Asp.net development public platform for verifying the authenticity of messages
This article mainly introduces the information related to the asp.net development public platform to verify the authenticity of the message. If you need it, refer
Verify message authenticity
Add a filter to the project where the MVC Controller is located and rewrite the filter.
Public override void OnActionExecuting (ActionExecutingContext filterContext) Method
Create a data model
Note: When the server receives a message, it is no longer signature but msg_signature.
Example of HTTP request message sent from the server to the server
POST/cgi-bin/wxpush? Msg_signature = 477715d11cdb4164915debcba66cb864d751f3e6 × tamp = 1409659813 & nonce = 1372623149 HTTP/1.1
Host: qy.weixin.qq.com
Method rewriting to verify messages
The method used for access verification is called, but the parameter needs to be slightly changed. The new data model is used.
Add filter attributes on the Action method or Controller
Sample Code
Model
?
1 2 3 4 5 6 7 8 9 10 |
/// <Summary> /// Push message model /// </Summary> Public class WeChatMsgRequestModel { Public string timestamp {get; set ;} Public string nonce {get; set ;} Public string msg_signature {get; set ;} } |
Filter
?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
Public class wechatrequestvalidattriter: ActionFilterAttribute { Private const string Token = "StupidMe "; Public override void OnActionExecuting (ActionExecutingContext filterContext) { // Parameter adaptation Model. formatModel. weChatMsgRequestModel model = new Model. formatModel. weChatMsgRequestModel () {nonce = filterContext. httpContext. request. queryString ["nonce"], msg_signature = filterContext. httpContext. request. queryString ["msg_signature"], timestamp = filterContext. httpContext. request. queryString ["timestamp"]}; // Verify If (CheckSignature (model )) { Base. OnActionExecuting (filterContext ); } } Private bool CheckSignature (Model. FormatModel. WeChatMsgRequestModel model) { String signature, timestamp, nonce, tempStr; // Obtain the Request Parameters Signature = model. msg_signature; Timestamp = model. timestamp; Nonce = model. nonce; // Create an array and add the Token, timestamp, and nonce parameters to the array. String [] array = {Token, timestamp, nonce }; // Sort Array. Sort (array ); // Concatenate a string TempStr = String. Join ("", array ); // Encrypt the string using SHA1 TempStr = FormsAuthentication. HashPasswordForStoringInConfigFile (tempStr, "SHA1"). ToLower (); // Determine whether signature is correct If (tempStr. Equals (signature )) { Return true; } Else { Return false; } } } |
Controller Code
?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
/// <Summary> /// Log Assistant /// </Summary> Private static Common. LogHelper logger = new Common. LogHelper (typeof (HomeController )); [Filters. WeChatRequestValid] Public void Valid (Model. FormatModel. WeChatMsgRequestModel model) { If (ModelState. IsValid) { Try { // Determine whether the request is a POST request If (HttpContext. Request. HttpMethod. ToUpper () = "POST ") { // Obtain request information from the requested data stream Using (Stream stream = HttpContext. Request. InputStream) { Byte [] postBytes = new byte [stream. Length]; Stream. Read (postBytes, 0, (int) stream. Length ); String postString = System. Text. Encoding. UTF8.GetString (postBytes ); Handle (postString, model ); } } } Catch (Exception ex) { Logger. Error ("exception occurred, exception information:" + ex. Message + ex. StackTrace ); } } } |
The above is all the content of this article. I hope you will like it.