Part1 Preface

Recently, I want to write something based on .Net Core Articles developed by wechat official account

Part2 Test official account application

Test official account application address :https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login

WeChat official account development document :https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html

You can enter the test number management page by scanning the authorization through wechat .

The test account has almost all official account interfaces , Individuals can only apply for subscription numbers , Few interfaces are available , And the number of message push will be limited . If you just do development testing , Then the test account is easier to use

Carry out interface configuration information

A server is required to conduct wechat authorization callback to the online domain name . But for no server , Or the students who first contact wechat official account development are a little unfriendly , Inconvenient for local debugging .

So I tried to debug local code through intranet penetration , Common tools are ngrok,FastTunnel, Peanut shell ,natapp wait

Part3 Development

newly build .Net Core webapi project , Map the local service to the external network

What the author uses here is natapp

Verify that the message does come from wechat server

We can easily write according to wechat development documents Wechat background “ Interface configuration information ”, There are four parameters

[HttpGet]
[ActionName("")]
public string Get(string signature, string timestamp, string nonce, string echostr)
{

}

Students who are obsessed with cleanliness may feel that there are four parameters , And then controller Receiving layers one by one will be particularly cumbersome . Then we can also use entity classes to accept parameters

[HttpGet]
[ActionName("")]
public string Get([FromUri] VxModel vxModel)
{

}

[FromUri] Property handles query parameters , namely "？" The subsequent key value pairs are URI in .

encryption / check

The process is as follows ：

take token、timestamp、nonce Three parameters to sort lexicographically 2） Three parameter strings are spliced into a string sha1 encryption 3） Developers get encrypted strings that can be used with signature contrast , Identify that the request comes from wechat . If you confirm this GET Request from wechat server , Please return as is echostr Parameter contents .

Set wechat official account token, Defined as a constant , Used to verify

public const string Token = "weixin";

Then carry out signature verification according to the process

public static bool Check(string signature, string timestamp, string nonce)
        {
            
            string[] value = new string[3]
            {
                WeixinSetting.Token,
                timestamp,
                nonce
            }.OrderBy(o=>o).ToArray();
            string s = string.Join("", value);
            byte[] array = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(s));
            StringBuilder stringBuilder = new StringBuilder();
            byte[] array2 = array;
            foreach (byte b in array2)
            {
                stringBuilder.AppendFormat("{0:x2}", b);
            }

            return signature==stringBuilder.ToString();
        }

The complete interface is as follows :

[HttpGet]
[ActionName("")]
public string Get(string signature, string timestamp, string nonce, string echostr)
        {
            if (CheckSignatureHelper.Check(signature, timestamp, nonce))
            {
                return echostr;
            }
            else
            {
                return " Check failed ";
            }
        }

In this way, the verification is successful .