8wDlpd.png
8wDFp9.png
8wDEOx.png
8wDMfH.png
8wDKte.png

授权来自 Slack API dotnet 的请求(slackSignatureHeader 始终不匹配)

Ilya Golshtein 2月前

25 0

我想验证 slack APIS 命令和交互式端点,我按照此处的文档 https://api.slack.com/authentication/verifying-requests-from-slackand 尝试将其转换为 C#...

我想验证 slack APIS 命令和交互式端点,我按照此处的文档 https://api.slack.com/authentication/verifying-requests-from-slack 并尝试将其转换为 C# 代码和此函数

private bool VerifySlackRequest(HttpRequest request, IHeaderDictionary headers, 

StringValues slackSignatureHeader)
{
string SlackSigningSecret = ConfigurationHelper.SlackSigningSecret;

DateTime timestamp = DateTimeOffset.FromUnixTimeSeconds(timestampUnix).UtcDateTime;
DateTime currentTimestamp = DateTime.UtcNow;

if (Math.Abs((currentTimestamp - timestamp).TotalSeconds) > 60 * 5)
{
    // The request timestamp is more than five minutes from local time.
    // It could be a replay attack, so let's ignore it.
    return false;
}


// Get the request body as a URL-encoded string
string requestBody = string.Join("&", request.Form.Select(kvp => $"{kvp.Key}={kvp.Value}"));


var encoding = new UTF8Encoding();
using (var hmac = new HMACSHA256(encoding.GetBytes(SlackSigningSecret)))
{
    var hash = hmac.ComputeHash(encoding.GetBytes($"v0:{headers["X-Slack-Request-Timestamp"]}:{requestBody}"));
    var hashString = $"v0={BitConverter.ToString(hash).Replace("-", "").ToLower(CultureInfo.InvariantCulture)}";
    if (hashString.Equals(slackSignatureHeader)) return true;
    else return false;
}
}

以下是我调用函数的方式

       bool isValidRequest = VerifySlackRequest(Request, Request.Headers, slackSignatureHeader);

   if (!isValidRequest)
   {
       return Unauthorized("Invalid request signature");
   }

我确认了 SlackSigningSecret,但 slackSignatureHeader 和 hashString 始终不匹配

帖子版权声明 1、本帖标题:授权来自 Slack API dotnet 的请求(slackSignatureHeader 始终不匹配)
    本站网址:http://xjnalaquan.com/
2、本网站的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
3、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
4、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
5、站长邮箱:yeweds@126.com 除非注明,本帖由Ilya Golshtein在本站《.net》版块原创发布, 转载请注明出处!
最新回复 (0)
  • 问题是我如何获取请求主体

    string requestBody = string.Join("&", request.Form.Select(kvp => $"{kvp.Key}={kvp.Value}"));
    

    当我用缓冲得到它时它工作正常

    string rawRequestBody = string.Empty;
    request.EnableBuffering();
    using (var reader = new StreamReader(request.Body))
    {
        rawRequestBody = await reader.ReadToEndAsync();
        Request.Body.Position = 0;
    }
    

    如果你有同样的问题并且 rawRequestBody 总是空的,请在你的 Startup.cs 中添加此内容

    app.Use((context, next) =>
    {
        context.Request.EnableBuffering();
        return next();
    });
    

    我写了一篇关于它的中篇文章,如果有人尝试 Slack 签名验证,你可以 在这里

返回
作者最近主题: