonce))
{ return Content(echoStr);
} return Content("no as"); //return Content(weixin.Auth2(echoStr, signature, timestamp, nonce)); } else
{ return Ok();
}
} |
