如何执行HTTP POST,并从POST结果重定向到外部网站?
问题描述:
所以我可以做以下POST提交和重定向到支付网关网站
So I can do the following POST submit and get redirected to the payment gateway site
@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://l33tpaymentgateway.com" })
{
<input id="RefNo" name="RefNo" type="hidden" value="ABCDE" />
<input id="Amount" name="Amount" type="hidden" value="300" />
<input id="UserEmail" name="UserEmail" type="hidden" value="warheat1990@warheat1990.com" />
<input id="Signature" name="Signature" type="hidden" value="1234567890" />
<input id="ResponseURL" name="ResponseURL" type="hidden" value="http://warheat1990.com" />
<input type="submit" value="submit"/>
}
做好用户页上面是一个糟糕的主意(数据可以被篡改),我试图做到这一点在服务器端来代替。但我不知道如何将用户重定向。
Doing the above on user page is a bad idea (the data can be tampered with), I tried to do this on the server side instead. But I have no idea how to redirect the user.
public ActionResult SubmitPayment()
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("RefNo", "ABCDE"),
new KeyValuePair<string, string>("Amount", "300"),
new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
new KeyValuePair<string, string>("Signature", "1234567890"),
new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
});
var result = await client.PostAsync("", content).Result;
if(result.IsSuccessStatusCode)
{
//redirect user, but I have no idea how
}
}
}
任何帮助将AP preciated。
Any help will be appreciated.
编辑:文档
Step 1. Merchant sends HTTPs Post Request containing payment details to l33tpaymentgateway
OPSG payment page. Payment Details contain the following fields:
• MerchantCode
• PaymentId
• RefNo
• Amount
• Currency
• ProdDesc
• UserName
• UserEmail
• UserContact
• Remark
• Signature (refer to 3.1)
• ResponseURL
• BackendURL
Step 2. User views and confirms payment details entered in Step 1. For credit card
payment, the user will need to key-in credit card information.
Step 3. User continues to fill in Username and Password at bank website (for non
credit card payment)
Step 4. User selects the account to debit the payment. (for non credit card payment)
Step 5. User confirms the payment. If yes, go to next step. (for non credit card
payment)
Step 6. User views and prints the payment detail. (for non credit card payment)
Step 7. Response is returned to the l33tpaymentgateway OPSG website indicating a successful or
failed transaction.
Step 8. l33tpaymentgateway OPSG response back the payment status to merchant with a
signature
Step 9. For successful payment transaction, the merchant needs to compare the
signature from l33tpaymentgateway OPSG. Refer to (3.2)
从是从安全角度来看,我认为一个大的NO文档
HTTP POST例子。
HTTP POST example from the documentation which is a big NO in my opinion from security standpoint.
<HTML>
<BODY>
<FORM method="post" name="ePayment" action="https://l33tpaymentgateway.com">
<INPUT type="hidden" name="MerchantCode" value="ID00001">
<INPUT type="hidden" name="PaymentId" value="1">
<INPUT type="hidden" name="RefNo" value="A00000001">
<INPUT type="hidden" name="Amount" value="300">
<INPUT type="hidden" name="Currency" value="USD">
<INPUT type="hidden" name="ProdDesc" value="Photo Print">
<INPUT type="hidden" name="UserName" value="John Tan">
<INPUT type="hidden" name="UserEmail" value="john@hotmail.com">
<INPUT type="hidden" name="UserContact" value="0126500100">
<INPUT type="hidden" name="Remark" value="">
<INPUT type="hidden" name="Lang" value="UTF-8">
<INPUT type="hidden" name="Signature" value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
<INPUT type="hidden" name="ResponseURL" value="http://www.test.com/payment/response.asp">
<INPUT type="hidden" name="BackendURL" value="http://www.test.com/payment/backend_response.asp">
<INPUT type="submit" value="Proceed with Payment" name="Submit">
</FORM>
</BODY>
</HTML>
签名生成:
private string ComputeHash(string Key)
{
SHA1CryptoServiceProvider objSHA1 = new SHA1CryptoServiceProvider();
objSHA1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Key.ToCharArray));
byte[] buffer = objSHA1.Hash;
string HashValue = System.Convert.ToBase64String(buffer);
return HashValue;
}
其中,关键在于(类似私钥)+商家code MerchantKey的组合+ Personal Data个人纪录+数额
where Key is a combination of MerchantKey (similar to private key) + Merchant Code + RefNo + Amount
答
更新您的code如下:
Updated your code below:
public ActionResult SubmitPayment()
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("RefNo", "ABCDE"),
new KeyValuePair<string, string>("Amount", "300"),
new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
new KeyValuePair<string, string>("Signature", "1234567890"),
new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
});
var result = await client.PostAsync("", content).Result;
if(result.IsSuccessStatusCode)
{
return Redirect(result.url);
}
}
}
我不知道结果对象是什么。但投入Redirect方法的URL参数来重定向。
I'm not sure what the result object is. But put into the parameter of the Redirect method the url to redirect to.