This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # c# Token verification sent by WeChat
View: 57220|Reply: 3

[Source] c# Token verification sent by WeChat

[Copy link]
Posted on 8/23/2016 3:49:49 PM | | | |


For this token verification, I didn't find any relevant documents from WeChat officials at all.

I didn't find any documentation, how do I know how the token verification of WeChat is verified???

You can only search online, and the verification is as follows:

In the processing method corresponding to the URL, obtain the parameters passed and perform encryption/verification
The process is as follows:
1. Sort the three parameters of token, timestamp, and nonce in dictionary order
2. Stitch the three parameter strings into a single string for SHA1 encryption
3. The encrypted string obtained by the developer can be compared with the signature to identify the source of the request from WeChat


Then, knowing this thing, I directly recorded the URL connection requested by WeChat get to facilitate my own debugging.

Finally, I wrote an encryption method as follows:



Here is to sort the value directly, not according to the key sorting value, I made this mistake at the beginning,

Because it is usually key sorted, and then key and value are encrypted together, or only value is encrypted...


Finally, compare the encrypted string with the signture, and if it is correct, directly return the echostr parameter sent to you by the WeChat server.

If you are lazy, just return the echostr parameter value.




Previous:c# Alibaba is greater than sending SMS demo source code download
Next:xml deserialization There is an error in the XML document (1, 2).

Related Posts
 Landlord| Posted on 8/23/2016 3:53:51 PM |


I found it online
 Landlord| Posted on 8/24/2016 1:06:07 PM |
http://mp.weixin.qq.com/wiki/4/2ccadaef44fe1e4b0322355c2312bfa8.html

Found the documentation

When the developer submits the verification application for the first time, the WeChat server will send a GET request to the filled URL with four parameters (signature, timestamp, nonce, echostr), and the developer will judge the authenticity of the message by verifying the signature (i.e., signature).
After that, every time a developer receives a user message, WeChat will also bring the first three parameters (signature, timestamp, nonce) to access the URL set by the developer, and the developer will still judge the authenticity of the message through the validity of the signature. The validation method is the same as the first submission of the verification application.
parameterdescription
signatureWeChat cryptographic signature, signature combines the token parameters filled in by the developer with the timestamp and nonce parameters in the request.
timestampTimestamp
nonceRandom number
echostrRandom string
The developer verifies the request by checking the signature (the verification method is shown below). If you confirm that the GET request comes from the WeChat server, please return the echostr parameter content as it is, and the access will take effect and become a successful developer, otherwise the access will fail.
The encryption/verification process is as follows:1. Sort the three parameters of token, timestamp, and nonce in dictionary order2. Stitch three parameter strings into a string for SHA1 encryption3. The encrypted string obtained by the developer can be compared with the signature to identify the origin of the request from WeChat
Posted on 10/7/2021 8:56:07 PM |
  These large companies open docs are not friendly
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com