Verifying the authenticity of a message
Add a filter to the project in which MVC controller is located, overriding it in the filter
public override void OnActionExecuting (ActionExecutingContext filtercontext) method
New data Model
Note: When the server receives the message, it is no longer signature but msg_signature
Example of an HTTP request message that a micro-server pushes messages to a server
Post/cgi-bin/wxpush? msg_signature=477715d11cdb4164915debcba66cb864d751f3e6×tamp=1409659813&nonce=1372623149 HTTP/1.1
Host:qy.weixin.qq.com
Method overrides to implement validation of the message
Call the method of authentication when the micro-letter access, but the parameters need to change a little bit, using the new data model
Add filter properties on the action method or on Controller
code example
Model
<summary>
///Micro-credit Push message model
///</summary> public
class Wechatmsgrequestmodel
{
public string Timestamp {get; set;}
public string Nonce {get; set;}
public string Msg_signature {get; set;}
}
Filter
public class Wechatrequestvalidattribute:actionfilterattribute {Private Const string Token = "Stupidme"; public override void OnActionExecuting (ActionExecutingContext filtercontext) {//Parameter fit Model.FormatModel.We Chatmsgrequestmodel model = new Model.FormatModel.WeChatMsgRequestModel () {nonce= filtercontext.httpcontext.request.querystring["Nonce"],msg_signature= filtercontext.httpcontext.request.querystring["Msg_signature"],timestamp=
filtercontext.httpcontext.request.querystring["timestamp"]}; Verify if (checksignature (model)) {base.
OnActionExecuting (Filtercontext); } private bool Checksignature (Model.FormatModel.WeChatMsgRequestModel Model) {string signature
, timestamp, nonce, tempstr;
Gets the requested parameter signature = Model.msg_signature;
timestamp = Model.timestamp;
Nonce = model.nonce; Creates an array that adds Token, timestamp, nonce three parameters to the array string[] array = {Token, timestamp, nonce};
To sort Array.Sort (Array);
Stitching as a string tempstr = String.Join ("", array); SHA1 the string to encrypt tempstr = FormsAuthentication.HashPasswordForStoringInConfigFile (TempStr, "SHA1").
ToLower ();
Determine if signature is correct if (tempstr.equals (signature)) {return true;
else {return false;
}
}
}
Controller Code
///<summary>///Log assistant///</summary> private static Common.lo
Ghelper logger = new Common.loghelper (typeof (HomeController)); [Filters.wechatrequestvalid] public void Valid (Model.FormatModel.WeChatMsgRequestModel Model) {if (Modelsta Te. IsValid) {try {///judge whether it is a POST request if (HttpContext.Request.HttpMethod.ToUpper () = "
POST ") {//Gets the request information from the requested data stream using (Stream stream = HttpContext.Request.InputStream) {byte[] postbytes = new Byte[stream.
Length]; Stream. Read (postbytes, 0, (int) stream.
Length);
String poststring = System.Text.Encoding.UTF8.GetString (postbytes);
Handle (Poststring,model); The catch (Exception ex) {logger. Error ("exception occurred, exception info:" + ex.) Message + ex.
StackTrace); }
}
}
The above is the entire contents of this article, I hope you can enjoy.