微信App支付通知验签
Posted 邢帅杰
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了微信App支付通知验签相关的知识,希望对你有一定的参考价值。
微信异步通知:
[AcceptVerbs("POST")] public void Notify() { //编码(101-登录无效,102-账号无效,200-成功,201-失败,202~299-其他原因1-99,300-无效提交方式,400-无效参数) MessagesDataCodeModel json = new MessagesDataCodeModel(false, "无效参数", 401); int notify_id = 0; string result = "failed"; try { //得到微信推送来的xml数据 Stream s = System.Web.HttpContext.Current.Request.InputStream; byte[] b = new byte[s.Length]; s.Read(b, 0, (int)s.Length); string postStr = Encoding.UTF8.GetString(b); SortedDictionary<string, string> requestXML = Common.TenpayUtil.GetInfoFromXml(postStr); if (requestXML != null && requestXML.Count > 0) { Models.WeiXinNotifyRecords model = GetNotifyModel(requestXML);//将xml数据转换为Model model.remark = "";//postStr; model.CreateDate = DateTime.Now; notify_id = WeiXinNotifyRecordsBLL.Append(model);//记录微信通知 model.ID = notify_id; #region 验签 //微信返回的签名字符串 string sign = requestXML["sign"]; requestXML.Remove("sign"); //待签名字符串 string signStr = AlipaySignature.GetSignContent(requestXML) + "&key=" + Common.ConfigApi.WeiXinPay_API_Key;//借用阿里的方法 string newsign = Utils.GetMD5(signStr).ToUpper();//MD5加密,转大写 bool ValidateSign = sign == newsign;//验证签名是否一致 #endregion #region 处理订单 if (ValidateSign) { Models.TradeInfo tradeInfo = TradeInfoBLL.GetEntityByTradeNo(model.out_trade_no); if (tradeInfo != null && model.appid == ConfigApi.WeiXinPay_App_app_id && model.mch_id == ConfigApi.WeiXinPay_App_mch_id) { result = "success";//TODO:处理订单逻辑,完成后 result="success" } else { result = "TradeError"; logger.Error("WeiXinPayController.Notify【订单数据与通知数据不符】"); } } else { result = "CheckSignError"; logger.Error("WeiXinPayController.Notify【验签失败】"); } #endregion } } catch (Exception ex) { logger.Error("WeiXinPayController.Notify【程序异常】", ex); result = "exception"; } string xmlstr = @"<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>"; if (result != "success") { xmlstr = @"<xml><return_code><![CDATA[FAIL]]></return_code><return_msg><![CDATA[FAIL]]></return_msg></xml>"; } HttpContext.Current.Response.Write(xmlstr); HttpContext.Current.Response.End(); }
把XML数据转换为SortedDictionary<string, string>集合:
/// <summary> /// 把XML数据转换为SortedDictionary<string, string>集合 /// </summary> /// <param name="strxml"></param> /// <returns></returns> public static SortedDictionary<string, string> GetInfoFromXml(string xmlstring) { SortedDictionary<string, string> sParams = new SortedDictionary<string, string>(); try { XmlDocument doc = new XmlDocument(); doc.LoadXml(xmlstring); XmlElement root = doc.DocumentElement; int len = root.ChildNodes.Count; for (int i = 0; i < len; i++) { string name = root.ChildNodes[i].Name; if (!sParams.ContainsKey(name)) { sParams.Add(name.Trim(), root.ChildNodes[i].InnerText.Trim()); } } } catch { } return sParams; }
把参数排序后拼接,得到签名字符串:
public static string GetSignContent(IDictionary<string, string> parameters) { // 第一步:把字典按Key的字母顺序排序 IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters); IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator(); // 第二步:把所有参数名和参数值串在一起 StringBuilder query = new StringBuilder(""); while (dem.MoveNext()) { string key = dem.Current.Key; string value = dem.Current.Value; if (!string.IsNullOrEmpty(key) && !string.IsNullOrEmpty(value)) { query.Append(key).Append("=").Append(value).Append("&"); } } string content = query.ToString().Substring(0, query.Length - 1); return content; }
签名算法文档:https://pay.weixin.qq.com/wiki/doc/api/app/app.php?chapter=4_3
以上是关于微信App支付通知验签的主要内容,如果未能解决你的问题,请参考以下文章