So I can do the following POST submit and get redirected to the payment gateway site
@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://l33tpaymentgateway.com" })
{
<input id="RefNo" name="RefNo" type="hidden" value="ABCDE" />
<input id="Amount" name="Amount" type="hidden" value="300" />
<input id="UserEmail" name="UserEmail" type="hidden" value="warheat1990@warheat1990.com" />
<input id="Signature" name="Signature" type="hidden" value="1234567890" />
<input id="ResponseURL" name="ResponseURL" type="hidden" value="http://warheat1990.com" />
<input type="submit" value="submit"/>
}
Doing the above on user page is a bad idea (the data can be tampered with), I tried to do this on the server side instead. But I have no idea how to redirect the user.
public ActionResult SubmitPayment()
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("RefNo", "ABCDE"),
new KeyValuePair<string, string>("Amount", "300"),
new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
new KeyValuePair<string, string>("Signature", "1234567890"),
new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
});
var result = await client.PostAsync("", content).Result;
if(result.IsSuccessStatusCode)
{
//redirect user, but I have no idea how
}
}
}
Any help will be appreciated.
EDIT : THE DOCUMENTATION
Step 1. Merchant sends HTTPs Post Request containing payment details to l33tpaymentgateway
OPSG payment page. Payment Details contain the following fields:
• MerchantCode
• PaymentId
• RefNo
• Amount
• Currency
• ProdDesc
• UserName
• UserEmail
• UserContact
• Remark
• Signature (refer to 3.1)
• ResponseURL
• BackendURL
Step 2. User views and confirms payment details entered in Step 1. For credit card
payment, the user will need to key-in credit card information.
Step 3. User continues to fill in Username and Password at bank website (for non
credit card payment)
Step 4. User selects the account to debit the payment. (for non credit card payment)
Step 5. User confirms the payment. If yes, go to next step. (for non credit card
payment)
Step 6. User views and prints the payment detail. (for non credit card payment)
Step 7. Response is returned to the l33tpaymentgateway OPSG website indicating a successful or
failed transaction.
Step 8. l33tpaymentgateway OPSG response back the payment status to merchant with a
signature
Step 9. For successful payment transaction, the merchant needs to compare the
signature from l33tpaymentgateway OPSG. Refer to (3.2)
HTTP POST example from the documentation which is a big NO in my opinion from security standpoint.
<HTML>
<BODY>
<FORM method="post" name="ePayment" action="https://l33tpaymentgateway.com">
<INPUT type="hidden" name="MerchantCode" value="ID00001">
<INPUT type="hidden" name="PaymentId" value="1">
<INPUT type="hidden" name="RefNo" value="A00000001">
<INPUT type="hidden" name="Amount" value="300">
<INPUT type="hidden" name="Currency" value="USD">
<INPUT type="hidden" name="ProdDesc" value="Photo Print">
<INPUT type="hidden" name="UserName" value="John Tan">
<INPUT type="hidden" name="UserEmail" value="john@hotmail.com">
<INPUT type="hidden" name="UserContact" value="0126500100">
<INPUT type="hidden" name="Remark" value="">
<INPUT type="hidden" name="Lang" value="UTF-8">
<INPUT type="hidden" name="Signature" value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
<INPUT type="hidden" name="ResponseURL" value="http://www.test.com/payment/response.asp">
<INPUT type="hidden" name="BackendURL" value="http://www.test.com/payment/backend_response.asp">
<INPUT type="submit" value="Proceed with Payment" name="Submit">
</FORM>
</BODY>
</HTML>
Signature generate :
private string ComputeHash(string Key)
{
SHA1CryptoServiceProvider objSHA1 = new SHA1CryptoServiceProvider();
objSHA1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Key.ToCharArray));
byte[] buffer = objSHA1.Hash;
string HashValue = System.Convert.ToBase64String(buffer);
return HashValue;
}
where Key is a combination of MerchantKey (similar to private key) + Merchant Code + RefNo + Amount
Updated your code below:
I'm not sure what the result object is. But put into the parameter of the Redirect method the url to redirect to.