/// <summary> /// POST Request From Wechat /// </summary> /// <param name="AppID"></param> /// <param name="signature"></param> /// <param name="timestamp"></param> /// <param name="nonce"></param> /// <returns></returns> public IHttpActionResult Post(String AppID, [FromUri] String signature, [FromUri] String timestamp, [FromUri]String nonce) { try { IWechatConfig config = SimpleWechatConfigManager.GetInstance().FetchSelectedConfig(AppID); logger.DebugFormat(@"The app [{1}] token is [{0}]", config.Token ?? @"Nu1l", AppID ?? @"Nu1l"); String request = this.Request.Content.ReadAsStringAsync().Result; logger.DebugFormat(@"The post AppID is [{0}], signature is [{2}], timestamp is [{3}], request is [{1}]", AppID ?? @"Nu1l", request ?? @"Nu1l", signature ?? @"Nu1l", timestamp ?? @"Nu1l"); if ( ( !String.IsNullOrEmpty(signature) && !String.IsNullOrEmpty(timestamp) && !String.IsNullOrEmpty(nonce)) || _FORCE_SIGNATURE_FLAG) { MessageCryptErrorCode retCode = SignatureVerifier.VerifySignature(config.Token, timestamp, nonce, request, signature); if (retCode != MessageCryptErrorCode.WXMsgCrypt_OK) throw new ApplicationException(@"verify signature failed"); } return NotFound(); } catch (Exception ex) { logger.Error(ex); return BadRequest(); } }
/// <summary> /// Verify the request signature /// </summary> /// <param name="sToken"></param> /// <param name="sTimeStamp"></param> /// <param name="sNonce"></param> /// <param name="sMsgEncrypt"></param> /// <param name="sSigture"></param> /// <returns></returns> public static MessageCryptErrorCode VerifySignature(string sToken, string sTimeStamp, string sNonce, string sMsgEncrypt, string sSigture) { string hash = String.Empty; MessageCryptErrorCode ret = MessageCryptErrorCode.WXMsgCrypt_OK; ret = GenarateSinature(sToken, sTimeStamp, sNonce, sMsgEncrypt, ref hash); if (ret != MessageCryptErrorCode.WXMsgCrypt_OK) { return(ret); } logger.DebugFormat(@"The Message [{0}] Hash is [{1}]", sTimeStamp ?? @"Nu1l", hash ?? @"Nu1l"); if (hash == sSigture) { return(MessageCryptErrorCode.WXMsgCrypt_OK); } else { return(MessageCryptErrorCode.WXMsgCrypt_ValidateSignature_Error); } }