微信公众平台开发学习笔记1--验证服务器地址的有效性
1、首先,微信公众平台开发前期准备,需要注册一个微信公众平台账号。(参考微信公众平台)
2、注册完成后,会得到开发者ID,如下图:
3、修改服务器配置,如下图:
4、服务器配置完成后,点击提交,微信服务器将发送GET请求到填写的服务器地址URL上,GET请求携带四个参数:
| 参数 | 描述 |
|---|---|
| signature | 微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。 |
| timestamp | 时间戳 |
| nonce | 随机数 |
| echostr | 随机字符串 |
开发者通过检验signature对请求进行校验(下面有校验方式)。若确认此次GET请求来自微信服务器,请原样返回echostr参数内容,则接入生效,成为开发者成功,否则接入失败。(具体说明阅读微信开发者文档)
5、服务器代码部分:
Controller
/// <summary>
/// HttpGet请求
/// </summary>
/// <param name="signature">微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数</param>
/// <param name="timestamp">时间戳</param>
/// <param name="nonce">随机数</param>
/// <param name="echostr">随机字符串</param>
/// <returns></returns>
[HttpGet]
[ActionName("Index")]
public ActionResult Get(string signature, string timestamp, string nonce, string echostr)
{
string token = string.Empty;//公众平台上,开发者设置的Token;必须为英文或数字,长度为3-32字符
if (string.IsNullOrEmpty(token))
return Content("请在服务器设置Token!");
if (WeiXinBasic.CheckSignature(token, timestamp, nonce, signature) != 0)
return Content("参数设置错误!");
return Content(echostr);
}
Core
#region 验证signature是否合法
/// <summary>
/// 验证signature是否合法
/// </summary>
/// <param name="token">公众平台上,开发者设置的Token</param>
/// <param name="timestamp">时间戳,对应URL参数的timestamp</param>
/// <param name="nonce">随机串,对应URL参数的nonce</param>
/// <param name="signature">加密签名,对应URL参数的signature</param>
/// <returns></returns>
public static int CheckSignature(string token, string timestamp, string nonce, string signature)
{
string hash = "";
int ret = 0;
ret = GenarateSinature(token, timestamp, nonce, signature, ref hash);
if (ret != 0)
return ret;
//System.Console.WriteLine(hash);
if (hash == signature)
return 0;
else
{
return 40001;//获取access_token时AppSecret错误,或者access_token无效。请开发者认真比对AppSecret的正确性,或查看是否正在为恰当的公众号调用接口
}
}
private static int GenarateSinature(string token, string timestamp, string nonce, string signature, ref string sMsgSignature)
{
ArrayList AL = new ArrayList();
AL.Add(token);
AL.Add(timestamp);
AL.Add(nonce);
AL.Sort(new DictionarySort());
string raw = "";
for (int i = 0; i < AL.Count; ++i)
{
raw += AL[i];
}
SHA1 sha;
ASCIIEncoding enc;
string hash = "";
try
{
sha = new SHA1CryptoServiceProvider();
enc = new ASCIIEncoding();
byte[] dataToHash = enc.GetBytes(raw);
byte[] dataHashed = sha.ComputeHash(dataToHash);
hash = BitConverter.ToString(dataHashed).Replace("-", "");
hash = hash.ToLower();
}
catch (Exception)
{
return 40003;//不合法的OpenID,请开发者确认OpenID(该用户)是否已关注公众号,或是否是其他公众号的OpenID
}
sMsgSignature = hash;
return 0;
}
public class DictionarySort : System.Collections.IComparer
{
public int Compare(object oLeft, object oRight)
{
string sLeft = oLeft as string;
string sRight = oRight as string;
int iLeftLength = sLeft.Length;
int iRightLength = sRight.Length;
int index = 0;
while (index < iLeftLength && index < iRightLength)
{
if (sLeft[index] < sRight[index])
return -1;
else if (sLeft[index] > sRight[index])
return 1;
else
index++;
}
return iLeftLength - iRightLength;
}
}
#endregion
