如何从POST结果执行HTTP POST并重定向到外部站点?

时间:2015-10-21 10:45:27

标签: c# asp.net-mvc asp.net-mvc-5

所以我可以执行以下POST提交并重定向到支付网关站点

@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://l33tpaymentgateway.com" })
{
    <input id="RefNo" name="RefNo" type="hidden" value="ABCDE" />
    <input id="Amount" name="Amount" type="hidden" value="300" />
    <input id="UserEmail" name="UserEmail" type="hidden" value="warheat1990@warheat1990.com" />
    <input id="Signature" name="Signature" type="hidden" value="1234567890" />
    <input id="ResponseURL" name="ResponseURL" type="hidden" value="http://warheat1990.com" />

    <input type="submit" value="submit"/>
}

在用户页面上执行上述操作是一个坏主意(数据可能被篡改),我尝试在服务器端执行此操作。但我不知道如何重定向用户。

public ActionResult SubmitPayment()
{
        using (var client = new HttpClient())
        {
            client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
            var content = new FormUrlEncodedContent(new[] 
            {
                new KeyValuePair<string, string>("RefNo", "ABCDE"),
                new KeyValuePair<string, string>("Amount", "300"),
                new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                new KeyValuePair<string, string>("Signature", "1234567890"),
                new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
            });
            var result = await client.PostAsync("", content).Result;
            if(result.IsSuccessStatusCode)
            {
                //redirect user, but I have no idea how               
            }
        }
}

任何帮助将不胜感激。

编辑:文件

Step 1. Merchant sends HTTPs Post Request containing payment details to l33tpaymentgateway
OPSG payment page. Payment Details contain the following fields:
• MerchantCode
• PaymentId
• RefNo
• Amount
• Currency
• ProdDesc
• UserName
• UserEmail
• UserContact
• Remark
• Signature (refer to 3.1)
• ResponseURL
• BackendURL
Step 2. User views and confirms payment details entered in Step 1. For credit card
payment, the user will need to key-in credit card information.
Step 3. User continues to fill in Username and Password at bank website (for non
credit card payment)
Step 4. User selects the account to debit the payment. (for non credit card payment)
Step 5. User confirms the payment. If yes, go to next step. (for non credit card
payment)
Step 6. User views and prints the payment detail. (for non credit card payment)
Step 7. Response is returned to the l33tpaymentgateway OPSG website indicating a successful or
failed transaction.
Step 8. l33tpaymentgateway OPSG response back the payment status to merchant with a
signature
Step 9. For successful payment transaction, the merchant needs to compare the
signature from l33tpaymentgateway OPSG. Refer to (3.2)

来自文档的HTTP POST示例,从我的角度来看,从安全的角度来看,这是一个很重要的NO。

<HTML>
    <BODY>
        <FORM method="post" name="ePayment" action="https://l33tpaymentgateway.com">
            <INPUT type="hidden" name="MerchantCode" value="ID00001">
            <INPUT type="hidden" name="PaymentId" value="1">
            <INPUT type="hidden" name="RefNo" value="A00000001">
            <INPUT type="hidden" name="Amount" value="300">
            <INPUT type="hidden" name="Currency" value="USD">
            <INPUT type="hidden" name="ProdDesc" value="Photo Print">
            <INPUT type="hidden" name="UserName" value="John Tan">
            <INPUT type="hidden" name="UserEmail" value="john@hotmail.com">
            <INPUT type="hidden" name="UserContact" value="0126500100">
            <INPUT type="hidden" name="Remark" value="">
            <INPUT type="hidden" name="Lang" value="UTF-8">
            <INPUT type="hidden" name="Signature" value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
            <INPUT type="hidden" name="ResponseURL" value="http://www.test.com/payment/response.asp">
            <INPUT type="hidden" name="BackendURL" value="http://www.test.com/payment/backend_response.asp">
            <INPUT type="submit" value="Proceed with Payment" name="Submit">
        </FORM>
    </BODY>
</HTML>

签名生成:

private string ComputeHash(string Key)
{
    SHA1CryptoServiceProvider objSHA1 = new SHA1CryptoServiceProvider();

    objSHA1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Key.ToCharArray));

    byte[] buffer = objSHA1.Hash;
    string HashValue = System.Convert.ToBase64String(buffer);

    return HashValue;
}

其中Key是MerchantKey(类似于私钥)+商家代码+ RefNo +金额

的组合

1 个答案:

答案 0 :(得分:-1)

更新了以下代码:

public ActionResult SubmitPayment()
    {
            using (var client = new HttpClient())
            {
                client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
                var content = new FormUrlEncodedContent(new[] 
                {
                    new KeyValuePair<string, string>("RefNo", "ABCDE"),
                    new KeyValuePair<string, string>("Amount", "300"),
                    new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                    new KeyValuePair<string, string>("Signature", "1234567890"),
                    new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
                });
                var result = await client.PostAsync("", content).Result;
                if(result.IsSuccessStatusCode)
                {
                    return Redirect(result.url);            
                }
            }
    }

我不确定结果对象是什么。但是将Redirect方法的参数放入重定向到的URL。