Newbie Access Guide to WeChat Development Department

The working principle of the WeChat public platform message interface can be roughly understood like this: the process from the user end to the public account end is like this. The user sends a message to the WeChat server, and the WeChat server will receive it. The message is posted to the URL filled in by the user when accessing. In the URL handler, the legitimacy of the message is first judged. After successful judgment, the corresponding response is made based on the content of the message body. The principle is easy to understand, and it may be easier for those who have been exposed to sockets.

However, WeChat’s documentation is sometimes a bit confusing, and the documentation on WeChat access is really not flattering. The first step in the official document is to "apply for a message interface". Here you need to fill in a URL. This URL is used to process messages sent by WeChat, but WeChat writes the relevant configuration in the URL in the second step. Be careful and you will screw up newbies. Below I will explain it according to my understanding.

First of all, when the developer accesses, the WeChat server will send a get request to the URL you filled in. This request carries four parameters, respectively signature (WeChat encrypted signature, signature combination The token parameter filled in by the developer and the timestamp parameter and nonce parameter in the request), timestamp (Timestamp), nonce (random number), echostr (random string). .Use HttpContext.Current.Request.RawUrl to obtain the original URL of the current request, as shown in the following figure:

The developer verifies the request by checking the signature (see below) verification method). If it is confirmed that this GET request comes from the WeChat server, please return the echostr parameter content as it is, then the access will take effect and you will become a developer successfully, otherwise the access will fail.

加密/校验流程如下：1. 将token、timestamp、nonce三个参数进行字典序排序
2. 将三个参数字符串拼接成一个字符串进行sha1加密
3. 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信。

Copy after login

下面是代码实现。

Copy after login

首先，在你的处理程序中（我是新建了一个一般处理程序wx.ashx）,判断当前请求的类型，因为接入时，是发送的GET请求，消息处理是发送的POST请求。如下图：

Copy after login

这里我对验证url的方法进行封装。

Copy after login

/// <summary>
        /// 验证url权限， 接入服务器        /// </summary>
        /// <param name="token"></param>
        /// <returns></returns>
        public static bool ValidUrl(string token)
        {            string echoStr = VqiRequest.GetQueryString("echoStr");            if (CheckSignature(token))
            {                if (!string.IsNullOrEmpty(echoStr))
                {
                    Utils.ResponseWrite(echoStr);                    return true;
                }

            }            return false;
        }/// <summary>
        /// 验证微信签名        /// </summary>
        /// * 将token、timestamp、nonce三个参数进行字典序排序        /// * 将三个参数字符串拼接成一个字符串进行sha1加密        /// * 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信。        /// <returns></returns>
        public static bool CheckSignature(string token)
        {            string signature = VqiRequest.GetQueryString("signature");            string timestamp = VqiRequest.GetQueryString("timestamp");            string nonce = VqiRequest.GetQueryString("nonce");            string[] ArrTmp = { token, timestamp, nonce };
            Array.Sort(ArrTmp);     //字典排序
            string tmpStr = string.Join("", ArrTmp);
            tmpStr = Utils.HashPasswordForStoringInConfigFile(tmpStr, "SHA1");
            tmpStr = tmpStr.ToLower();            if (tmpStr == signature)
            {                return true;
            }            else
            {                return false;
            }
        }

Copy after login

Note: The code VqiRequest.GetQueryString is the encapsulated QueryString request method. When used, it can be changed to QueryString[""]

The processing process is as shown in the figure:

Put the three parameters signature, timestamp and nonce in the array,

Sorted ArrTmp:

Concatenate the three parameter strings into one string:

Encrypt tmpStr with sha1, and convert the encrypted string into lowercase:

Then compare it with the signature, if it is the same, it means Verification successful.

If the verification is successful, echoStr will be returned to WeChat.

/// <summary>
        /// 根据指定的密码和哈希算法生成一个适合于存储在配置文件中的哈希密码        /// </summary>
        /// <param name="str">要进行哈希运算的密码</param>
        /// <param name="type"> 要使用的哈希算法</param>
        /// <returns>经过哈希运算的密码</returns>
        public static string HashPasswordForStoringInConfigFile(string str, string type)
        {            return FormsAuthentication.HashPasswordForStoringInConfigFile(str, type);
        }        public static void ResponseWrite(string str)
        {
            HttpContext.Current.Response.Write(str);
            HttpContext.Current.Response.End();
        }

Copy after login

After the handler is written, deploy it to iis (please refer to Tutorial 1 for the method), log in to the WeChat management background mp.weixin. qq.com/ On the developer center page, click the "Modify Configuration Button" to fill in the URL, Token and EncodingAESKey, where the URL is the interface URL used by developers to receive WeChat server data. The token can be filled in by the developer arbitrarily and used to generate a signature (the token will be compared with the token contained in the interface URL to verify the security). EncodingAESKey is manually filled in by the developer or randomly generated, and will be used as the message body encryption and decryption key. At the same time, developers can choose message encryption and decryption methods: plaintext mode, compatibility mode and security mode. The mode selection and server configuration will take effect immediately after submission. The default state of the encryption and decryption method is plaintext mode. The encryption and decryption modes will be shared with you in a later series, so stay tuned.

As shown in the picture:

##After clicking submit, the WeChat server Request get to the url written above. If the verification is successful, the binding is successful.

END

[Related recommendations]

1.

WeChat public account platform source code download

2.

WeChat voting system source code

The above is the detailed content of Newbie Access Guide to WeChat Development Department. For more information, please follow other related articles on the PHP Chinese website!