如何不将信息保存到database-ASP.NET MVC

时间:2016-03-15 22:30:50

标签: c# asp.net-mvc entity-framework

我如何验证&可能会对信用卡详细信息服务器端(在下面的“创建”功能中)收费,而不会将这些详细信息保存到数据库中。

创建ActionResult 

public ActionResult Create()
{
    var model = new Payment();
    model.ValidFrom = DateTime.Now;
    return View(new Payment());

}

// POST: Payments/Create


[HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Create([Bind(Include = "ID,CardName,CardNumber,ValidFrom,Expires,CardSecurityCode,EmailAddress,ConfrimEmailAddress,Address,City,Country,PostCode")]  PaymentViewModel paymentViewModel ,Payment payment)
        {
            if (ModelState.IsValid)
            {
                payment = new Payment();
                payment.EmailAddress = paymentViewModel.EmailAddress;
                payment.ConfrimEmailAddress = paymentViewModel.ConfirmEmailAddress;
                payment.Address = paymentViewModel.Address;
                payment.City = paymentViewModel.City;
                payment.Country = paymentViewModel.Country;
                payment.PostCode = paymentViewModel.PostCode;
                db.Payments.Add(payment);
                db.SaveChanges();
                return RedirectToAction("Details", "Payments", new { id = payment.ID });
            }

            return View(paymentViewModel);
        }

模型 

public class Payment
{

    public int ID { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]

    public string CardName { get; set; }
    // ------------------------------Visa Card ---------------------------------------------//
    [RegularExpression(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})|(4903|4905|4911|4936|6333|6759)[0-9]{12}|(4903|4905|4911|4936|6333|6759)[0-9]{14}|(4903|4905|4911|4936|6333|6759)[0-9]{15}|564182[0-9]{10}|564182[0-9]{12}|564182[0-9]{13}|633110[0-9]{10}|633110[0-9]{12}|633110[0-9]{13}$", ErrorMessage = "Invalid Card Number You Paki")]


    public string CardNumber { get; set; }
    [Display(Name = "Valid From"), DataType(DataType.Date) DisplayFormat(DataFormatString = "{0:MM}")]
    public DateTime ValidFrom { get; set; }
    [Display(Name = "Valid From"), DataType(DataType.Date) DisplayFormat(DataFormatString = "{0:MM}")]
    public DateTime Expires { get; set; }
    public string CardSecurityCode { get; set; }

    [Required]
    [EmailAddress]
    public string EmailAddress { get; set; }
    [Compare("EmailAddress", ErrorMessage = "The email and confirmation email do not match.")]

    public string ConfrimEmailAddress { get; set; }
    [RegularExpression(@"([a-zA-Z0-9\s]+)", ErrorMessage = "Invalid Address")]

    public string Address { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string City { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string Country { get; set; }
    [RegularExpression(@"\b\d{5}(?:-\d{4})?\b+", ErrorMessage = "Invalid postcode")]
    public string PostCode { get; set; }
}

public class PaymentDBContext : DbContext //controls information in database 
{
    public DbSet<Payment> Payments { get; set; } //creates a donation database

    public System.Data.Entity.DbSet<CharitySite.Models.Charity> Charities { get; set; }
}

我需要能够检索信用卡号码而不将其存储在数据库中。我们最初的想法是使用Javascript验证信用卡详细信息客户端,但项目要求规定执行服务器端验证。

2 个答案:

答案 0 :(得分:2)

如果您只需要保存部分信息,并仅将其余部分用于验证目的(例如,验证信用卡号),那么您必须使用包含表单上所请求的所有信息的ViewModel,并从ViewModel中提取您需要保存的信息:

<强>视图模型: 

public class PaymentViewModel
{

    public int ID { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]

    public string CardName { get; set; }
    // ------------------------------Visa Card ---------------------------------------------//
    [RegularExpression(@"^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})|(4903|4905|4911|4936|6333|6759)[0-9]{12}|(4903|4905|4911|4936|6333|6759)[0-9]{14}|(4903|4905|4911|4936|6333|6759)[0-9]{15}|564182[0-9]{10}|564182[0-9]{12}|564182[0-9]{13}|633110[0-9]{10}|633110[0-9]{12}|633110[0-9]{13}$", ErrorMessage = "Invalid Card Number You Paki")]


    public string CardNumber { get; set; }
    [Display(Name = "Valid From"), DataType(DataType.Date) DisplayFormat(DataFormatString = "{0:MM}")]
    public DateTime ValidFrom { get; set; }
    [Display(Name = "Valid From"), DataType(DataType.Date) DisplayFormat(DataFormatString = "{0:MM}")]
    public DateTime Expires { get; set; }
    public string CardSecurityCode { get; set; }

    [Required]
    [EmailAddress]
    public string EmailAddress { get; set; }
    [Compare("EmailAddress", ErrorMessage = "The email and confirmation email do not match.")]

    public string ConfrimEmailAddress { get; set; }
    [RegularExpression(@"([a-zA-Z0-9\s]+)", ErrorMessage = "Invalid Address")]

    public string Address { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string City { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string Country { get; set; }
    [RegularExpression(@"\b\d{5}(?:-\d{4})?\b+", ErrorMessage = "Invalid postcode")]
    public string PostCode { get; set; }
}

模型(仅包含要保存的字段): 

public class Payment
{

    public int ID { get; set; }

    [Required]
    [EmailAddress]
    public string EmailAddress { get; set; }
    [Compare("EmailAddress", ErrorMessage = "The email and confirmation email do not match.")]

    public string ConfrimEmailAddress { get; set; }
    [RegularExpression(@"([a-zA-Z0-9\s]+)", ErrorMessage = "Invalid Address")]

    public string Address { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string City { get; set; }
    [RegularExpression(@"^[a-zA-Z]+$", ErrorMessage = "Use letters only please")]
    public string Country { get; set; }
    [RegularExpression(@"\b\d{5}(?:-\d{4})?\b+", ErrorMessage = "Invalid postcode")]
    public string PostCode { get; set; }
}

public class PaymentDBContext : DbContext //controls information in database 
    {
        public DbSet<Payment> Payments { get; set; } //creates a donation database

        public System.Data.Entity.DbSet<CharitySite.Models.Charity> Charities { get; set; }
    }

创建操作: 

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult Create(PaymentViewModel paymentViewModel)
    {
        if (ModelState.IsValid)
        {
            // Some validation on credit card before save payment...

            // Save payment
            payment = new Payment();
            payment.EmailAddress = paymentViewModel.EmailAddress;
            payment.ConfirmEmailAddress = paymentViewModel.ConfirmEmailAddress;
            payment.Address = paymentViewModel.Address;
            payment.City = paymentViewModel.City;
            payment.Country = paymentViewModel.Country
            payment.PostCode = paymentViewModel.PostCode;
            db.Payments.Add(payment);
            db.SaveChanges();
            return RedirectToAction("Details", "Payments", new { id = payment.ID });
        }

        return View(paymentViewModel);
    }

并更改视图中使用的模型: 

@model [yourNameSpace].paymentViewModel

答案 1 :(得分:1)

据我所知,没有立法主动禁止您存储信用卡详情。虽然您实施的某些方面可能会导致PCI合规性失败。例如,您可能存储信用卡号和有效期,但必须采用加密形式,您可以从不以任何形式存储CCV。

除非您拥有丰富的经验和合规性预算,否则不建议您承担存储CC号码的负担。我能真正看到的唯一优势是消费者不必反复输入细节。大多数支付处理器应允许您将详细信息传递给他们进行收费如果您选择这种方法,您可能需要查看SecureString class的使用情况,这样您就可以在将详细信息传输到处理器后立即处理。

相关问题
最新问题