/// <summary> /// 验证微信签名 /// </summary> /// <returns></returns> /// * 将token、timestamp、nonce三个参数进行字典序排序 /// * 将三个参数字符串拼接成一个字符串进行sha1加密 /// * 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信。 public static bool CheckSignature(VerifyModel verifyModel) { var arr = new[] { access_token, verifyModel.timestamp, verifyModel.nonce }.OrderBy(z => z).ToArray(); var arrString = string.Join("", arr); var sha1 = System.Security.Cryptography.SHA1.Create(); var sha1Arr = sha1.ComputeHash(Encoding.UTF8.GetBytes(arrString)); StringBuilder enText = new StringBuilder(); foreach (var b in sha1Arr) { enText.AppendFormat("{0:x2}", b); } return verifyModel.signature == enText.ToString(); }
public HttpResponseMessage Get([FromUri] VerifyModel verifyModel) { try { if (WxApiAuthorization.CheckSignature(verifyModel)) return ResponseMessage(verifyModel.echostr); else return ResponseMessage("微信签名与系统签名不一致"); } catch (Exception ex) { return ResponseMessage(ex.Message); } }