public ActionResult CreateOrder(Orders order) { order.Id = Guid.NewGuid().ToString().Replace("-", ""); order.CreateTime = DateTime.Now; if (!entities.NimUser.Any(o => o.Username == order.UserName)) { return(Json(new { code = 200, desc = "指定用户不存在", info = order })); } //order = new StudyOnline.Models.Orders(); //order.Id = "123456789"; //order.Amount = 0.01; //order.Main = "ChineseChat充值"; //order.Body = "ChineseChat充值1000学币"; String orderString = OrderUtil.getOrderInfo(order); String sign = RSAFromPkcs8.sign(orderString, Config.Private_key, Config.Input_charset); //原始订单字符串+URL编码的签名+签名类型 String lastOrderString = orderString + "&sign=\"" + HttpUtility.UrlEncode(sign, Encoding.UTF8) + "\"&sign_type=\"" + Config.Sign_type + "\""; entities.Orders.Add(order); entities.SaveChanges(); return(Json(new { code = 200, desc = "订单创建成功", info = new { order.Id, LastOrderString = lastOrderString } })); }
public ActionResult VerifyAliPay(String orderId, String result) { Orders order = entities.Orders.Find(orderId); if (order == null) { return(Json(new { code = 201, desc = "指定订单不存在" })); } NimUser user = entities.NimUser.Single(o => o.Username == order.UserName); //如果异步通知成功,直接返回 if (order.TradeStatus == "TRADE_SUCCESS" || order.TradeStatus == "TRADE_FINISHED") { //平衡学币 user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0); order.IsBalance = 1; entities.SaveChanges(); return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } })); } //如果服务端没有收到异步通知的时候,则要验证客户端发过来的同步通知(https://doc.open.alipay.com/doc2/detail.htm?spm=0.0.0.0.bsvyrx&treeId=59&articleId=103665&docType=1) //1、原始数据是否跟商户请求支付的原始数据一致(必须验证这个); //2、验证这个签名是否能通过。上述1、2通过后,在sign字段中success = true才是可信的。 //构建原始数据,并验证是否一致,比如如果订单号不存在,那么就会验证不成功 String orderString = OrderUtil.getOrderInfo(order); if (!result.Contains(orderString)) { return(Json(new { code = 201, desc = "数据验证不通过" })); } //验证数据的签名,以[&sign_type="RSA"&sign=]为界,前面的为(原始数据&支付结果),后面的为带双引号的签名结果,在验证签名时,记录把开头和结尾的引号trim掉 String[] a = result.Split(new String[] { "&sign_type=\"RSA\"&sign=" }, StringSplitOptions.None); bool isPass = RSAFromPkcs8.verify(a[0], a[1].Trim(new char[] { '"' }), Config.Public_key, Config.Input_charset); if (!isPass) { return(Json(new { code = 201, desc = "数据签名不相符" })); } //验证是否包含""这样的支付结果 if (!a[0].Contains("&success=\"true\"")) { return(Json(new { code = 201, desc = "支付失败" })); } order.TradeNo = ""; order.TradeStatus = "COMPLETED";//只说明是同步验证成功,应该尽量依靠服务器异步验证 if (order.IsBalance != 1) { user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0); order.IsBalance = 1; } entities.SaveChanges(); return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } })); }