Html 响应。使用iframe编写
我继承了一个使用Cybersource作为信用卡处理公司的应用程序。它目前使用CyberSourceAPI,我正在尝试将其转换为使用其托管的订单页面,特别是静默订单发布方法。CyberSource提供的运行示例如下:Html 响应。使用iframe编写,html,asp.net,forms,iframe,Html,Asp.net,Forms,Iframe,我继承了一个使用Cybersource作为信用卡处理公司的应用程序。它目前使用CyberSourceAPI,我正在尝试将其转换为使用其托管的订单页面,特别是静默订单发布方法。CyberSource提供的运行示例如下: <form action="https://orderpagetest.ic3.com/hop/ProcessOrder.do" method="POST"> <% insertSignature3("10", "USD", "sale"); %>
<form action="https://orderpagetest.ic3.com/hop/ProcessOrder.do" method="POST">
<% insertSignature3("10", "USD", "sale"); %>
<h2>Payment Information</h2>
Card Type: <select name="card_cardType"><br>
<option value="">
<option value="001">Visa
<option value="002">MasterCard
<option value="003">American Express
</select><br>
Card Number: <input type="text" name="card_accountNumber"><br>
Expiration Month: <input type="text" name="card_expirationMonth"> (mm)<br>
Expiration Year: <input type="text" name="card_expirationYear"> (yyyy)<br><br>
<h2>Ready to Check Out!</h2>
<input type="submit" name="submit" value="Buy Now">
</form>
public void insertSignature3( String amount, String currency, String orderPage_transactionType )
{
try
{
TimeSpan timeSpanTime = DateTime.UtcNow - new DateTime( 1970, 1, 1 );
String[] arrayTime = timeSpanTime.TotalMilliseconds.ToString().Split( '.' );
String time = arrayTime[0];
String merchantID = GetMerchantID();
if ( merchantID.Equals( "" ) )
Response.Write( "<b>Error:</b> <br>The current security script (HOP.cs) doesn't contain your merchant information. Please login to the <a href='https://ebc.cybersource.com/ebc/hop/HOPSecurityLoad.do'>CyberSource Business Center</a> and generate one before proceeding further. Be sure to replace the existing HOP.cs with the newly generated HOP.cs.<br><br>" );
String data = merchantID + amount + currency + time + orderPage_transactionType;
String pub = GetSharedSecret();
String serialNumber = GetSerialNumber();
byte[] byteData = System.Text.Encoding.UTF8.GetBytes( data );
byte[] byteKey = System.Text.Encoding.UTF8.GetBytes( pub );
HMACSHA1 hmac = new HMACSHA1( byteKey );
String publicDigest = Convert.ToBase64String( hmac.ComputeHash( byteData ) );
publicDigest = publicDigest.Replace( "\n", "" );
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append( "<input type=\"hidden\" name=\"amount\" value=\"" );
sb.Append( amount );
sb.Append( "\">\n<input type=\"hidden\" name=\"currency\" value=\"" );
sb.Append( currency );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_timestamp\" value=\"" );
sb.Append( time );
sb.Append( "\">\n<input type=\"hidden\" name=\"merchantID\" value=\"" );
sb.Append( merchantID );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_transactionType\" value=\"" );
sb.Append( orderPage_transactionType );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_signaturePublic\" value=\"" );
sb.Append( publicDigest );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_version\" value=\"4\">\n" );
sb.Append( "<input type=\"hidden\" name=\"orderPage_serialNumber\" value=\"" );
sb.Append( serialNumber );
sb.Append( "\">\n" );
Response.Write( sb.ToString() );
}
catch ( Exception e )
{
Response.Write( e.StackTrace.ToString() );
}
}
$(document).ready(function () {
var decision = $('#decision');
if (decision.length > 0) {
if (decision.val() === "ACCEPT") {
//pass in requestId, etc to the billing page
parent.$('.checkoutform').append($('.ccInfo').children());
//call billing.aspx submit function
parent.submitBillingPage();
return;
} else {
//change from loading animation to iframe
parent.toggleIframe(true);
}
}
});
付款信息
卡片类型:
签证
万事达卡
美国运通
卡号:
到期月份:(mm)
到期年:(yyyy)
准备好退房了!
insertSignature方法的代码如下所示:
<form action="https://orderpagetest.ic3.com/hop/ProcessOrder.do" method="POST">
<% insertSignature3("10", "USD", "sale"); %>
<h2>Payment Information</h2>
Card Type: <select name="card_cardType"><br>
<option value="">
<option value="001">Visa
<option value="002">MasterCard
<option value="003">American Express
</select><br>
Card Number: <input type="text" name="card_accountNumber"><br>
Expiration Month: <input type="text" name="card_expirationMonth"> (mm)<br>
Expiration Year: <input type="text" name="card_expirationYear"> (yyyy)<br><br>
<h2>Ready to Check Out!</h2>
<input type="submit" name="submit" value="Buy Now">
</form>
public void insertSignature3( String amount, String currency, String orderPage_transactionType )
{
try
{
TimeSpan timeSpanTime = DateTime.UtcNow - new DateTime( 1970, 1, 1 );
String[] arrayTime = timeSpanTime.TotalMilliseconds.ToString().Split( '.' );
String time = arrayTime[0];
String merchantID = GetMerchantID();
if ( merchantID.Equals( "" ) )
Response.Write( "<b>Error:</b> <br>The current security script (HOP.cs) doesn't contain your merchant information. Please login to the <a href='https://ebc.cybersource.com/ebc/hop/HOPSecurityLoad.do'>CyberSource Business Center</a> and generate one before proceeding further. Be sure to replace the existing HOP.cs with the newly generated HOP.cs.<br><br>" );
String data = merchantID + amount + currency + time + orderPage_transactionType;
String pub = GetSharedSecret();
String serialNumber = GetSerialNumber();
byte[] byteData = System.Text.Encoding.UTF8.GetBytes( data );
byte[] byteKey = System.Text.Encoding.UTF8.GetBytes( pub );
HMACSHA1 hmac = new HMACSHA1( byteKey );
String publicDigest = Convert.ToBase64String( hmac.ComputeHash( byteData ) );
publicDigest = publicDigest.Replace( "\n", "" );
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append( "<input type=\"hidden\" name=\"amount\" value=\"" );
sb.Append( amount );
sb.Append( "\">\n<input type=\"hidden\" name=\"currency\" value=\"" );
sb.Append( currency );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_timestamp\" value=\"" );
sb.Append( time );
sb.Append( "\">\n<input type=\"hidden\" name=\"merchantID\" value=\"" );
sb.Append( merchantID );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_transactionType\" value=\"" );
sb.Append( orderPage_transactionType );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_signaturePublic\" value=\"" );
sb.Append( publicDigest );
sb.Append( "\">\n<input type=\"hidden\" name=\"orderPage_version\" value=\"4\">\n" );
sb.Append( "<input type=\"hidden\" name=\"orderPage_serialNumber\" value=\"" );
sb.Append( serialNumber );
sb.Append( "\">\n" );
Response.Write( sb.ToString() );
}
catch ( Exception e )
{
Response.Write( e.StackTrace.ToString() );
}
}
$(document).ready(function () {
var decision = $('#decision');
if (decision.length > 0) {
if (decision.val() === "ACCEPT") {
//pass in requestId, etc to the billing page
parent.$('.checkoutform').append($('.ccInfo').children());
//call billing.aspx submit function
parent.submitBillingPage();
return;
} else {
//change from loading animation to iframe
parent.toggleIframe(true);
}
}
});
public void insertSignature3(字符串金额、字符串货币、字符串订单页\u交易类型)
{
尝试
{
TimeSpan TimeSpatime=DateTime.UtcNow—新的日期时间(1970,1,1);
String[]arrayTime=timeSpanTime.totalmillizes.ToString().Split('.');
字符串时间=数组时间[0];
字符串merchantID=GetMerchantID();
if(商品编号等于(“”)
响应。写入(“错误:
当前安全脚本(HOP.cs)不包含您的商户信息。请登录并生成一个,然后再继续。确保用新生成的HOP.cs替换现有的HOP.cs。
”;
字符串数据=商品+金额+货币+时间+订单页\交易类型;
字符串pub=GetSharedSecret();
字符串serialNumber=GetSerialNumber();
byte[]byteData=System.Text.Encoding.UTF8.GetBytes(数据);
byte[]byteKey=System.Text.Encoding.UTF8.GetBytes(pub);
HMACSHA1 hmac=新的HMACSHA1(byteKey);
String publicDigest=Convert.ToBase64String(hmac.ComputeHash(byteData));
publicDigest=publicDigest.Replace(“\n”和“”);
System.Text.StringBuilder sb=新的System.Text.StringBuilder();
sb.Append(“\n\n\n\n\n\n”);
某人附加(“\n”);
写(某人写的东西);
}
捕获(例外e)
{
Write(例如StackTrace.ToString());
}
}
当我在测试应用程序中运行它时,一切都正常。但是,我不能在主应用程序中使用表单标记,因为母版页的所有内容都包含在表单标记中,这将导致嵌套表单标记。我已尝试将表单块放入iframe中,但无法解决如何通过Response.Write调用从insertSignature(…)方法传递附加信息
任何建议都将不胜感激。我刚刚讨论了同样的问题。我们还采用了iframe方法。在页面加载(如果回发)中,您将希望写出请求中的特定项(不包括ViewState)。下面的示例显示如何写出所有项目(ViewState除外)。这被包装在一个ccInfo范围内,然后我们可以通过JavaScript获得它
protected virtual void Page_Load(Object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
//Do any page binding, etc that needs to be done on intitial page load
}
else
{
//We came back from CyberSource ...
//Will need to get from stored client hidden field ...
string decision = Request.Form["decision"];
if (verifyTransactionSignature(Request))
{
//Make sure we are only processing in the TEST environment if the particular setting
//is set to test (Site_Settings.CYBERSOURCE_API_URL contains 'test' in it)
string apiUrl = Settings.GetSetting(LocalConnectionString, "CYBERSOURCE_API_URL");
//API isn't test, but CyberSource is (someone hacking?)
if (!apiUrl.ToLower().Contains("test") && Request.Form["orderPage_environment"].ToLower().Contains("test"))
{
lblError.Text = "Unable to verify credit card. Request is in test mode, but the site is not. Contact Customer Service.";
}
Response.Write("<span class='ccInfo hide'>");
for (int i = 0; i < Request.Form.Count; i++)
{
var key = Request.Form.GetKey(i);
if (key != "__VIEWSTATE")
{
Response.Write("<input type='hidden' id='" + key + "' name='" + key + "' value='" + Request.Form[i] + "' class='hide' />");
}
}
Response.Write("</span>");
if (decision != "ACCEPT")
{
string reasonCode = Request.Form["reasonCode"];
lblError.Text = "Unable to verify credit card (" + reasonCode + ") ";
if (reasonCode == "102")
{
lblError.Text += "<br />One or more fields in the request contains invalid data. Typically this is the expiration date";
}
}
}
else
{
lblError.Text = "Unable to verify credit card. Transaction Signature not valid. Contact Customer Service.";
}
}
}
父页面具有“checkoutform”类名,因此我们可以在iframe中附加ccInfo span的所有元素。这一行程序将我们使用服务器端代码编写的所有元素推送到父页面。现在,父页面包含了从CyberSource返回的所有信息
我们的账单页面(父页面)允许除了CyberSource信用卡之外的其他支付,因此我们基本上在主页上进行提交,假设所有内容都成功地从CyberSource返回。当用户不使用CyberSource付款时,我们会在账单页面上显示主提交按钮。如果是,则隐藏主提交按钮,并显示iframe中的提交按钮。然后,如果出现错误,我们要么在iframe中显示错误消息,要么在将数据从iframe传输到父页面后在父页面上执行表单提交
最后,通过查看Request.Form,父页面可以通过服务器端代码访问所有数据
希望这有助于或至少让你朝着正确的方向前进。我知道这个问题已经问了一个多月了,你可能已经离开了,但也许它会帮助其他人