微信App支付通知验签

微信异步通知:

[AcceptVerbs("POST")]
        public void Notify()
        {
            //编码(101-登录无效,102-账号无效,200-成功,201-失败,202~299-其他原因1-99,300-无效提交方式,400-无效参数)
            MessagesDataCodeModel json = new MessagesDataCodeModel(false, "无效参数", 401);
            int notify_id = 0;
            string result = "failed";
            try
            {
                //得到微信推送来的xml数据
                Stream s = System.Web.HttpContext.Current.Request.InputStream;
                byte[] b = new byte[s.Length];
                s.Read(b, 0, (int)s.Length);
                string postStr = Encoding.UTF8.GetString(b);

                SortedDictionary<string, string> requestXML = Common.TenpayUtil.GetInfoFromXml(postStr);
                if (requestXML != null && requestXML.Count > 0)
                {
                    Models.WeiXinNotifyRecords model = GetNotifyModel(requestXML);//将xml数据转换为Model
                    model.remark = "";//postStr;
                    model.CreateDate = DateTime.Now;
                    notify_id = WeiXinNotifyRecordsBLL.Append(model);//记录微信通知
                    model.ID = notify_id;

                    #region 验签
                    //微信返回的签名字符串
                    string sign = requestXML["sign"];
                    requestXML.Remove("sign");
                    //待签名字符串
                    string signStr = AlipaySignature.GetSignContent(requestXML) + "&key=" + Common.ConfigApi.WeiXinPay_API_Key;//借用阿里的方法
                    string newsign = Utils.GetMD5(signStr).ToUpper();//MD5加密,转大写
                    bool ValidateSign = sign == newsign;//验证签名是否一致
                    #endregion

                    #region 处理订单
                    if (ValidateSign)
                    {
                        Models.TradeInfo tradeInfo = TradeInfoBLL.GetEntityByTradeNo(model.out_trade_no);
                        if (tradeInfo != null && model.appid == ConfigApi.WeiXinPay_App_app_id && model.mch_id == ConfigApi.WeiXinPay_App_mch_id)
                        {
                            result = "success";//TODO:处理订单逻辑,完成后 result="success"
                        }
                        else
                        {
                            result = "TradeError";
                            logger.Error("WeiXinPayController.Notify【订单数据与通知数据不符】");
                        }
                    }
                    else
                    {
                        result = "CheckSignError";
                        logger.Error("WeiXinPayController.Notify【验签失败】");
                    }
                    #endregion
                }
            }
            catch (Exception ex)
            {
                logger.Error("WeiXinPayController.Notify【程序异常】", ex);
                result = "exception";
            }

            string xmlstr = @"<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>";
            if (result != "success")
            {
                xmlstr = @"<xml><return_code><![CDATA[FAIL]]></return_code><return_msg><![CDATA[FAIL]]></return_msg></xml>";
            }
            HttpContext.Current.Response.Write(xmlstr);
            HttpContext.Current.Response.End();
        }

  

把XML数据转换为SortedDictionary<string, string>集合:

/// <summary>
        /// 把XML数据转换为SortedDictionary<string, string>集合
        /// </summary>
        /// <param name="strxml"></param>
        /// <returns></returns>
        public static SortedDictionary<string, string> GetInfoFromXml(string xmlstring)
        {
            SortedDictionary<string, string> sParams = new SortedDictionary<string, string>();
            try
            {
                XmlDocument doc = new XmlDocument();
                doc.LoadXml(xmlstring);
                XmlElement root = doc.DocumentElement;
                int len = root.ChildNodes.Count;
                for (int i = 0; i < len; i++)
                {
                    string name = root.ChildNodes[i].Name;
                    if (!sParams.ContainsKey(name))
                    {
                        sParams.Add(name.Trim(), root.ChildNodes[i].InnerText.Trim());
                    }
                }
            }
            catch { }
            return sParams;
        }

  

把参数排序后拼接,得到签名字符串:

 public static string GetSignContent(IDictionary<string, string> parameters)
        {
            // 第一步:把字典按Key的字母顺序排序
            IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parameters);
            IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator();

            // 第二步:把所有参数名和参数值串在一起
            StringBuilder query = new StringBuilder("");
            while (dem.MoveNext())
            {
                string key = dem.Current.Key;
                string value = dem.Current.Value;
                if (!string.IsNullOrEmpty(key) && !string.IsNullOrEmpty(value))
                {
                    query.Append(key).Append("=").Append(value).Append("&");
                }
            }
            string content = query.ToString().Substring(0, query.Length - 1);

            return content;
        }

  

签名算法文档:https://pay.weixin.qq.com/wiki/doc/api/app/app.php?chapter=4_3

微信App支付通知验签

上一篇:Android热修复之微信Tinker使用初探


下一篇:移动支付--银联,支付宝,微信(android)