PayPal IPN https更改2016

时间:2016-03-02 22:30:32

标签: paypal https listener paypal-ipn

今天收到PayPal提供的信息:

IPN验证回传到HTTPS

  

如果您使用的是PayPal的即时付款通知(IPN)服务,您将需要确保在将消息发回PayPal进行>验证时使用HTTPS。 2016年9月30日之后,将不再支持HTTP回发。

我正在使用IPN并且实时网站正在运行,但我们的DEV IPN侦听器正在使用:https://www.sandbox.paypal.com/cgi-bin/webscr上的沙箱。

我很困惑我需要做些什么来修复它。我添加了此代码,并且侦听器页面再次加载而没有错误。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

但是当我尝试测试一个事务时,监听器永远不会从PayPal收到任何信息。这是因为听众的服务器现在必须是" https"? PP沙箱现在拒绝通知非SSL地址吗?

我最初从PayPal示例获得了我的c#代码,但它已不在他们的网站上。

var useSandbox = Convert.ToBoolean(ConfigurationManager.AppSettings["UsePayPalSandboxYn"]);
var server = useSandbox ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr";

var req = (HttpWebRequest)WebRequest.Create(server);

// set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";

//added today
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
                | SecurityProtocolType.Tls11
                | SecurityProtocolType.Tls12
                | SecurityProtocolType.Ssl3;

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };


byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest += "&cmd=_notify-validate";
req.ContentLength = strRequest.Length;

// send the request to PayPal and get the response
var streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
var streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();

switch (strResponse)
{
case "VERIFIED":
                {

我使用静态IP地址和设置为Web服务器的家庭路由器进行调试。如果我必须设置ssl,那就更难了。

有人能指出我正确的方向吗?

2 个答案:

答案 0 :(得分:2)

您唯一需要做的就是确保将验证POST发送回PayPal,而不是http://。您不必在您的站点上安装SSL以供您的IPN侦听器运行。

答案 1 :(得分:0)

我只想分享我正在运行的代码...希望它可以帮助您对代码进行一些改进:

private void VerifyTask(HttpRequestBase ipnRequest, bool useLiveAccount = true)
{
            string verificationResponse = string.Empty;
            var request = (HttpWebRequest)WebRequest.Create(useLiveAccount
                ? WebConfigurationManager.AppSettings["PaypalURL"] 
                : WebConfigurationManager.AppSettings["SandboxURL"]);

            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";
            var param = ipnRequest.BinaryRead(ipnRequest.ContentLength);
            var strRequest = Encoding.ASCII.GetString(param);
            strRequest += "&cmd=_notify-validate";
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

            using (var writer = new StreamWriter(request.GetRequestStream(), Encoding.ASCII))
            {
                writer.Write(strRequest);
                writer.Close();
            }

            using (var reader = new StreamReader(request.GetResponse().GetResponseStream()))
            {
                verificationResponse = reader.ReadToEnd();
                reader.Close();
            }

            if (verificationResponse.Equals("VERIFIED"))
            {
               //Make the validations here
            }
}

编辑: WebConfigurationManager.AppSettings [" PaypalURL"] =" https://www.paypal.com/cgi-bin/webscr" WebConfigurationManager.AppSettings [" SandboxURL"] =" https://www.sandbox.paypal.com/cgi-bin/webscr"

相关问题
最新问题