1.Net验证开发者
public void Auth() {
string echoStr = System.Web.HttpContext.Current.Request.QueryString["echoStr"];
if (CheckSignature())//验证微信签名通过
{
if (!string.IsNullOrEmpty(echoStr)) {
System.Web.HttpContext.Current.Response.Write(echoStr);
System.Web.HttpContext.Current.Response.End();
}
}
}
/// <summary>
/// 验证开发者
/// </summary>
/// <returns></returns>
private bool CheckSignature() {
//加密/校验流程:
//1. 将token、timestamp、nonce三个参数进行字典序排序
//2. 将三个参数字符串拼接成一个字符串进行sha1加密
//3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
string signature = System.Web.HttpContext.Current.Request.QueryString["signature"];
string timestamp = System.Web.HttpContext.Current.Request.QueryString["timestamp"];
string nonce = System.Web.HttpContext.Current.Request.QueryString["nonce"];
string[] ArrTmp = { _Token, timestamp, nonce };
Array.Sort(ArrTmp);//字典排序
string tmpStr = string.Join("", ArrTmp);
tmpStr = FormsAuthentication.HashPasswordForStoringInConfigFile(tmpStr, "sha1");
tmpStr = tmpStr.ToLower();
if (tmpStr == signature.ToLower()) {
return true;
} else {
return false;
}
}
2.PHP 微信帮助文档提供的源代码
加密/校验流程如下:
1. 将token、timestamp、nonce三个参数进行字典序排序
2. 将三个参数字符串拼接成一个字符串进行sha1加密
3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
检验signature的PHP示例代码:
private function checkSignature()
{
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$token = TOKEN;
$tmpArr = array($token, $timestamp, $nonce);
sort($tmpArr);
$tmpStr = implode( $tmpArr );
$tmpStr = sha1( $tmpStr );
if( $tmpStr == $signature ){
return true;
}else{
return false;
}
}