Showing results for 
Search instead for 
Did you mean: 

Direct Post Method (DPM) code sample for C# / ASP.NET web forms (non-MVC)

Hello all -


I have an ASP.NET web forms application (I am NOT using MVC), and in this application I need to do a credit card transaction... which brings me here to Authorize.Net.  I want to use the Direct Post Method (DPM).  I feel like this should be a straightforward thing to do, but I am having difficulty obtaining any straightforward direction from this site on how to do this.  (I've emailed a question to the developer support, I've done a support phone call, and I've sifted through all the instructions/documentation I can find... none of which have yielded the aforementioned straightforward instructions I seek.)


The C# example in the DPM guide ( requires you use MVC... which is not the case for the basic web forms application I have on my hands here.  I tried to reverse engineer what this MVC example was doing, but the SDK code is calling methods named Crypto.GenerateSequence() and Crypto.GenerateFingerprint()... methods which are unrecognized (I'm using Visual Studio 2008)


So - is there any plan to create a basic NON-MVC C# example that demonstrates how to use the DPM method?  From my understanding, it should be a simple http form post, right?  Is something along the lines of the below on the right track?  I just want to bill a credit card number a specified amount - nothing fancy here


<FORM NAME="secure_redirect_form" ID="secure_redirect_form_id"




    <input type="text" class="text" name="x_card_num" size="15"></input>


    <input type="text" class="text" name="x_exp_date" size="4"></input>


    <input type="text" class="text" name="x_amount" size="9"> </input>

    <INPUT TYPE="HIDDEN" NAME="x_relay_url" VALUE="http://MYURL">


    <INPUT TYPE="HIDDEN" NAME="x_version" VALUE="3.1">

    <INPUT TYPE="HIDDEN" NAME="x_method" VALUE="CC">


    <INPUT TYPE="HIDDEN" NAME="x_test_request" VALUE="FALSE">

    <INPUT TYPE="HIDDEN" NAME="notes" VALUE="whatever">


    <INPUT TYPE="SUBMIT" NAME="buy_button" VALUE="BUY">


    <INPUT TYPE="HIDDEN" NAME="x_fp_sequence" VALUE="???">

    <INPUT TYPE="HIDDEN" NAME="x_fp_hash"VALUE="???">





 Much thanks....



Crypto.GenerateSequence() and Crypto.GenerateFingerprint() is from the C# SDK.

Look at Page 6 of

It for Java but it show the params for the post. Look like you miss the x_fp_timestamps.


Raynor - thanks for the response (and apologies for my slow response).  Pointing out where those Crypto commands came from helped me successfully do the http post submission.  (The Crypto calls in the actual SDK code i downloaded were unrecognized because a "using AuthorizeNet;" namespace directive was missing in the code - adding the using statement, or modifying the calls to say AuthorizeNet.Crypto.GenerateSequence() fixed the issue.  Strange that Authorize.Net would provide code to download that doesn't compile)


For anyone who wants a clear code sample for how to programmatically do a DPM submission in C#, here is mine below.  (Note this only covers the submission - a separate page that handles the http response back from needs to be created as well.)



decimal vAmount = 50.0;

string vAPILoginID = "MY_API_LOGIN_ID";  // put yours here
string vTransactionKey = "MY_TRANSACTION_KEY";  // put yours here
string vRelayResponseUrl = "http://mywebserver/responsepage.aspx";  // you'll need to separately create this publicly-available page to handle processing the response
string vFingerprintSequence = AuthorizeNet.Crypto.GenerateSequence();
int vFingerprintTimestamp = AuthorizeNet.Crypto.GenerateTimestamp();
string vFingerprintHash = AuthorizeNet.Crypto.GenerateFingerprint(vTransactionKey, vAPILoginID, vAmount, vFingerprintSequence, vFingerprintTimestamp.ToString());
string vInvoiceNumber = "1234";


List<string> vFormValues = new List<string>();

vFormValues.Add(String.Format("{0}={1}", "x_card_num", "4111111111111111"));
vFormValues.Add(String.Format("{0}={1}", "x_exp_date", "1120"));
vFormValues.Add(String.Format("{0}={1}", "x_amount", vAmount));
vFormValues.Add(String.Format("{0}={1}", "x_invoice_num", vInvoiceNumber));
vFormValues.Add(String.Format("{0}={1}", "x_relay_url", vRelayResponseUrl));
vFormValues.Add(String.Format("{0}={1}", "x_login", vAPILoginID));
vFormValues.Add(String.Format("{0}={1}", "x_fp_sequence", vFingerprintSequence));
vFormValues.Add(String.Format("{0}={1}", "x_fp_timestamp", vFingerprintTimestamp));
vFormValues.Add(String.Format("{0}={1}", "x_fp_hash", vFingerprintHash));
vFormValues.Add(String.Format("{0}={1}", "x_version", "3.1"));
vFormValues.Add(String.Format("{0}={1}", "x_method", "CC"));
vFormValues.Add(String.Format("{0}={1}", "x_type", "AUTH_CAPTURE"));
vFormValues.Add(String.Format("{0}={1}", "x_test_request", "FALSE"));
vFormValues.Add(String.Format("{0}={1}", "notes", "testing testing"));


ASCIIEncoding vEncoding = new ASCIIEncoding();
byte[] vPostData = vEncoding.GetBytes(String.Join("&", vFormValues.ToArray()));

HttpWebRequest vRequest = (HttpWebRequest)HttpWebRequest.Create("");  // note this's test site
vRequest.Method = "POST";
vRequest.CookieContainer = new System.Net.CookieContainer();
vRequest.ContentLength = vPostData.Length;
vRequest.ContentType = "application/x-www-form-urlencoded";

System.IO.Stream vRequestStream = null;
vRequestStream = vRequest.GetRequestStream();
vRequestStream.Write(vPostData, 0, vPostData.Length);

Does anyone have a good example or sample code for handing the response back?



I need the code for the response as well for a non-MVC.

My understanding it that it is just like SIM/AIM response.

Terrific Post!


Very useful for a beginner. :)


Thanks a lot.

Thanks for your help here.  This code helped me figure out DPM.


BUT, I'm not sure what the benefit is of using DPM if you are going to allow the credit card to run through your server, meaning that your server now falls under PCI compliance guidelines.  The whole point of DPM is to post directly to Authorize.Net to avoid PCI issues.


I posted a demo here that shows you how to do it without having the credit card number hit your server, and thereby completely avoiding PCI issues.