/*思路:
在Url对应的处理方法中,获取传递的参数,进行加密/校验
流程如下:
1. 将token、timestamp、nonce三个参数进行字典序排序
2. 将三个参数字符串拼接成一个字符串进行sha1加密
3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
*/
protected void Page_Load(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(Request["echoStr"]))
{
var echostr = Request["echoStr"];
if (checkSignature() && !string.IsNullOrEmpty(echostr))
{
Response.Write(echostr);//推送
Response.End();
}
}
}
public bool checkSignature()
{
var signature = Request["signature"];
var timestamp = Request["timestamp"];
var nonce = Request["nonce"];
var token = "123456";//自己设置的token值
string[] ArrTmp = { token, timestamp, nonce };
Array.Sort(ArrTmp); //字典排序
string tmpStr = string.Join("", ArrTmp);
tmpStr = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(tmpStr, "SHA1");
tmpStr = tmpStr.ToLower();
if (tmpStr == signature)
{
return true;
}
else
{
return false;
}
}