C # tutorial 2 of WeChat public account development series (new user access guide ),

C # public account development series tutorial 2 (New User Access Guide ),

Two blog posts have been updated before this series, both of which are preparations for development. Now, let's start with the question. This article describes the steps and methods for new-user access. You can skip this article, you are also welcome to speak out.

Directory

C # public account Development Series 1 (debugging environment deployment) C # public account Development Series 1 (debugging environment deployment continued: vs remote debugging)

C # public account development series tutorial 2 (new user access guide)

 

The working principle of the message interface on the public platform can be understood as follows: a process from the user end to the public account end is like this. The user sends the message to the server, the server posts the received message to the url entered during user access. In the url Processing Program, the server first checks the validity of the message, after the message body is determined, the message body content is matched accordingly. The principle is easy to understand and may be easier to understand if you have been connected to socket.

However, sometimes the documents are a bit confusing. The documents about access are not flattering. The first step in the official document is to apply for a message interface. here you need to enter a url to process the sent message, however, the configuration related to the url is written in step 2, and the newbie is thrown into the trap accidentally. I will explain it according to my understanding.

First, the server will send a get request to the url you entered during the access. This request carries four parameters, namely, signature (encrypted signature, signature combines the token parameter entered by the developer with the timestamp parameter and nonce parameter in the request .), Timestamp (timestamp), nonce (random number), echostr (random string). Use HttpContext. Current. Request. RawUrl to obtain the original url of the Current Request, as shown in:
The encryption/validation process is as follows:1. Perform the token, timestamp, and nonce parameters.Lexicographic OrderSort 2. splice the three parameter strings into one string for sha1 encryption 3. The developer can obtain the encrypted string and compare it with signature to identify the request source.

The following is code implementation.

First, in your processing program (I created a general processing program wx. ashx), determines the type of the current request, because the access is a GET request sent, and the message processing is a POST request sent. For example:

Here I encapsulate the url verification method.

/// <Summary> /// verify the url permission, access Server /// </summary> /// <param name = "token"> </param> /// <returns> </returns> public static bool ValidUrl (string token) {string echoStr = VqiRequest. getQueryString ("echoStr"); if (CheckSignature (token) {if (! String. isNullOrEmpty (echoStr) {Utils. responseWrite (echoStr); return true ;}} return false ;} /// <summary> /// verify the signature /// </summary> /// * sort the token, timestamp, and nonce parameters in Lexicographic Order. // * Set parameter strings are concatenated into one string for sha1 encryption // * The developer can obtain the encrypted string and compare it with signature, identifies the request source. /// <Returns> </returns> public static bool CheckSignature (string token) {string signature = VqiRequest. getQueryString ("signature"); string timestamp = VqiRequest. getQueryString ("timestamp"); string nonce = VqiRequest. getQueryString ("nonce"); string [] ArrTmp = {token, timestamp, nonce}; Array. sort (ArrTmp); // Sort string tmpStr = string in alphabetical order. join ("", ArrTmp); tmpStr = Utils. hashPasswordForStoringInConfigFile (tmpStr, "SHA1"); tmpStr = tmpStr. toLower (); if (tmpStr = signature) {return true;} else {return false ;}}

 

Note: The Code VqiRequest. GetQueryString is the method for encapsulating QueryString requests. You can change it to QueryString [""] when using it.

Handling process

/// <Summary> /// generate a hash password suitable for storing in the configuration file based on the specified password and hash algorithm. /// </summary> /// <param name = "str"> password for hash calculation </param> /// <param name = "type"> hash algorithm to be used </param> /// <returns> password after hash operation </returns> public static string HashPasswordForStoringInConfigFile (string str, string type) {return FormsAuthentication. hashPasswordForStoringInConfigFile (str, type);} public static void ResponseWrite (string str) {HttpContext. current. response. write (str); HttpContext. current. response. end ();}

 

After the processing program is compiled, deploy it to iis (refer to tutorial 1) and log on to the management backend Terminal. The Token can be entered by the developer as needed to generate a signature (the Token will be compared with the Token contained in the interface URL to verify security ). The EncodingAESKey is manually entered or randomly generated by the developer and will be used as the accesskey for message body encryption and decryption. In addition, developers can select the plaintext mode, compatibility mode, and security mode for message encryption and decryption. The Mode Selection and server configuration take effect immediately after submission. The default encryption/Decryption mode is plain text. The encryption/Decryption mode will be shared with you in later versions.
:
 
After clicking submit, the server sends the get request to the url written above. If the verification is successful, the binding is successful.
 
 
END
 
If you have any questions, join the group and communicate with each other. I need feedback and suggestions from some of your friends,
If you find this article helpful, click the recommendation below to help more partners understand the development process.
If you are a local tyrant and want to support the author to continue to update this series of tutorials, you can scan the following QR code for a reward. Your support is the motivation for the author to continue to update.