/// <summary>
/// 验证微信签名
/// </summary>
/// <returns></returns>
/// * 将token、timestamp、nonce三个参数进行字典序排序
/// * 将三个参数字符串拼接成一个字符串进行sha1加密
/// * 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信。
public static bool CheckSignature(VerifyModel verifyModel)
{
var arr = new[] { access_token, verifyModel.timestamp, verifyModel.nonce }.OrderBy(z => z).ToArray();
var arrString = string.Join("", arr);
var sha1 = System.Security.Cryptography.SHA1.Create();
var sha1Arr = sha1.ComputeHash(Encoding.UTF8.GetBytes(arrString));
StringBuilder enText = new StringBuilder();
foreach (var b in sha1Arr)
{
enText.AppendFormat("{0:x2}", b);
}
return verifyModel.signature == enText.ToString();
}
public HttpResponseMessage Get([FromUri] VerifyModel verifyModel)
{
try
{
if (WxApiAuthorization.CheckSignature(verifyModel))
return ResponseMessage(verifyModel.echostr);
else
return ResponseMessage("微信签名与系统签名不一致");
}
catch (Exception ex)
{
return ResponseMessage(ex.Message);
}
}
