微博公众平台(二)-- Token验证代码
Token,验证逻辑:
1、将Token、timestamp、nonce放入数组
2、将数组从小到大排列
3、将数组按顺序拼装成一个字符串
4、对生成的字符串进行SHA1加密
5、将密文转换为小写
6、将signature与最后生成的小写密文进行对比,如匹配则返回echostr
protected void Page_Load(object sender, EventArgs e) { string signature = Request["signature"]; string timestamp = Request["timestamp"]; string nonce = Request["nonce"]; string echostr = Request["echostr"]; string strSignature = GetSignature("Token", timestamp, nonce); if (strSignature == signature) { Response.Clear(); Response.Write(echostr); Response.End(); } else { Response.Clear(); Response.Write("Error"); Response.End(); } } string GetSignature(string token, string timestamp, string nonce) { string[] strs = new string[] { token, timestamp, nonce }; Array.Sort(strs); return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(String.Join("", strs), "SHA1").ToLower(); }