.NET|.NET Core企业微信开发接口回调配置
1.配置API接收
文章图片
文章图片
2.下载加密解密库
地址:https://developer.work.weixin.qq.com/devtool/introduce?id=36388,也可以复制下面的代码
2.1 WXBizMsgCrypt.cs
该方法封装了VerifyURL, DecryptMsg, EncryptMsg三个接口,分别用于开发者验证回调url,收到用户回复消息的解密以及开发者回复消息的加密过程。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Xml; using System.Collections; //using System.Web; using System.Security.Cryptography; //-40001 : 签名验证错误//-40002 :xml解析失败//-40003 :sha加密生成签名失败//-40004 :AESKey 非法//-40005 :corpid 校验错误//-40006 :AES 加密失败//-40007 : AES 解密失败//-40008 : 解密后得到的buffer非法//-40009 :base64加密异常//-40010 :base64解密异常namespace Entity{public class WXBizMsgCrypt{string m_sToken; string m_sEncodingAESKey; string m_sReceiveId; enum WXBizMsgCryptErrorCode{WXBizMsgCrypt_OK = 0,WXBizMsgCrypt_ValidateSignature_Error = -40001,WXBizMsgCrypt_ParseXml_Error = -40002,WXBizMsgCrypt_ComputeSignature_Error = -40003,WXBizMsgCrypt_IllegalAesKey = -40004,WXBizMsgCrypt_ValidateCorpid_Error = -40005,WXBizMsgCrypt_EncryptAES_Error = -40006,WXBizMsgCrypt_DecryptAES_Error = -40007,WXBizMsgCrypt_IllegalBuffer = -40008,WXBizMsgCrypt_EncodeBase64_Error = -40009,WXBizMsgCrypt_DecodeBase64_Error = -40010}; //构造函数// @param sToken: 企业微信后台,开发者设置的Token// @param sEncodingAESKey: 企业微信后台,开发者设置的EncodingAESKey// @param sReceiveId: 不同场景含义不同,详见文档说明public WXBizMsgCrypt(string sToken, string sEncodingAESKey, string sReceiveId){m_sToken = sToken; m_sReceiveId = sReceiveId; m_sEncodingAESKey = sEncodingAESKey; }//验证URL// @param sMsgSignature: 签名串,对应URL参数的msg_signature// @param sTimeStamp: 时间戳,对应URL参数的timestamp// @param sNonce: 随机串,对应URL参数的nonce// @param sEchoStr: 随机串,对应URL参数的echostr// @param sReplyEchoStr: 解密之后的echostr,当return返回0时有效// @return:成功0,失败返回对应的错误码public int VerifyURL(string sMsgSignature, string sTimeStamp, string sNonce, string sEchoStr, ref string sReplyEchoStr){int ret = 0; if (m_sEncodingAESKey.Length!=43){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_IllegalAesKey; }ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEchoStr, sMsgSignature); if (0 != ret){return ret; }sReplyEchoStr = ""; string cpid = ""; try{sReplyEchoStr = Cryptography.AES_decrypt(sEchoStr, m_sEncodingAESKey, ref cpid); //m_sReceiveId); }catch (Exception){sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_DecryptAES_Error; }if (cpid != m_sReceiveId){sReplyEchoStr = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ValidateCorpid_Error; }return 0; }// 检验消息的真实性,并且获取解密后的明文// @param sMsgSignature: 签名串,对应URL参数的msg_signature// @param sTimeStamp: 时间戳,对应URL参数的timestamp// @param sNonce: 随机串,对应URL参数的nonce// @param sPostData: 密文,对应POST请求的数据// @param sMsg: 解密后的原文,当return返回0时有效// @return: 成功0,失败返回对应的错误码public int DecryptMsg(string sMsgSignature, string sTimeStamp, string sNonce, string sPostData, ref string sMsg){if (m_sEncodingAESKey.Length!=43){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_IllegalAesKey; }XmlDocument doc = new XmlDocument(); XmlNode root; string sEncryptMsg; try{doc.LoadXml(sPostData); root = doc.FirstChild; sEncryptMsg = root["Encrypt"].InnerText; }catch (Exception){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ParseXml_Error; }//verify signatureint ret = 0; ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEncryptMsg, sMsgSignature); if (ret != 0)return ret; //decryptstring cpid = ""; try{sMsg = Cryptography.AES_decrypt(sEncryptMsg, m_sEncodingAESKey, ref cpid); }catch (FormatException){sMsg = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_DecodeBase64_Error; }catch (Exception){sMsg = ""; return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_DecryptAES_Error; }if (cpid != m_sReceiveId)return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ValidateCorpid_Error; return 0; }//将企业号回复用户的消息加密打包// @param sReplyMsg: 企业号待回复用户的消息,xml格式的字符串// @param sTimeStamp: 时间戳,可以自己生成,也可以用URL参数的timestamp// @param sNonce: 随机串,可以自己生成,也可以用URL参数的nonce// @param sEncryptMsg: 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,//当return返回0时有效// return:成功0,失败返回对应的错误码public int EncryptMsg(string sReplyMsg, string sTimeStamp, string sNonce, ref string sEncryptMsg){if (m_sEncodingAESKey.Length!=43){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_IllegalAesKey; }string raw = ""; try{raw = Cryptography.AES_encrypt(sReplyMsg, m_sEncodingAESKey, m_sReceiveId); }catch (Exception){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_EncryptAES_Error; }string MsgSigature = ""; int ret = 0; ret = GenarateSinature(m_sToken, sTimeStamp, sNonce, raw, ref MsgSigature); if (0 != ret)return ret; sEncryptMsg = ""; string EncryptLabelHead = ""; string MsgSigLabelHead = " "; string TimeStampLabelHead = " "; string NonceLabelHead = " "; sEncryptMsg = sEncryptMsg + " " + EncryptLabelHead + raw + EncryptLabelTail; sEncryptMsg = sEncryptMsg + MsgSigLabelHead + MsgSigature + MsgSigLabelTail; sEncryptMsg = sEncryptMsg + TimeStampLabelHead + sTimeStamp + TimeStampLabelTail; sEncryptMsg = sEncryptMsg + NonceLabelHead + sNonce + NonceLabelTail; sEncryptMsg += " "; return 0; }public class DictionarySort : System.Collections.IComparer{public int Compare(object oLeft, object oRight){string sLeft = oLeft as string; string sRight = oRight as string; int iLeftLength = sLeft.Length; int iRightLength = sRight.Length; int index = 0; while (index < iLeftLength && index < iRightLength){if (sLeft[index] < sRight[index])return -1; else if (sLeft[index] > sRight[index])return 1; elseindex++; }return iLeftLength - iRightLength; }}//Verify Signatureprivate static int VerifySignature(string sToken, string sTimeStamp, string sNonce, string sMsgEncrypt, string sSigture){string hash = ""; int ret = 0; ret = GenarateSinature(sToken, sTimeStamp, sNonce, sMsgEncrypt, ref hash); if (ret != 0)return ret; if (hash == sSigture)return 0; else{return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ValidateSignature_Error; }}public static int GenarateSinature(string sToken, string sTimeStamp, string sNonce, string sMsgEncrypt ,ref string sMsgSignature){ArrayList AL = new ArrayList(); AL.Add(sToken); AL.Add(sTimeStamp); AL.Add(sNonce); AL.Add(sMsgEncrypt); AL.Sort(new DictionarySort()); string raw = ""; for (int i = 0; i < AL.Count; ++i){raw += AL[i]; }SHA1 sha; ASCIIEncoding enc; string hash = ""; try{sha = new SHA1CryptoServiceProvider(); enc = new ASCIIEncoding(); byte[] dataToHash = enc.GetBytes(raw); byte[] dataHashed = sha.ComputeHash(dataToHash); hash = BitConverter.ToString(dataHashed).Replace("-", ""); hash = hash.ToLower(); }catch (Exception){return (int)WXBizMsgCryptErrorCode.WXBizMsgCrypt_ComputeSignature_Error; }sMsgSignature = hash; return 0; }}}WXBizMsgCrypt.cs
2.2 Cryptography.cs
该文件封装了AES加解密过程
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; using System.IO; using System.Net; namespace Entity{public class Cryptography{public static UInt32 HostToNetworkOrder(UInt32 inval){UInt32 outval = 0; for (int i = 0; i < 4; i++)outval = (outval << 8) + ((inval >> (i * 8)) & 255); return outval; }public static Int32 HostToNetworkOrder(Int32 inval){Int32 outval = 0; for (int i = 0; i < 4; i++)outval = (outval << 8) + ((inval >> (i * 8)) & 255); return outval; }/// /// 解密方法/// /// 密文/// ////// public static string AES_decrypt(String Input, string EncodingAESKey, ref string corpid){byte[] Key; Key = Convert.FromBase64String(EncodingAESKey + "="); byte[] Iv = new byte[16]; Array.Copy(Key, Iv, 16); byte[] btmpMsg = AES_decrypt(Input, Iv, Key); int len = BitConverter.ToInt32(btmpMsg, 16); len = IPAddress.NetworkToHostOrder(len); byte[] bMsg = new byte[len]; byte[] bCorpid = new byte[btmpMsg.Length - 20 - len]; Array.Copy(btmpMsg, 20, bMsg, 0, len); Array.Copy(btmpMsg, 20+len , bCorpid, 0, btmpMsg.Length - 20 - len); string oriMsg = Encoding.UTF8.GetString(bMsg); corpid = Encoding.UTF8.GetString(bCorpid); return oriMsg; }public static String AES_encrypt(String Input, string EncodingAESKey, string corpid){byte[] Key; Key = Convert.FromBase64String(EncodingAESKey + "="); byte[] Iv = new byte[16]; Array.Copy(Key, Iv, 16); string Randcode = CreateRandCode(16); byte[] bRand = Encoding.UTF8.GetBytes(Randcode); byte[] bCorpid = Encoding.UTF8.GetBytes(corpid); byte[] btmpMsg = Encoding.UTF8.GetBytes(Input); byte[] bMsgLen = BitConverter.GetBytes(HostToNetworkOrder(btmpMsg.Length)); byte[] bMsg = new byte[bRand.Length + bMsgLen.Length + bCorpid.Length + btmpMsg.Length]; Array.Copy(bRand, bMsg, bRand.Length); Array.Copy(bMsgLen, 0, bMsg, bRand.Length, bMsgLen.Length); Array.Copy(btmpMsg, 0, bMsg, bRand.Length + bMsgLen.Length, btmpMsg.Length); Array.Copy(bCorpid, 0, bMsg, bRand.Length + bMsgLen.Length + btmpMsg.Length, bCorpid.Length); return AES_encrypt(bMsg, Iv, Key); }private static string CreateRandCode(int codeLen){string codeSerial = "2,3,4,5,6,7,a,c,d,e,f,h,i,j,k,m,n,p,r,s,t,A,C,D,E,F,G,H,J,K,M,N,P,Q,R,S,U,V,W,X,Y,Z"; if (codeLen == 0){codeLen = 16; }string[] arr = codeSerial.Split(','); string code = ""; int randValue = https://www.it610.com/article/-1; Random rand = new Random(unchecked((int)DateTime.Now.Ticks)); for (int i = 0; i < codeLen; i++){randValue = rand.Next(0, arr.Length - 1); code += arr[randValue]; }return code; }private static String AES_encrypt(String Input, byte[] Iv, byte[] Key){var aes = new RijndaelManaged(); //秘钥的大小,以位为单位aes.KeySize = 256; //支持的块大小aes.BlockSize = 128; //填充模式aes.Padding = PaddingMode.PKCS7; aes.Mode = CipherMode.CBC; aes.Key = Key; aes.IV = Iv; var encrypt = aes.CreateEncryptor(aes.Key, aes.IV); byte[] xBuff = null; using (var ms = new MemoryStream()){using (var cs = new CryptoStream(ms, encrypt, CryptoStreamMode.Write)){byte[] xXml = Encoding.UTF8.GetBytes(Input); cs.Write(xXml, 0, xXml.Length); }xBuff = ms.ToArray(); }String Output = Convert.ToBase64String(xBuff); return Output; }private static String AES_encrypt(byte[] Input, byte[] Iv, byte[] Key){var aes = new RijndaelManaged(); //秘钥的大小,以位为单位aes.KeySize = 256; //支持的块大小aes.BlockSize = 128; //填充模式//aes.Padding = PaddingMode.PKCS7; aes.Padding = PaddingMode.None; aes.Mode = CipherMode.CBC; aes.Key = Key; aes.IV = Iv; var encrypt = aes.CreateEncryptor(aes.Key, aes.IV); byte[] xBuff = null; #region 自己进行PKCS7补位,用系统自己带的不行byte[] msg = new byte[Input.Length + 32 - Input.Length % 32]; Array.Copy(Input, msg, Input.Length); byte[] pad = KCS7Encoder(Input.Length); Array.Copy(pad, 0, msg, Input.Length, pad.Length); #endregion#region 注释的也是一种方法,效果一样//ICryptoTransform transform = aes.CreateEncryptor(); //byte[] xBuff = transform.TransformFinalBlock(msg, 0, msg.Length); #endregionusing (var ms = new MemoryStream()){using (var cs = new CryptoStream(ms, encrypt, CryptoStreamMode.Write)){cs.Write(msg, 0, msg.Length); }xBuff = ms.ToArray(); }String Output = Convert.ToBase64String(xBuff); return Output; }private static byte[] KCS7Encoder(int text_length){int block_size = 32; // 计算需要填充的位数int amount_to_pad = block_size - (text_length % block_size); if (amount_to_pad == 0){amount_to_pad = block_size; }// 获得补位所用的字符char pad_chr = chr(amount_to_pad); string tmp =""; for (int index = 0; index < amount_to_pad; index++){tmp += pad_chr; }return Encoding.UTF8.GetBytes(tmp); }/*** 将数字转化成ASCII码对应的字符,用于对明文进行补码* * @param a 需要转化的数字* @return 转化得到的字符*/static char chr(int a){byte target = (byte)(a & 0xFF); return (char)target; }private static byte[] AES_decrypt(String Input, byte[] Iv, byte[] Key){RijndaelManaged aes = new RijndaelManaged(); aes.KeySize = 256; aes.BlockSize = 128; aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.None; aes.Key = Key; aes.IV = Iv; var decrypt = aes.CreateDecryptor(aes.Key, aes.IV); byte[] xBuff = null; using (var ms = new MemoryStream()){using (var cs = new CryptoStream(ms, decrypt, CryptoStreamMode.Write)){byte[] xXml = Convert.FromBase64String(Input); byte[] msg = new byte[xXml.Length + 32 - xXml.Length % 32]; Array.Copy(xXml, msg, xXml.Length); cs.Write(xXml, 0, xXml.Length); }xBuff = decode2(ms.ToArray()); }return xBuff; }private static byte[] decode2(byte[] decrypted){int pad = (int)decrypted[decrypted.Length - 1]; if (pad < 1 || pad > 32){pad = 0; }byte[] res = new byte[decrypted.Length - pad]; Array.Copy(decrypted, 0, res, 0, decrypted.Length - pad); return res; }}}Cryptography.cs
3.编写回调API 3.1 支持Http Get请求验证URL有效性
假设企业的接收消息的URL设置为http://api.com/callback/interAspect
企业管理员在保存回调配置信息时,企业微信会发送一条验证消息到填写的URL,请求内容如下:
请求方式:GET
请求地址:http://api.com/callback/interAspect?msg_signature=ASDFQWEXZCVAQFASDFASDFSS×tamp=13500001234&nonce=123412323&echostr=ENCRYPT_STR
参数说明:
| 参数 | 类型 | 说明 |
|---|---|---|
| msg_signature | String | 企业微信加密签名,msg_signature计算结合了企业填写的token、请求中的timestamp、nonce、加密的消息体。签名计算方法参考 消息体签名检验 |
| timestamp | Integer | 时间戳。与nonce结合使用,用于防止请求重放攻击。 |
| nonce | String | 随机数。与timestamp结合使用,用于防止请求重放攻击。 |
| echostr | String | 加密的字符串。需要解密得到消息内容明文,解密后有random、msg_len、msg、receiveid四个字段,其中msg即为消息内容明文 |
[HttpGet, Route("callback/interAspect")]public ContentResult ReveiceMsg(string msg_signature,string timestamp,string nonce,string echostr){//验证WXBizMsgCrypt wxcpt = new WXBizMsgCrypt(AppSetting.Configuration["Wx:CallBackToken"], AppSetting.Configuration["Wx:EncodingAESKey"], AppSetting.Configuration["Wx:corpid"]); int ret = 0; string sEchoStr = ""; ret = wxcpt.VerifyURL(msg_signature, timestamp, nonce, echostr, ref sEchoStr); if (ret != 0){return Content(null); }return Content(sEchoStr); }
3.2支持Http Post请求接收业务数据
【.NET|.NET Core企业微信开发接口回调配置】假设企业的接收消息的URL设置为http://api.com/callback/interAspect。
当用户触发回调行为时,企业微信会发送回调消息到填写的URL,请求内容如下:
请求方式:POST
请求地址 :http://api.com/callback/interAspect?msg_signature=ASDFQWEXZCVAQFASDFASDFSS×tamp=13500001234&nonce=123412323
参数说明:
| 参数 | 类型 | 说明 |
|---|---|---|
| msg_signature | String | 企业微信加密签名,msg_signature结合了企业填写的token、请求中的timestamp、nonce参数、加密的消息体 |
| timestamp | Integer | 时间戳。与nonce结合使用,用于防止请求重放攻击。 |
| nonce | String | 随机数。与timestamp结合使用,用于防止请求重放攻击。 |
| ToUserName | String | 企业微信的CorpID,当为第三方应用回调事件时,CorpID的内容为suiteid |
| AgentID | String | 接收的应用id,可在应用的设置页面获取。仅应用相关的回调会带该字段。 |
| Encrypt | String | 消息结构体加密后的字符串 |
[HttpPost, Route("callback/interAspect")]public ContentResult AcceptMessage(string msg_signature,string timestamp,string nonce){//获取Encrypt参数string encrypt = ""; using (StreamReader sr = new StreamReader(Request.Body, Encoding.UTF8)){encrypt = sr.ReadToEndAsync().Result; }//验证WXBizMsgCrypt wxcpt = new WXBizMsgCrypt(AppSetting.Configuration["Wx:CallBackToken"], AppSetting.Configuration["Wx:EncodingAESKey"], AppSetting.Configuration["Wx:corpid"]); string sMsg = ""; // 解析之后的明文int ret = wxcpt.DecryptMsg(msg_signature, timestamp, nonce, encrypt, ref sMsg); if (ret != 0){throw new Exception(); }// ret==0表示解密成功,sMsg表示解密之后的明文xml串XmlDocument doc = new XmlDocument(); doc.LoadXml(sMsg); XmlNode root = doc.FirstChild; string userName = root["FromUserName"].InnerText; string eventKey = root["EventKey"].InnerText; string responseCode = root["ResponseCode"].InnerText; //这边写回调业务逻辑 return Content("成功"); }
4.写在最后 1.测试回调模式地址,位置建立连接 =>测试回调模式,用于测试Get接口是否具备解密能力,
链接https://open.work.weixin.qq.com/wwopen/devtool/interface/combine
2.openapi回调地址请求不通过: //www.jb51.net/article/252020.htm
3. POST回调不执行: 可能产生的原因有错误接收Encrypt参数,需注意Encrypt参数为Xml类型。Post无法调试,需发布到服务器中,可通过输出到系统日志,获取报错原因。
4.域名必须为公网域名。
5.回调配置官方文档:https://developer.work.weixin.qq.com/document/path/90930
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家。
推荐阅读
- 解决.NET|解决.NET Core企业微信openapi回调地址请求不通过的问题
- 使用C#如何连接到ACCESS数据库
- ADO.NET|C#数据库教程7-ADO.NET三层架构和数据库DBNull问题
- C#|C#数据库教程1-使用ADO.NET操作sql server 2012
- C#|C#数据库教程2-ADO.NET常用SQL语句
- ADO.NET|C# Access数据库使用
- 投稿|被锂价绑架的产业链:中下游企业沦为“打工仔”
- 企业信息化|利用虚拟摄像头解决腾讯会议多人同时共享屏幕的需求
- Flask_Bootstrap框架表单模板Flask企业课学习
- Linux中(Out of memory: Kill process 29650 (java) score 174 or sacrifice child)