topic Re: I'am new to this, need help integrating DPM to my asp.net vb website in Integration and Testing

I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Tue, 17 Feb 2015 23:17:42 GMT

After reading and watching the videos for hours I can say that this site is not friendly at all. The Website that I'am working on have been done with VWD 2010 (asp.net) and VB. It is my understanding that in my case the best option is DPM. Now, how can I start implementing this? Could anybody list the steps in plain English for me to follow. I downloaded the SDK, but can not open it with VWD 2010. Can anybody help?

Thanks

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Tue, 17 Feb 2015 23:57:41 GMT

If you not afraid of coding

start with the SIM VB sample code here

http://developer.authorize.net/downloads/samplecode/

DPM is almost the same as SIM

and the doc is here

http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20C%20-%20DPM.13.1.html

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Thu, 19 Feb 2015 05:16:53 GMT

Thanks for your response. By the way, if I was afraid of coding I wouldn’t be here, lol. I read everything as you suggested and I still have questions.

When I compare the doc http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20C%20-%20...

With the SIM VB sample, http://developer.authorize.net/downloads/samplecode/

seen to be that the doc is kind of incomplete. It does not mention Web.config changes that I see in the coding samples relate to the form. Secondly there are vb files with classes related to the form too. So this is kind of confusing since the doc only talk about topics relate to the form.

Since this is the case I would like to ask two very stupid questions.

Questions:

1) Do I need to change the web.config file according to the samples provided?

2) Do I need to incorporate the additional vb files and classes as well?

This is kind of confusing since they are using asp classic and I am using asp.net

I will appreciate your help on this.

Thanks

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Thu, 19 Feb 2015 12:39:03 GMT

The doc is a generic for any lang.

DPM is just a form post to authorize.net url with the required field

You really don't need any of the sample code.remove x_show_form and add the x_card_num and x_exp_date

Then try it and see how it work and then just do your own code for your website. The code that you might want to copy is how they generate the x_fp_hash

The other thing to read is the Relay Response Basics and Troubleshooting for getting the response back from authorize.net after the post. And for asp.net either set machineKey in your web.config or set enableviewstatemac to false on the page.

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Mon, 23 Feb 2015 22:56:08 GMT

OK, I have implemented some code from the SDK and from online samples and I am testing now. Just at my first shot I received Code 97 error. I search in the community board, and I read other post with similar problems. I tried all, but still receiving Code 97. I am pasting here my code for anybody to take a look and make any suggestion.

First of all I do have a class and a function that generate the fingerprint. It looks like this:

Public Class CCTransactionFingerprint Public Function HMAC_MD5(ByVal Key, ByVal Value)

' The first two lines take the input values and convert them from strings to Byte arrays

Dim HMACkey() As Byte = (New ASCIIEncoding()).GetBytes(Key)

Dim HMACdata() As Byte = (New ASCIIEncoding()).GetBytes(Value)

' create a HMACMD5 object with the key set Dim myhmacMD5 As New HMACMD5(HMACkey)

' calculate the hash (returns a byte array)

Dim HMAChash() As Byte = myhmacMD5.ComputeHash(HMACdata)

' loop through the byte array and add append each piece to a string to obtain a hash string

Dim fingerprint = "" For i = 0 To HMAChash.Length - 1 fingerprint &= HMAChash(i).ToString("x").PadLeft(2, "0") Next Return fingerprint

End Function

End Class

Since I’m using asp.net I’m sending the transaction data from an html in code behind, it looks like this:

Dim transactionKey = "TRANSACTION_KEY"

'A sequence number is randomly generated

Dim random As New Random

Dim sequence = random.Next(0, 1000)

'A time stamp is generated (using a function from simlib.asp)

Dim timeStamp = CInt((DateTime.UtcNow - New DateTime(1970, 1, 1)).TotalSeconds)

'Generate a fingerprint

Dim CreateFingerprint As New CCTransactionFingerprint()

Dim fingerprint = CreateFingerprint.HMAC_MD5(transactionKey, loginID & "^" & sequence & "^" & timeStamp & "^" & TotalSalePrice & "^")

'Here we create a HTML form in the code behind to POST the information to the credit card gateway

Dim collections As New NameValueCollection()

collections.Add("x_version", "3.1")

collections.Add("x_login", "7G2M922CpHxK7u")

collections.Add("x_show_form", "PAYMENT_FORM")

collections.Add("x_method", "CC")

collections.Add("x_type", "AUTH_CAPTURE")

collections.Add("x_fp_hash", fingerprint)

collections.Add("x_amount", TotalSalePrice)

Dim remoteUrl As String = "https://test.authorize.net/gateway/transact.dll"

Dim html As String = "" html += "" html += String.Format(" ", remoteUrl) For Each key As String In collections.Keys html += String.Format("", key, collections(key)) Next

html += "" Response.Clear() Response.ContentEncoding = Encoding.GetEncoding("ISO-8859-1") Response.HeaderEncoding = Encoding.GetEncoding("ISO-8859-1")

Response.Charset = "ISO-8859-1"

Response.Write(html)

Response.End()

Thanks for your help !

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Tue, 24 Feb 2015 00:03:19 GMT

I'm not see where you passing all the required fields

http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20A.html

I see x_fp_hash, but not x_fp_sequence,x_fp_timestamp

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Tue, 24 Feb 2015 02:41:32 GMT

I thought that I have everything according to this link:

http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=SIM_Submitting_transactions.06.4.html

However since you are mentioning this different link: http://developer.authorize.net/guides/SIM/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Appendix%20A.html

I checked it and I can see that I have everything here as well since in my understanding and according to this link the following fields, x_fp_hash, x_fp_sequence and x_fp_timestamp should be inside the fingerprint. But due to your comment I am not sure now. Do I have to send them in the fingerprint and as individual fields as well. Is this the case?

Thanks a lot for you time and help

Re: I'am new to this, need help integrating DPM to my asp.net vb website

jasonjudge — Tue, 24 Feb 2015 11:17:15 GMT

They are all sent as individual fields. The "fingerprint" is just a convenient way to talk about those fields, grouped by their fingerprinting function.

An SDK or library may also group those fields into a single class or API method, but behind that, it would still need to send those fields indivually to the gateway.

Not sure if that helps, as I'm not sure what level you are looking at (e.g. low-level POSTs or a higher level abstraction).

-- Jason

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Tue, 24 Feb 2015 12:29:05 GMT

Example 4

Submitting a Request for the Hosted Payment Form

If I remember correctly that used an old PHP example

<% ret = InsertFP (APIloginid, sequence, amount, txnkey) %>

and that include all the required field.

I don't think you know how the fingerprint works. authorize.net only have your loginID and transationKey.

The fingerprint is useless without authorize.net knowing how the x_fp_sequence and x_fp_timestamp value, because they can't hash is a match the value. The only thing you don't pass is the transactionKey because they already have it.

Run to your page that you form post to authorize.net in a browswer. Then look at the page source, if it didn't have all the required field, it not going to work. Go back at look at the sample code(not the SDKs) and see what they are passing in the form.

Re: I'am new to this, need help integrating DPM to my asp.net vb website

jasonjudge — Tue, 24 Feb 2015 12:50:36 GMT

Yes, you don't ever send the "transaction key". That is a shared secret - your site knows it and your Authoriize.Net account knows it, but nobody else should know it. It is used to generate the one-time hash (x_fp_hash) with your form. That hash is used with the other fields you send (which all comprise the "fingerprint" - x_fp_sequence and x_fp_timestamp) to allow Authorize.Net to check that it really is your site sending the transaction request.

So the fingerprint is made of these fields, send in the form as individual fields:

x_fp_sequence

x_fp_timestamp

x_fp_hash

The hash is generated from the shared secret "transaction key", and the sequence and timestamp effectively add salt to that key before it gets hashed.

A similar thing happens for relay messages that Authorise.net sends back to your site, using a different shared secret (the "md5 hash key"), so your merchant site can be sure it is really Authorize.Net sending it the relay message.

I hope that clears up what I meant, in case I didn't explain it properly. Those *individual* firelds need to do into the form, but the package or SDK used may put them all in in one go as a "fingerprint".

-- Jason

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Tue, 24 Feb 2015 15:56:22 GMT

So are you still getting 97 error? or it is working?

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Fri, 06 Mar 2015 15:51:47 GMT

Well, no really, there is not errors anymore. I was able to do some transactions using the form on their server and interact with the sandbox. However, if you remember my first post, this is just the beginning since this is SIM. I need now to change everything to DPM. So, I do have a couple questions about DPM:

1) I have to design a form for payment and host it on my site, correct?

2) Since my client never leave my site, when the form is post to the authorize.net site it does charge the card and will I get a response from their server whether or not this took place? This is important because depending on the response I will show a receipt, send email and add some data to the database. If this is the case, one of the problem that I will be facing is asking my code to wait for the transaction to take place, wait for the response and incorporate the response at the same point where the code execution in my server stopped or is waiting for the response.

Thanks for your help

Re: I'am new to this, need help integrating DPM to my asp.net vb website

RaynorC1emen7 — Fri, 06 Mar 2015 16:22:52 GMT

1)correct

2)look at the see how it works

http://developer.authorize.net/api/dpm/

Re: I'am new to this, need help integrating DPM to my asp.net vb website

jasonjudge — Fri, 06 Mar 2015 21:46:53 GMT

The clients *do* leave your sit using DPM, just momentarily. The hope is that it will be so fast, they won't noticed the URL in the address bar changing before they get back. In practice though, I think they will nearly always see the URL flipping to Authorize.Net and then back to your site.

TBH, unless you have a really compelling reason to create your own payment form on your local site, SIM would be the easiest to implement. I have no idea if the concept of users "leaving your site" to pay has a detrimental effect or not. For me, I find it more reassuring that I *am* sent to Authorize.Net, or PayPal or whatever gateway the site uses. But as my colleagues keep telling me, I am *seldom* the user these things are really aimed at.

-- Jason

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Sat, 07 Mar 2015 16:11:47 GMT

Thanks to both of you RaynorC1emen7 and jasonjudge for your help up to this point. At this time I’m considering what jasonjudge said in his last post about implementing SIM rather than the others methods for several reasons. Since I’m considering this, I have several questions:

- Since some code must execute on my server after the credit card is charged on the authorize.net server, I must implement a page that received the message from authorize.net. How does this page should look? Should I code this page in pure html and transfer the data to my asp.net pages? How the data are sent back to my server receiving page? May I request then like this: Request.QueryString("XXX_XXXX")) or what?
- If any of you have a page that receives data from the authorize.net server as an example, I would appreciate a lot if you post the code as an example.

Thanks

Re: I'am new to this, need help integrating DPM to my asp.net vb website

jasonjudge — Sat, 07 Mar 2015 17:37:23 GMT

I tend to use OmniPay for the gateways, since I get involved in a number of different ones. I've extended the AuthorizeNet driver for OmniPay to support DPM, but it also caters for SIM and AIM:

https://github.com/academe/omnipay-authorizenet/tree/dpm_support

I can tell you, it is not straight-forward due to some lacking documentation, but I'm working on improving that.

The basics of your "relay" handler (the callback page) will be:

Check the MD5 hash along with the shared secret to ensure you are getting the callback from Authorize.Net and not someone pretending to be.
Get your transaction id from the POSTed data. This is the ID that your system created for the transaction, and you placed into the original payment page (either your DPM page or POSTed to the Authorize.Net payment page).
Use your transaction ID to look up the transaction in your database. You will had had to save the transaction at the start, before sending the user to Authorize.Net
Check that the amount being authorized matches what you expected.
Probably log all the details that have been sent to you, for later debugging.
After checking the final result of the authorization (approved/rejected/on hold/error), send a HTML page back to Authorize.Net, which will be passed on to the end user, and contains code to send the user to the final destination page.

I have seen gateways that ignore all the validation steps and just send the user to the final page which depends on whether payment was successful or not, without any validation checking or saving of the transaction in the database. They are pretty insecure IMO; your application cannot assume the transaction worked just based on where the user was sent to, unless you create a third hash token to go in the URL that your application can check when the user gets there.

That is all kind of high level, but that's mainly because I have not got any code to show you that will be useful, at least not at this stage.

Re: I'am new to this, need help integrating DPM to my asp.net vb website

AuthComm25 — Thu, 19 Mar 2015 13:53:44 GMT

Hello Jason and thanks for your help.

May you please post a code sample of a replay page with all the steps that you listed in your last post? Thanks