The authenticity of the verification message of ASP.net development micro-credit public platform

This article mainly introduces the ASP.net development of micro-trust public platform for the authenticity of the verification message of the relevant information, the need for friends can refer to the

Verifying the authenticity of a message

Add a filter to the project in which MVC controller is located, overriding it in the filter

public override void OnActionExecuting (ActionExecutingContext filtercontext) method

New data Model

Note: When the server receives the message, it is no longer signature but msg_signature

Example of an HTTP request message that a micro-server pushes messages to a server

Post/cgi-bin/wxpush? msg_signature=477715d11cdb4164915debcba66cb864d751f3e6xtamp=1409659813&nonce=1372623149 HTTP/1.1

Host:qy.weixin.qq.com

Method overrides to implement validation of the message

Call the method of authentication when the micro-letter access, but the parameters need to change a little bit, using the new data model

Add filter properties on the action method or on Controller

code example

Model

?

1 2 3 4 5 6 7 8 9 10

<summary>///Micro-credit Push message model///</summary> public class Wechatmsgrequestmodel {public string timestamp {get; Set   public string Nonce {get; set;} public string Msg_signature {get; set;}}

Filter

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

public class Wechatrequestvalidattribute:actionfilterattribute {Private Const string Token = ' Stupidme ';   public override void OnActionExecuting (ActionExecutingContext filtercontext) {//parameter matching Model.FormatModel.WeChatMsgRequestModel model = new Model.FormatModel.WeChatMsgRequestModel () {nonce= filtercontext.httpcontext.request.querystring["Nonce"],msg_signature= filtercontext.httpcontext.request.querystring["Msg_signature"],timestamp= filtercontext.httpcontext.request.querystring["timestamp"]}; Verify if (checksignature (model)) {base. OnActionExecuting (Filtercontext); }   private bool Checksignature (Model.FormatModel.WeChatMsgRequestModel Model) {string signature, timestamp, nonc E, TempStr; Gets the requested parameter signature = Model.msg_signature; timestamp = Model.timestamp; Nonce = model.nonce; Creates an array that adds Token, timestamp, nonce three parameters to the array string[] array = {Token, timestamp, nonce}; To sort Array.Sort (Array); Stitching as a string tempstr = String.Join ("", array); SHA1 encryption of strings TEMPSTR = FormSauthentication.hashpasswordforstoringinconfigfile (TempStr, "SHA1"). ToLower (); Determine if signature is correct if (tempstr.equals (signature)) {return true;} else {return false;}} }

Controller Code

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30-31

<summary>///Log Assistant///</summary> private static Common.loghelper logger = new Common.loghelper (typeof (Hom   Econtroller)); [Filters.wechatrequestvalid] public void Valid (Model.FormatModel.WeChatMsgRequestModel Model) {if ( Modelstate.isvalid {try {///judge whether it is a POST request if (HttpContext.Request.HttpMethod.ToUpper () = "POST") {//Get request information from the requested data stream usin G (Stream stream = HttpContext.Request.InputStream) {byte[] postbytes = new Byte[stream. Length]; Stream. Read (postbytes, 0, (int) stream. Length); String poststring = System.Text.Encoding.UTF8.GetString (postbytes); Handle (Poststring,model); The catch (Exception ex) {logger. Error ("exception occurred, exception info:" + ex.) Message + ex. StackTrace); } } }

The above is the entire contents of this article, I hope you can enjoy.