微信服务号校验URL核心代码
/验证URL // @param sMsgSignature: 签名串,对应URL参数的msg_signature // @param sTimeStamp: 时间戳,对应URL参数的timestamp // @param sNonce: 随机串,对应URL参数的nonce // @param sEchoStr: 随机串,对应URL参数的echostr // @param sReplyEchoStr: 解密之后的echostr,当return返回0时有效 // @return:成功0,失败返回对应的错误码 public int VerifyURL(string sMsgSignature, string sTimeStamp, string sNonce, string sEchoStr, ref string sReplyEchoStr) { int ret = 0; if (m_sEncodingAESKey.Length != 43) { return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_IllegalAesKey; } ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEchoStr, sMsgSignature); if (0 != ret) { return ret; } sReplyEchoStr = ""; string cpid = ""; try { sReplyEchoStr = Cryptography.AES_decrypt(sEchoStr, m_sEncodingAESKey, ref cpid); //m_sCorpID); } catch (Exception) { sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_DecryptAES_Error; } if (cpid != m_sCorpID) { sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ValidateCorpid_Error; } return 0; }以上是一段微信逛网提供的多年校验URL代码,单此代码我在微信企业号中使用过。目前由于公司需要做微信服务号使用时死活就报“签名错误-40001”.最后根据博客了解自己编写一个校验简单的方法。#region 自己额外添加 /// <summary> /// MD5 加密 /// </summary> /// <param name="s"></param> /// <returns></returns> public static string Sha1(string s) { using (var sha1 = SHA1.Create()) { var result = sha1.ComputeHash(Encoding.UTF8.GetBytes(s)); var strResult = BitConverter.ToString(result); return strResult.Replace("-", "").ToUpper(); } } /// <summary> /// 验证微信签名 /// </summary> /// <param name="token">token</param> /// <param name="signature">签名</param> /// <param name="timestamp">时间戳</param> /// <param name="nonce">随机数</param> /// <returns></returns> public static bool WooCheckSignature(string token, string signature, string timestamp, string nonce) { string[] ArrTmp = { token, timestamp, nonce }; //字典排序 Array.Sort(ArrTmp); //拼接 string tmpStr = string.Join("", ArrTmp); //sha1验证 tmpStr = Sha1(tmpStr); //FormsAuthentication.HashPasswordForStoringInConfigFile(tmpStr, "SHA1"); //tmpStr = Membership.CreateUser(tmpStr, "SHA1"); tmpStr = tmpStr.ToLower(); if (tmpStr == signature) { return true; } else { return false; } } #endregion 自己额外添加用以上方法就方法就可以了。.net core 控制器使用/// <summary> ///回调地址 /// </summary> /// <returns></returns> public IActionResult InitWxPort(string echoStr, string signature, string timestamp, string nonce) { var httpcontext = _accessor.HttpContext; if (httpcontext.Request.Method.ToLower().Equals("get")) { string token = Constant.CorpToken; //WeixinUtiliy weixin = new WeixinUtiliy(); if (WeixinUtiliy.WooCheckSignature(token, signature, timestamp, nonce)) { return Content(echoStr); } return Content("no as"); //return Content(weixin.Auth2(echoStr, signature, timestamp, nonce)); } else { return Ok(); } }