ASP.NET and paypal

[Jason James]

Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cmd=_cart&upload=1&[email protected]&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToString())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.

 

[Jason James]

OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.

 

[Jason James]

Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

 

[digitaljeebus]

This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bstate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

 

[Jason James]

Was there a need to display any form of response from the request make
in this code? The PayPal stuff has user options, confirmation etc to
show to the user so there is a need to display the response.

Any ideas how I do that when the response is returned to a form that
was used to send the request in the first place and therefore already
has a number of controls already on it?

Many thanks,

Jason.

This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bstate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

 

[digitaljeebus]

you can always make the request, get the response and either display
the resulting webpage to the user, or parse parts of it out and do w/
it what you will ... i've never used paypal, but it seems that they
would have a better way to do it then make you script all the proper
responses ... maybe look into another way =) they're always changing
their login page, so parsing and scripting it isn't the best option
(actually, it's a downright shitty one)

Was there a need to display any form of response from the request make
in this code? The PayPal stuff has user options, confirmation etc to
show to the user so there is a need to display the response.

Any ideas how I do that when the response is returned to a form that
was used to send the request in the first place and therefore already
has a number of controls already on it?

Many thanks,

Jason.

This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bstate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

Jason James wrote:
OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.
Jason James wrote:
Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cmd=_cart&upload=1&[email protected]&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToString())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.