我继承了一个使用Cybersource作为信用卡处理公司的应用程序。它目前使用CyberSource API,我正在尝试将其转换为使用其托管订单页面 - 特别是静默订单发布方法。 CyberSource提供的运行示例如下:
<form action="https://orderpagetest.ic3.com/hop/ProcessOrder.do" method="POST">
<% insertSignature3("10", "USD", "sale"); %>
<h2>Payment Information</h2>
Card Type: <select name="card_cardType"><br>
<option value="">
<option value="001">Visa
<option value="002">MasterCard
<option value="003">American Express
</select><br>
Card Number: <input type="text" name="card_accountNumber"><br>
Expiration Month: <input type="text" name="card_expirationMonth"> (mm)<br>
Expiration Year: <input type="text" name="card_expirationYear"> (yyyy)<br><br>
<h2>Ready to Check Out!</h2>
<input type="submit" name="submit" value="Buy Now">
</form>
insertSignature方法的代码如下:
public void insertSignature3( String amount, String currency, String orderPage_transactionType )
{
try
{
TimeSpan timeSpanTime = DateTime.UtcNow - new DateTime( 1970, 1, 1 );
String[] arrayTime = timeSpanTime.TotalMilliseconds.ToString().Split( '.' );
String time = arrayTime[0];
String merchantID = GetMerchantID();
if ( merchantID.Equals( "" ) )
Response.Write( "<b>Error:</b> <br>The current security script (HOP.cs) doesn't contain your merchant information. Please login to the <a href='https://ebc.cybersource.com/ebc/hop/HOPSecurityLoad.do'>CyberSource Business Center</a> and generate one before proceeding further. Be sure to replace the existing HOP.cs with the newly generated HOP.cs.<br><br>" );
String data = merchantID + amount + currency + time + orderPage_transactionType;
String pub = GetSharedSecret();
String serialNumber = GetSerialNumber();
byte[] byteData = System.Text.Encoding.UTF8.GetBytes( data );
byte[] byteKey = System.Text.Encoding.UTF8.GetBytes( pub );
HMACSHA1 hmac = new HMACSHA1( byteKey );
String publicDigest = Convert.ToBase64String( hmac.ComputeHash( byteData ) );
publicDigest = publicDigest.Replace( "\n", "" );
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append( "<input type=\"hidden\" name=\"amount\" value=\"" );
sb.Append( amount );
sb.Append( "\">\n<input type=\"hidden\" name=\"currency\" value=\"" );
sb.Append( currency );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_timestamp\" value=\"" );
sb.Append( time );
sb.Append( "\">\n<input type=\"hidden\" name=\"merchantID\" value=\"" );
sb.Append( merchantID );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_transactionType\" value=\"" );
sb.Append( orderPage_transactionType );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_signaturePublic\" value=\"" );
sb.Append( publicDigest );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_version\" value=\"4\">\n" );
sb.Append( "<input type=\"hidden\" name=\"orderPage_serialNumber\" value=\"" );
sb.Append( serialNumber );
sb.Append( "\">\n" );
Response.Write( sb.ToString() );
}
catch ( Exception e )
{
Response.Write( e.StackTrace.ToString() );
}
}
当我在测试应用程序中运行它时,一切正常。但是,我不能在我的主应用程序中使用表单标记,因为主页面包含在表单标记中的所有内容,这将导致嵌套的表单标记。我已经尝试将表单块放在iframe中,但无法解决如何通过insertSignature(...)方法的Response.Write调用传递其他信息。
任何建议都表示赞赏。
答案 0 :(得分:1)
我刚刚经历了同样的问题。我们也采用了iframe方法。在页面加载(如果回发)上,您将要在请求中写出特定项目(不包括ViewState)。下面的示例显示了写出所有项目(ViewState除外)。这包含在ccInfo范围内,然后我们可以通过JavaScript。
protected virtual void Page_Load(Object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
//Do any page binding, etc that needs to be done on intitial page load
}
else
{
//We came back from CyberSource ...
//Will need to get from stored client hidden field ...
string decision = Request.Form["decision"];
if (verifyTransactionSignature(Request))
{
//Make sure we are only processing in the TEST environment if the particular setting
//is set to test (Site_Settings.CYBERSOURCE_API_URL contains 'test' in it)
string apiUrl = Settings.GetSetting(LocalConnectionString, "CYBERSOURCE_API_URL");
//API isn't test, but CyberSource is (someone hacking?)
if (!apiUrl.ToLower().Contains("test") && Request.Form["orderPage_environment"].ToLower().Contains("test"))
{
lblError.Text = "Unable to verify credit card. Request is in test mode, but the site is not. Contact Customer Service.";
}
Response.Write("<span class='ccInfo hide'>");
for (int i = 0; i < Request.Form.Count; i++)
{
var key = Request.Form.GetKey(i);
if (key != "__VIEWSTATE")
{
Response.Write("<input type='hidden' id='" + key + "' name='" + key + "' value='" + Request.Form[i] + "' class='hide' />");
}
}
Response.Write("</span>");
if (decision != "ACCEPT")
{
string reasonCode = Request.Form["reasonCode"];
lblError.Text = "Unable to verify credit card (" + reasonCode + ") ";
if (reasonCode == "102")
{
lblError.Text += "<br />One or more fields in the request contains invalid data. Typically this is the expiration date";
}
}
}
else
{
lblError.Text = "Unable to verify credit card. Transaction Signature not valid. Contact Customer Service.";
}
}
}
我们用来获取数据然后发送到父页面的JavaScript如下:
$(document).ready(function () {
var decision = $('#decision');
if (decision.length > 0) {
if (decision.val() === "ACCEPT") {
//pass in requestId, etc to the billing page
parent.$('.checkoutform').append($('.ccInfo').children());
//call billing.aspx submit function
parent.submitBillingPage();
return;
} else {
//change from loading animation to iframe
parent.toggleIframe(true);
}
}
});
父页面有“checkoutform”类名,因此我们可以在iframe中附加ccInfo范围的所有元素。这个衬垫将我们使用服务器端代码写出的所有元素推送到父页面。现在,父页面包含从CyberSource返回的所有信息。
我们的结算页面(父页面)允许除CyberSource信用卡之外的其他付款,因此我们基本上在主页面上进行提交,假设所有内容都是从CyberSource成功返回的。当用户未使用CyberSource付款时,我们会在结算页面上显示主提交按钮。如果是,我们隐藏主提交按钮,而是显示iframe中的提交按钮。然后,如果出现问题,我们会在iframe中显示错误消息,或者在将数据从iframe传输到父页面后,我们会在父页面上执行提交。
最后,通过查看Request.Form,父页面可以通过服务器端代码访问所有数据。
希望这有助于或至少让您朝着正确的方向前进。我知道这个问题已经过了一个月了,你可能已经开始了,但也许它会帮助其他人下线。