[Original] Summary of ASP. net webapi access to WeChat public platform, Token verification failure solution, webapitoken

[Original] Summary of ASP. net webapi access to the public platform, Token verification failure solution, webapitoken

First, let me say: shit!

This problem is not difficult, but there is too little information about ASP. net webapi on the Internet. PHP and so on.

I was inspired by reading a blog of a great god and made a little research.

Let's take a look!

 

1. The access method of the public platform is composed of four parameters (signature, timestamp, nonce, echostr) and one Token (corresponding to both sides)

2. After sorting the Token, timestamp, and nonce dictionaries, encrypt them according to the string "SHA1. Get a string tmpStr (converted to lowercase)

3. Check whether tmpStr is equal to signature. If so, the request is from.

4. confirm that the request is from, and a large step has been completed. The remaining one is to transfer the echostr parameter to the public platform. (This step took 3 or 4 hours)

 

PHP code is not mentioned. For example, there are also a lot of online materials. It is worth mentioning that the ASP. net mvc operation, let's go to the link: Senparc. Weixin. mp sdk public platform development tutorial Index

The following code is used to explain in detail how my ASP. NET WebAPI accesses the public platform.

1. Obtain four parameters. here we can see whether the Log can output the four parameters obtained.

/// Declare the Log global variable
Private static log4net. ILog Log = LogManager. GetLogger ("WeChatConnect ");
/// Declare Token public readonly string Token = "weixin"; // It is case sensitive and consistent with the Token settings in the background of the public account. /// Request Message [HttpGet] public HttpResponseMessage ConnWeChat (string signature, string timestamp, string nonce, string echostr) {try {Log. debug ("test output: echostr =" + echostr); Log. debug ("test output: nonce =" + nonce); Log. debug ("test output: timestamp =" + timestamp); Log. debug ("test output: signature =" + signature); string EchoStr = Valid (signature, timestamp, nonce, echostr); if (! String. IsNullOrEmpty (EchoStr) {Log. Debug ("Verification Successful! "); Return JsonTools. ToHttpMsgForWeChat (echostr);} else {Log. Debug (" Verification Failed! "); Return JsonTools. ToHttpMsgForWeChat (" Verification Failed! ") ;}} Catch (Exception ex) {Log. Error (" Log Test output: Exception! ", Ex); return JsonTools. ToHttpMsgForWeChat (ex. ToString ());}}

2. After sorting the Token, timestamp, and nonce dictionaries, encrypt them according to the string "SHA1. Get a string tmpStr (converted to lowercase ),

Check whether tmpStr is equal to signature. If it is equal, the request is from.

Private string Valid (string signature, string timestamp, string nonce, string echostr) {if (CheckSignature (signature, timestamp, nonce) {if (! String. isNullOrEmpty (echostr) {return echostr ;}} return "";} /// <summary> /// verify the signature /// </summary> /// * sort the token, timestamp, and nonce parameters in Lexicographic Order. // * Set parameter strings are concatenated into one string for sha1 encryption // * The developer can obtain the encrypted string and compare it with signature, identifies the request source. /// <Returns> </returns> private bool CheckSignature (string signature, string timestamp, string nonce) {string [] ArrTmp = {Token, timestamp, nonce}; Array. sort (ArrTmp); // Sort string tmpStr = string in alphabetical order. join ("", ArrTmp); tmpStr = FormsAuthentication. hashPasswordForStoringInConfigFile (tmpStr, "SHA1"); tmpStr = tmpStr. toLower (); if (tmpStr = signature) {return true;} else {return false ;}}

3. confirm that the request is from, and only the echostr parameter is transferred to the public platform.

// Let's take a look at the output method in the above Code: HttpResponseMessage public HttpResponseMessage ConnWeChat (string signature, string timestamp, string nonce, string echostr) // The output statement return JsonTools. toHttpMsgForWeChat (echostr); // return the string call method:

 public static HttpResponseMessage ToHttpMsgForWeChat(string strMsg) { HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(strMsg, Encoding.GetEncoding("UTF-8"), "application/x-www-form-urlencoded") }; return result; }

For more information, see echo $ echoStr of PHP and Response. Write (echoStr) of WebFrom.
The acceptance method determined by debugging is only accepted by "application/x-www-form-urlencoded". Therefore, I use HttpResponseMessage to specify the output method. The test is successful!

The access method provided by the experts on the internet is sufficient to study the access rules. I successfully deployed port 80 on the local machine and opened it to the Internet through the Ngrok tool, which is easier to debug. Thank you!

 

I wrote a technical blog for the first time in three years. I hope you will understand the shortcomings.

Focus on ASP. NET technology, and recently become addicted to ASP. NET WebAPI.

Personal website is being set up: http://Amoysec.com, ready to use bootstrap + knockoutjs + MVC + WebAPI + EF6.0 to do, of which knockoutjs is also a lot of understanding, although not as good as Uncle Tom of the blog Park, however, I found a lot about a chm document by myself. Welcome to join us!

 Reprinted please indicate the sourceThank you: http://www.cnblogs.com/mose/p/4136417.html