plivo Signature Validation MVC.net

121 views
Skip to first unread message

Khalid Khan

unread,
Feb 16, 2016, 2:16:06 AM2/16/16
to Plivo Opensource Users
Hi, I am developing an sms receiving app in mvc.net using plivo.
I am unable to validate plivo signature in mvc.net. whenever i try to validate request using plivo .net helper library "XPlivoSignature.Verify()" it always return false. My code is given below please let me know if I am doing anything wrong.

Any help will be highly appreciated

[HttpPost]
        public ActionResult Receive(string From, string To, string Type, string Text, string MessageUUID)
        {
              // here is the problem it always return false
               if (ValidatePlivoRequest(Request))
                    {
                        // do some stuff i.e store message in db
                    }
        }

private bool ValidatePlivoRequest(HttpRequestBase request)
        {
            bool validRequest = false;
            string actualsignature = request.Headers["X-Plivo-Signature"];

            String auth_token = ConnectionStringHelper.PlivoAuthenticationToken;


            Dictionary<string, string> parameters = new Dictionary<string, string>();

            if (Request.QueryString != null)
            {
                foreach (String key in Request.QueryString.Keys)
                {
                    String value = Request.QueryString[key];
                    parameters.Add(key, value);
                }
            }

            //String url = request.Url.SiteBase + request.Url.Path;
            string url = ConnectionStringHelper.PlivoSmsReceiveUrlForValidation;
           
            if (Request.Form != null)
            {
                foreach (String key in Request.Form.Keys)
                {
                    String value = Request.Form[key];
                    parameters.Add(key, value);
                }
            }

           // here is the problem it always return false
            validRequest = XPlivoSignature.Verify(url, parameters, actualsignature, auth_token);

            return validRequest;
        }

Ramya R

unread,
Feb 16, 2016, 3:17:37 AM2/16/16
to plivo...@googlegroups.com
Hi Khalid,

Is the number that receives the sms, linked to a sub account? If yes, you should use the sub account auth token to compute the signature. 
If this is not the case, could you please share more details like the url, parameters used for computing the signature (values for "url" and "parameters" in ValidatePlivoRequest function) and the actual signature? 

Please write to sup...@plivo.com with these details. We'll help you resolve this issue at the earliest.

Regards,

--
You received this message because you are subscribed to the Google Groups "Plivo Opensource Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to plivo-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
RAMYA | PRESALES ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: www.plivo.com | Twitter: @plivo
Message has been deleted

Ramya R

unread,
Feb 16, 2016, 8:57:56 AM2/16/16
to plivo...@googlegroups.com
Hi Khalid,

I see that the number +16784876100 is linked to a sub account called "CRM_Team1". The signature matches when sub account auth token is used. Can you please test again with the sub account auth token instead of the master account auth token?

On Tue, Feb 16, 2016 at 6:09 PM, Khalid Khan <develo...@gmail.com> wrote:
Thanks for your reply.
No the number is not linked to subaccount.
I have set following url in plivo application management for sms receiving: 


Actual signature: IfdOjaZpPUvwBOfkNGDewAqsYOM=

parameteres that i get from Request.Form are given below

TotalRate: 0
Units: 1
Text: test sms receiving api
TotalAmount: 0
Type: sms
MessageUUID: 9e04037c-d4a9-11e5-8088-22000afd0a5c
Reply all
Reply to author
Forward
Message has been deleted
0 new messages