微信App支付通知验签

时间:2022-02-09 00:06:17

微信异步通知:

[AcceptVerbs("POST")]

        public void Notify()

        {

            //编码(101-登录无效,102-账号无效,200-成功,201-失败,202~299-其他原因1-99,300-无效提交方式,400-无效参数)

            MessagesDataCodeModel json = new MessagesDataCodeModel(false, "无效参数", 401);

            int notify_id = 0;

            string result = "failed";

            try

            {

                //得到微信推送来的xml数据

                Stream s = System.Web.HttpContext.Current.Request.InputStream;

                byte[] b = new byte[s.Length];

                s.Read(b, 0, (int)s.Length);

                string postStr = Encoding.UTF8.GetString(b);

                SortedDictionary<string, string> requestXML = Common.TenpayUtil.GetInfoFromXml(postStr);

                if (requestXML != null && requestXML.Count > 0)

                {

                    Models.WeiXinNotifyRecords model = GetNotifyModel(requestXML);//将xml数据转换为Model

                    model.remark = "";//postStr;

                    model.CreateDate = DateTime.Now;

                    notify_id = WeiXinNotifyRecordsBLL.Append(model);//记录微信通知

                    model.ID = notify_id;

                    #region 验签

                    //微信返回的签名字符串

                    string sign = requestXML["sign"];

                    requestXML.Remove("sign");

                    //待签名字符串

                    string signStr = AlipaySignature.GetSignContent(requestXML) + "&key=" + Common.ConfigApi.WeiXinPay_API_Key;//借用阿里的方法

                    string newsign = Utils.GetMD5(signStr).ToUpper();//MD5加密,转大写

                    bool ValidateSign = sign == newsign;//验证签名是否一致

                    #endregion

                    #region 处理订单

                    if (ValidateSign)

                    {

                        Models.TradeInfo tradeInfo = TradeInfoBLL.GetEntityByTradeNo(model.out_trade_no);

                        if (tradeInfo != null && model.appid == ConfigApi.WeiXinPay_App_app_id && model.mch_id == ConfigApi.WeiXinPay_App_mch_id)

                        {

                            result = "success";//TODO:处理订单逻辑,完成后 result="success"

                        }

                        else

                        {

                            result = "TradeError";

                            logger.Error("WeiXinPayController.Notify【订单数据与通知数据不符】");

                        }

                    }

                    else

                    {

                        result = "CheckSignError";

                        logger.Error("WeiXinPayController.Notify【验签失败】");

                    }

                    #endregion

                }

            }

            catch (Exception ex)

            {

                logger.Error("WeiXinPayController.Notify【程序异常】", ex);

                result = "exception";

            }

            string xmlstr = @"<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>";

            if (result != "success")

            {

                xmlstr = @"<xml><return_code><![CDATA[FAIL]]></return_code><return_msg><![CDATA[FAIL]]></return_msg></xml>";

            }

            HttpContext.Current.Response.Write(xmlstr);

            HttpContext.Current.Response.End();

        }

  

把XML数据转换为SortedDictionary<string, string>集合:

/// <summary>

        /// 把XML数据转换为SortedDictionary<string, string>集合

        /// </summary>

        /// <param name="strxml"></param>

        /// <returns></returns>

        public static SortedDictionary<string, string> GetInfoFromXml(string xmlstring)

        {

            SortedDictionary<string, string> sParams = new SortedDictionary<string, string>();

            try

            {

                XmlDocument doc = new XmlDocument();

                doc.LoadXml(xmlstring);

                XmlElement root = doc.DocumentElement;

                int len = root.ChildNodes.Count;

                for (int i = 0; i < len; i++)

                {

                    string name = root.ChildNodes[i].Name;

                    if (!sParams.ContainsKey(name))

                    {

                        sParams.Add(name.Trim(), root.ChildNodes[i].InnerText.Trim());

                    }

                }

            }

            catch { }

            return sParams;

        }

  

把参数排序后拼接,得到签名字符串:

 public static string GetSignContent(IDictionary<string, string> parameters)

        {

            // 第一步:把字典按Key的字母顺序排序

            IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters);

            IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator();

            // 第二步:把所有参数名和参数值串在一起

            StringBuilder query = new StringBuilder("");

            while (dem.MoveNext())

            {

                string key = dem.Current.Key;

                string value = dem.Current.Value;

                if (!string.IsNullOrEmpty(key) && !string.IsNullOrEmpty(value))

                {

                    query.Append(key).Append("=").Append(value).Append("&");

                }

            }

            string content = query.ToString().Substring(0, query.Length - 1);

            return content;

        }

  

签名算法文档:https://pay.weixin.qq.com/wiki/doc/api/app/app.php?chapter=4_3

相关文章