Ok, I am building a site with MS Webmatrix and ASP.net, c#, javascript.
I want to have my clients enter info, then if I can verify it on my database, go to paypal for payment. So the flow would be
client enters info
validate against the db
go to PayPal for payment.
So I really don't want a pay now button to go directly to paypal. I can easily route the pay now to html that verifies and if failed, displays appropriate msgs and prompts.
If the info verifies, how can I route to PayPal without the user clicking another button?
Is there code that I can put in my script to send to paypal without clicking or programmatically force the click without client intervention?
Also, I would like the ability to recall the clients billing address in the future if a refund is requested so I can mail a check. I prefer to manually mail a check. Can I capture/store a PayPal transaction id, then use the transaction id to request the billing address months later (if needed) so I don't have to store the address in my database?
You can use the WebClient class to make an HTTP request to PayPal and to manage its response.
You want to redirect server sided ? Just use the Web Classes then.
About PayPal: There is a SOAP/XML API, there you can do such stuff like TransactionSearch. Just check https://developer.paypal.com/ or check this: https://cms.paypal.com/cms_content/GB/en_GB/files/developer/PP_API_Reference.pdf
Related
Edit: To make my point, I need some back story.
I was shopping online today and entered my credit card number as well as tons of other info to the e-commerce site. Then e-commerce site redirected me to my bank's page which asks an confirmation code sent to my mobile phone. I entered the code and the bank redirected me to e-commerce paid failed page.
I needed to enter all the information I gave to e-commerce site again because hitting back won't help for security reasons. So I started to think, how would I write that e-commerce site payment page, so that it opens a new tab for my bank's page asking confirmation code and won't go any further until my bank confirms payment. I don't think this is as easy as parsing response because bank does not respond directly to first request. Think this like "login using Facebook account" button. You need like 10 steps and a token to do that. (which I cannot understand how it works, since I am a newbee)
I hope I am clear now.
Original post:
I am new at this, please bear with me. I googled to find a solution but got more confused.
I am writing a login system like this for learning:
user form (login.aspx) -> posts to 3rd party server -> 3rd party server asks more credentials -> 3rd party server calls logedin.aspx (if successful) or failedlogin.aspx (if fails)
That is easy to implement. I wonder if I can do something like this:
on user form (login.aspx), user clicks on submit button
onclick event posts to 3rd party server and waits for it to request either logedin.aspx or failedlogin.aspx
resume running and display authentication result on login.aspx
So user won't see logedin.aspx or failedlogin.aspx
I think I need an object in login.aspx to wait, until it is released in logedin.aspx or failedlogin.aspx or a timeout is hit.
How to wait in a page and resume from a trigger on another page? Please point some direction for me to look at.
Thanks.
You can make an HTTP request to the 3rd party server with something like the HttpWebRequest object (or HttpClient). The response from that request would have the information you're looking for.
Based on the comments above, it sounds like the response is an HTTP redirect. In that case the header(s) in the response would have the information you need. For example, if the headers contain this:
HTTP/1.1 302 Found
Location: http://www.yourdomain.com/logedin.aspx
Then the request resulted in a redirect to logedin.aspx. Based on that information you can perform your server-side logic and respond back to your user as you need.
I have a C# MVC (using Umbraco) site that I need to submit a payment through paypal. I have setup a sandbox merchant and buyer account. I am able to submit the payment and everything is working well there. However, my site needs to know when the payment has completed successfully as I will send an email and do some database operations, and here is where I'm having the problem. I cannot get paypal to auto return to my site. I need the return URL to be:
http://localhost:56733/payment-confirmation
This is not a duplicate of this question:
Setting PayPal return URL and making it auto return?
I am using C#, not PHP. Also, I am trying to run this locally. The solutions listed on the above question DO NOT WORK. The behavior and results are the same.
I do get the screen that shows the following:
You just completed your payment. XXXX, you just completed your payment. Your transaction ID for this payment is: XXXXXXXXXXXXX.
We'll send a confirmation email to XX#XXXX.com. This transaction will appear on your statement as PAYPAL.
Go to PayPal account overview
It is not recommended to handle post-payment processing on any return URL. Even with Auto-Return enabled there is no guarantee the user will make it there, and if they don't, that code will never run and you'll end up with tasks not getting completed like you expect.
Even if you're using Express Checkout API's so that you are guaranteed to end up on your own site, it's still not wise to handle all your data updates and email stuff there because the payment could be pending. You wouldn't want to deliver any product or anything like that until the pending payment cleared.
The way to handle all of that correctly is to use Instant Payment Notification (IPN). This will be triggered regardless of whether or not the user makes it back to the return URL, and you'll get multiple IPN's for transactions where the status updates so you can handle those automatically, in real-time as well.
Take a look at the documentation for IPN, but don't let it freak you out just because there's a lot of info there. It's really nothing more than a POST of data to a listener URL that you specify. In that script, you'll receive the data just like you would a form POST. It's really a pretty simple thing to setup, and you can do all sorts of cool things with it.
I'm currently implementing an Automation system for software selling through Paypal API. I have got the IPN portal working so it recieves IPN Messages from Paypal and is passed to a back-end service which files it in a SQL DB, Generates a license yadda yadda yadda. It also checks against an internal entry to confirm the payment recieved matches the actual price of the product purchased (Stopping them sneaky hackers). I have now got to a stumbling block where i would like to reject payments that are the incorrect price and i've trawled the Paypal API Developer documentation and can't seem to find what i'm after. My guess is making a call to the Adaptive or merchant API URLs but I cant find what info past auth credentials i'd need to send. Can anyone point me to the right page or 3rd party website with the information I can use to get this setup? an NVP solution would be preferred.
You can't really reject a payment at that point because the transaction has already been completed. All you can do is refund it, which you can do via the RefundTransaction API within your IPN script. This way you'll also get your PayPal fee refunded.
You've already got your logic in place to check if the prices match, so just add a call to RefundTransaction if the price does not match. You may also want to send an email notification to the buyer in such cases letting them know something was wrong with the pricing on their order so it's been refunded, and maybe even provide a checkout button for them to re-buy at the correct price if you want to.
I've checked out the resources on PayPal's site, but I'm having trouble figuring out how to setup recurring payments from a "create account" form I've created in C#.
My goals is to have a text field called "username" that's disabled and enables when the user processes their payment through Paypal by clicking on a link that opens the payment page in their browser. I want to then save some kind of ID associated with that transaction that my application can look up when the user logs in to make sure they still have an active subscription.
All that being said, I have two questions. One, is there a good walk though for someone who doesn't know much about SOAP or anything of the sort? Possibly geared toward Paypal? Second, does Paypal give some kind of static transaction ID that I can look up via Paypal when the user logs in?
I'm also open to other payment processing methods, but I want to stick with WinForms for a while.
You can use the CreateRecurringPaymentsProfile to create the subscription with PayPal. If you don't like working with SOAP you can use their basic NVP API, which is what that link points to.
When you make that call to create the profile you'll get back a PROFILEID. This profile ID can be passed into GetRecurringPaymentsProfileDetails to check the current status upon login.
Since you're using C# I'd recommend taking a look at this .NET SDK for PayPal. It makes the calls very simple for you.
I'm using PayPal's Website Payment Standard in my ASP.NET website.
What I do is when the user clicks on the "Pay Now" button, I do the following in the codebhind:
DB status changes
Generation of the PayPal form, hidden fields for the items
Call ScriptManager.RegisterClientScriptBlock() to call the javascript function that submits the PayPal form to PayPal.
I'm worried that the user can press stop on the web browser and then edit the values in the hidden forms and then submit the form. Is there a way to prevent this? Or a better alternative?
Thank you so much in advance!
I haven't done PP Standard. I've used Gateway and Pro/Express Checkout but its been quite a while - still, your question can be handled in a more "generic" way...
Unfortunately your plan will not do anything to protect you - just like any other HTML Form on the web, HTTP requests and responses can be inspected and tampered with using readily available tools.
The common way to prevent tampering is to do server-side validation of submitted values coming from any client/browser (the rule of thumb is "trust no one"). In your scenario, you are doing things on the server side, but that's still prior to the actual submission target of the data - which is PayPal. The step that actually sends the data to the "target" is still the browser/client - and there lies the issue so to speak. The data to be validated is meant for a system other than yours (so you can't validate for PayPal).
Unless there is an added layer of security, e.g. signature or encryption, it will always be vulnerable to tampering (viewing is a foregone matter, it can be viewed).
I don't believe (but I could be wrong) PP Standard has a server-to-server option for POSTing data. This would effectively "hide" the data altogether from the client/browser - nothing to see, nothing to tamper with. Data transfer is in the background - client/browser knows nothing of it.
However, their PayPal Payments Standard and Button Manager API seems to be the right/secure way of doing this.
In essence you will be creating what they call "encrypted buttons" on the fly. This way the data will look like gibberish to anyone inspecting it - it will only make sense to PayPal because they can decrypt the data accordingly. That's how the data is secured/protected from tampering (not viewing - but again, what can be seen is gibberish)...
Hth...
Update:
Also, you should consider PayPal IPN for storing data. You are making the assumption above (I think) that everyone who clicks the button will actually go through with the payment (or can pay successfully). With IPN, you will "listen" for data coming from PayPal only after successful payment (which is where you should store order related data and/or inventory updates, etc.) ....
Even though I'm working with PHP, using the NVP API you can get links to redirect using a token which can only be used by paypal. All the links will look like https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=TOKEN, where TOKEN is a token retrieved previously by calling the PayPal API.
I've only developed it for ExpressCheckout. You can check the API here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_reference