今天收到PayPal提供的信息:
IPN验证回传到HTTPS
如果您使用的是PayPal的即时付款通知(IPN)服务,您将需要确保在将消息发回PayPal进行>验证时使用HTTPS。 2016年9月30日之后,将不再支持HTTP回发。
我正在使用IPN并且实时网站正在运行,但我们的DEV IPN侦听器正在使用:https://www.sandbox.paypal.com/cgi-bin/webscr上的沙箱。
我很困惑我需要做些什么来修复它。我添加了此代码,并且侦听器页面再次加载而没有错误。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
但是当我尝试测试一个事务时,监听器永远不会从PayPal收到任何信息。这是因为听众的服务器现在必须是" https"? PP沙箱现在拒绝通知非SSL地址吗?
我最初从PayPal示例获得了我的c#代码,但它已不在他们的网站上。
var useSandbox = Convert.ToBoolean(ConfigurationManager.AppSettings["UsePayPalSandboxYn"]);
var server = useSandbox ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr";
var req = (HttpWebRequest)WebRequest.Create(server);
// set values for the request back
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
//added today
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest += "&cmd=_notify-validate";
req.ContentLength = strRequest.Length;
// send the request to PayPal and get the response
var streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
var streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();
switch (strResponse)
{
case "VERIFIED":
{
我使用静态IP地址和设置为Web服务器的家庭路由器进行调试。如果我必须设置ssl,那就更难了。
有人能指出我正确的方向吗?
答案 0 :(得分:2)
您唯一需要做的就是确保将验证POST发送回PayPal,而不是http://。您不必在您的站点上安装SSL以供您的IPN侦听器运行。
答案 1 :(得分:0)
我只想分享我正在运行的代码...希望它可以帮助您对代码进行一些改进:
private void VerifyTask(HttpRequestBase ipnRequest, bool useLiveAccount = true)
{
string verificationResponse = string.Empty;
var request = (HttpWebRequest)WebRequest.Create(useLiveAccount
? WebConfigurationManager.AppSettings["PaypalURL"]
: WebConfigurationManager.AppSettings["SandboxURL"]);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
var param = ipnRequest.BinaryRead(ipnRequest.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest += "&cmd=_notify-validate";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
using (var writer = new StreamWriter(request.GetRequestStream(), Encoding.ASCII))
{
writer.Write(strRequest);
writer.Close();
}
using (var reader = new StreamReader(request.GetResponse().GetResponseStream()))
{
verificationResponse = reader.ReadToEnd();
reader.Close();
}
if (verificationResponse.Equals("VERIFIED"))
{
//Make the validations here
}
}
编辑: WebConfigurationManager.AppSettings [" PaypalURL"] =" https://www.paypal.com/cgi-bin/webscr" WebConfigurationManager.AppSettings [" SandboxURL"] =" https://www.sandbox.paypal.com/cgi-bin/webscr"