微博公众平台（二）-- Token验证代码

Token，验证逻辑：
1、将Token、timestamp、nonce放入数组

2、将数组从小到大排列

3、将数组按顺序拼装成一个字符串

4、对生成的字符串进行SHA1加密

5、将密文转换为小写

6、将signature与最后生成的小写密文进行对比，如匹配则返回echostr

 

protected void Page_Load(object sender, EventArgs e)
        {
            string signature = Request["signature"];
            string timestamp = Request["timestamp"];

            string nonce = Request["nonce"];
            string echostr = Request["echostr"];

            string strSignature = GetSignature("Token", timestamp, nonce);

            if (strSignature == signature)
            {
                Response.Clear();
                Response.Write(echostr);
                Response.End();
            }
            else
            {
                Response.Clear();
                Response.Write("Error");
                Response.End();
            }
        }

        string GetSignature(string token, string timestamp, string nonce)
        {
            string[] strs = new string[] { token, timestamp, nonce };

            Array.Sort(strs);

            return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(String.Join("", strs), "SHA1").ToLower();
        }