Asp.net developed the WeChat public platform to verify the authenticity of the message, asp.net authenticity

Asp.net is a public platform developed to verify the authenticity of messages and asp.net

Verify message authenticity

Add a filter to the project where the MVC Controller is located and rewrite the filter.

Public override void OnActionExecuting (ActionExecutingContext filterContext) Method

Create a data model

Note: When the server receives a message, it is no longer signature but msg_signature.

Example of HTTP request message sent from the server to the server

POST/cgi-bin/wxpush? Msg_signature = 477715d11cdb4164915debcba66cb864d751f3e6 & timestamp = 1409659813 & nonce = 1372623149 HTTP/1.1

Host: qy.weixin.qq.com

Method rewriting to verify messages

The method used for access verification is called, but the parameter needs to be slightly changed. The new data model is used.

Add filter attributes on the Action method or Controller

Sample Code

Model

/// <Summary> /// push message model /// </summary> public class WeChatMsgRequestModel {public string timestamp {get; set;} public string nonce {get; set ;}public string msg_signature {get; set ;}}

Filter

Public class wechatrequestvalidattriattribute: ActionFilterAttribute {private const string Token = "StupidMe"; public override void OnActionExecuting (ActionExecutingContext filterContext) {// parameter Adaptation Model. formatModel. weChatMsgRequestModel model = new Model. formatModel. weChatMsgRequestModel () {nonce = filterContext. httpContext. request. queryString ["nonce"], msg_signature = filterContext. httpContext. request. queryString ["msg_signature"], timestamp = filterContext. httpContext. request. queryString ["timestamp"]}; // verify if (CheckSignature (model) {base. onActionExecuting (filterContext);} private bool CheckSignature (Model. formatModel. weChatMsgRequestModel model) {string signature, timestamp, nonce, tempStr; // obtain the request parameter signature = model. msg_signature; timestamp = model. timestamp; nonce = model. nonce; // create an array and add the Token, timestamp, and nonce parameters to the Array string [] array = {Token, timestamp, nonce}; // sort the Array. sort (array); // concatenate a String tempStr = String. join ("", array); // perform SHA1 encryption on the string tempStr = FormsAuthentication. hashPasswordForStoringInConfigFile (tempStr, "SHA1 "). toLower (); // judge whether signature is correct if (tempStr. equals (signature) {return true;} else {return false ;}}}

Controller Code

/// <Summary> /// log assistant /// </summary> private static Common. logHelper logger = new Common. logHelper (typeof (HomeController); [Filters. weChatRequestValid] public void Valid (Model. formatModel. weChatMsgRequestModel model) {if (ModelState. isValid) {try {// determine whether it is a POST request if (HttpContext. request. httpMethod. toUpper () = "POST") {// obtain the request information using (Stream stream = HttpContext. request. inputStream) {byte [] postBytes = new byte [stream. length]; stream. read (postBytes, 0, (int) stream. length); string postString = System. text. encoding. UTF8.GetString (postBytes); Handle (postString, model) ;}} catch (Exception ex) {logger. error ("exception occurred, exception information:" + ex. message + ex. stackTrace );}}}

The above is all the content of this article. I hope you will like it.