C# Twilio安全实现。x-T签名与计算值不匹配
我正在尝试实现中提到的twilio安全性 我尝试了在.net和php中实现,但无法验证请求 我的.net实现代码如下所示C# Twilio安全实现。x-T签名与计算值不匹配,c#,security,base64,twilio,twilio-api,C#,Security,Base64,Twilio,Twilio Api,我正在尝试实现中提到的twilio安全性 我尝试了在.net和php中实现,但无法验证请求 我的.net实现代码如下所示 SortedDictionary<string, string> dictionary = new SortedDictionary<string, string> { //{"SmsId", "4176669"}, //{"TelcoId", "-5"}, {"SmsSid", "SMa
SortedDictionary<string, string> dictionary = new SortedDictionary<string, string>
{
//{"SmsId", "4176669"},
//{"TelcoId", "-5"},
{"SmsSid", "SMa97c925c6169475a88074082712b68ac"},
{"SmsStatus", "sent"},
{"MessageStatus", "sent"},
{"To", "+***********"},
{"MessageSid", "SMa97c925c6169475a88074082712b68ac"},
{"AccountSid", "*********************************"},
{"From", "+**********"},
{"ApiVersion", "2010-04-01"}
};
var url = "http://*****************************?SmsId=4176665&TelcoId=-5";
var authtoken = "********************************";
var _hmac = new HMACSHA1(Encoding.UTF8.GetBytes(authtoken));
StringBuilder stringBuilder = new StringBuilder(url);
foreach (var v in dictionary)
{
stringBuilder.Append(v.Key);
stringBuilder.Append(v.Value);
}
string xTwilioSignature = "+HvlkGkyMxo9rEVjlJ4hhD/sSaw=";
string computed = Convert.ToBase64String(_hmac.ComputeHash(Encoding.UTF8.GetBytes(stringBuilder.ToString())));
bool result1 = xTwilioSignature == computed;
bool restul2 = SecureCompare(xTwilioSignature, computed);
private static bool SecureCompare(string a, string b)
{
if (a == null || b == null)
{
return false;
}
int length = a.Length;
if (length != b.Length)
{
return false;
}
int num = 0;
for (int i = 0; i < length; i++)
{
num = num | a[i] ^ b[i];
}
return num == 0;
}
SortedDictionary dictionary=新的SortedDictionary
{
//{“SmsId”,“4176669”},
//{“TelcoId”,“-5”},
{“SmsSid”、“SMa97c925c6169475a88074082712b68ac”},
{“SmsStatus”,“sent”},
{“消息状态”,“已发送”},
{“至”、“+*************”},
{“MessageSid”,“SMa97c925c6169475a88074082712b68ac”},
{“AccountSid”、“*******************************************”},
{“From”,“+*************”},
{“ApiVersion”,“2010-04-01”}
};
var url=“http://*********************?SmsId=4176665&TelcoId=-5”;
var authtoken=“****************************************”;
var_hmac=new HMACSHA1(Encoding.UTF8.GetBytes(authtoken));
StringBuilder StringBuilder=新的StringBuilder(url);
foreach(字典中的var v)
{
stringBuilder.Append(v.Key);
stringBuilder.Append(v.Value);
}
字符串xTwilioSignature=“+hvlkgkymxo9revjlj4hd/sSaw=”;
string computed=Convert.ToBase64String(_hmac.ComputeHash(Encoding.UTF8.GetBytes(stringBuilder.ToString()));
bool result1=xTwilioSignature==computed;
bool restul2=安全比较(XtwillioSignature,计算);
私有静态bool SecureCompare(字符串a、字符串b)
{
如果(a==null | | b==null)
{
返回false;
}
int长度=a.长度;
如果(长度!=b.长度)
{
返回false;
}
int num=0;
for(int i=0;i
请帮助我确定我做错了什么这是针对您发送的邮件的状态回调吗?你从哪里得到这些田地?假设您没有像本例中那样使用静态值字典,您是否从传入的请求中获取它们?至少在本例中,您似乎缺少
Body
参数。很高兴听到排序结果!我已经在内部要求比我更有C#经验的人来看看这个问题,但您的建议似乎是正确的,我们假设标准端口号,即使它出现在URL中。谢谢@philnash。如果有人也能在github上回复,这会更有帮助。我可以看到团队现在正在关注这一点。谢谢你的回答。