By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,370 Members | 1,552 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,370 IT Pros & Developers. It's quick & easy.

ASP.NET and paypal

P: n/a
Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.

Jun 13 '06 #1
Share this Question
Share on Google+
5 Replies


P: n/a
OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.
Jason James wrote:
Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.


Jun 13 '06 #2

P: n/a
Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

Jason James wrote:
OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.
Jason James wrote:
Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.


Jun 13 '06 #3

P: n/a
This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bs tate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

Jason James wrote:
Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

Jason James wrote:
OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.
Jason James wrote:
Guys,

it seems that several people have enquired about how to communicate
with Paypal as securely as possible. It is obvious that placing the
shopping cart details in the URL is about as insecure as could be.
Therefore why not use a POST and hide them in hidden variables? Well I
would if I could figure it out. The contents of the cart are created
dynamically and since I already have a button on my form that needs to
be captured by the server I seem to be looking at having another HTML
form on my page. The problem with that is I also want a confirmation
email to be sent to the seller that confirms the contents of the
shopping cart, and since the email is created in my ASP code, an HTML
button does not seem the way to go.

I have read some posts about using a WebRequest object to POST the
shopping cart to Paypal. However, my attempts at this code have
failed. I am using the PDT process for payments. All works well if I
use a response.redirect but I would appreciate anyone taking a look at
my latest attempt a hopefully pointing out where I am going wrong.

Dim req As WebRequest
req =
WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
req.Method = "POST"
req.ContentType = "application/x-www-form-urlencoded"
Dim urlString As String =
"cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"

Dim urlEncoded As New StringBuilder

urlEncoded.Append(urlString)

urlEncoded.Append("&item_name_1=firstitem")
urlEncoded.Append("&on0_1=Size")
urlEncoded.Append("&os0_1=6x4 (MATT)")
urlEncoded.Append("&amount_1=1.00")
urlEncoded.Append("&quantity_1=1")

Dim SomeBytes() As Byte
SomeBytes =
System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
req.ContentLength = SomeBytes.Length
Dim RequestStream As Stream
RequestStream = req.GetRequestStream
RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
RequestStream.Close()

Executing this code does not return an error, neither does it redirect
me to the paypal site!

Any thoughts,

Jason.


Jun 14 '06 #4

P: n/a
Was there a need to display any form of response from the request make
in this code? The PayPal stuff has user options, confirmation etc to
show to the user so there is a need to display the response.

Any ideas how I do that when the response is returned to a form that
was used to send the request in the first place and therefore already
has a number of controls already on it?

Many thanks,

Jason.
di***********@gmail.com wrote:
This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bs tate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

Jason James wrote:
Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

Jason James wrote:
OK, starting to make some progress. In adding:

Dim result As WebResponse
result = req.GetResponse
Dim ReceiveStream As Stream
ReceiveStream = result.GetResponseStream()
Dim encode As Encoding
encode = System.Text.Encoding.GetEncoding("utf-8")
Dim sr As StreamReader
sr = New StreamReader(ReceiveStream, encode)
Label1.Text = sr.ReadToEnd()
result.Close()

I get the response back from paypal and I am able to display it in a
label on my form. This however does not work with the sandbox
development site as it keeps asking me to log into the sandbox; which I
have done.

Is there a better way to display the repsone back from Paypal other
than a label; I almost want the response redirected to a blank page.

Any thoughts?

Regards,

Jason.
Jason James wrote:
> Guys,
>
> it seems that several people have enquired about how to communicate
> with Paypal as securely as possible. It is obvious that placing the
> shopping cart details in the URL is about as insecure as could be.
> Therefore why not use a POST and hide them in hidden variables? Well I
> would if I could figure it out. The contents of the cart are created
> dynamically and since I already have a button on my form that needs to
> be captured by the server I seem to be looking at having another HTML
> form on my page. The problem with that is I also want a confirmation
> email to be sent to the seller that confirms the contents of the
> shopping cart, and since the email is created in my ASP code, an HTML
> button does not seem the way to go.
>
> I have read some posts about using a WebRequest object to POST the
> shopping cart to Paypal. However, my attempts at this code have
> failed. I am using the PDT process for payments. All works well if I
> use a response.redirect but I would appreciate anyone taking a look at
> my latest attempt a hopefully pointing out where I am going wrong.
>
> Dim req As WebRequest
> req =
> WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
> req.Method = "POST"
> req.ContentType = "application/x-www-form-urlencoded"
> Dim urlString As String =
> "cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"
>
> Dim urlEncoded As New StringBuilder
>
> urlEncoded.Append(urlString)
>
> urlEncoded.Append("&item_name_1=firstitem")
> urlEncoded.Append("&on0_1=Size")
> urlEncoded.Append("&os0_1=6x4 (MATT)")
> urlEncoded.Append("&amount_1=1.00")
> urlEncoded.Append("&quantity_1=1")
>
> Dim SomeBytes() As Byte
> SomeBytes =
> System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
> req.ContentLength = SomeBytes.Length
> Dim RequestStream As Stream
> RequestStream = req.GetRequestStream
> RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
> RequestStream.Close()
>
> Executing this code does not return an error, neither does it redirect
> me to the paypal site!
>
> Any thoughts,
>
> Jason.


Jun 14 '06 #5

P: n/a
you can always make the request, get the response and either display
the resulting webpage to the user, or parse parts of it out and do w/
it what you will ... i've never used paypal, but it seems that they
would have a better way to do it then make you script all the proper
responses ... maybe look into another way =) they're always changing
their login page, so parsing and scripting it isn't the best option
(actually, it's a downright shitty one)
Jason James wrote:
Was there a need to display any form of response from the request make
in this code? The PayPal stuff has user options, confirmation etc to
show to the user so there is a need to display the response.

Any ideas how I do that when the response is returned to a form that
was used to send the request in the first place and therefore already
has a number of controls already on it?

Many thanks,

Jason.
di***********@gmail.com wrote:
This is how I scripted logging into another site that required POST to
be used:

(also in C#)

public static void LogonToTVG(string userId, string password,
string state)
{
// log on
ASCIIEncoding encoding = new ASCIIEncoding();
string postdata =
string.Format("errorDir={0}&accntid={1}&pin={2}&bs tate={3}&Submit1=OK",
"False",
userId,
password,
state);
byte[] data = encoding.GetBytes(postdata);
HttpWebRequest myReq =
(HttpWebRequest)WebRequest.Create("https://www.tvg.com/textonly/templates/logicprocesslogin.asp");
// logon info needs to be posted, so we have to do this
obnoxious ugly ... stuff
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
myReq.ContentLength = data.Length;
using (Stream stream = myReq.GetRequestStream())
{
stream.Write(data, 0, data.Length);
stream.Close();
}
}

let me know if you need any of that explained =)

Jason James wrote:
Also,

should I be using utf-8 or acsii encoding?

Thanks,

Jason.

Jason James wrote:
> OK, starting to make some progress. In adding:
>
> Dim result As WebResponse
> result = req.GetResponse
> Dim ReceiveStream As Stream
> ReceiveStream = result.GetResponseStream()
> Dim encode As Encoding
> encode = System.Text.Encoding.GetEncoding("utf-8")
> Dim sr As StreamReader
> sr = New StreamReader(ReceiveStream, encode)
> Label1.Text = sr.ReadToEnd()
> result.Close()
>
> I get the response back from paypal and I am able to display it in a
> label on my form. This however does not work with the sandbox
> development site as it keeps asking me to log into the sandbox; which I
> have done.
>
> Is there a better way to display the repsone back from Paypal other
> than a label; I almost want the response redirected to a blank page.
>
> Any thoughts?
>
> Regards,
>
> Jason.
> Jason James wrote:
> > Guys,
> >
> > it seems that several people have enquired about how to communicate
> > with Paypal as securely as possible. It is obvious that placing the
> > shopping cart details in the URL is about as insecure as could be.
> > Therefore why not use a POST and hide them in hidden variables? Well I
> > would if I could figure it out. The contents of the cart are created
> > dynamically and since I already have a button on my form that needs to
> > be captured by the server I seem to be looking at having another HTML
> > form on my page. The problem with that is I also want a confirmation
> > email to be sent to the seller that confirms the contents of the
> > shopping cart, and since the email is created in my ASP code, an HTML
> > button does not seem the way to go.
> >
> > I have read some posts about using a WebRequest object to POST the
> > shopping cart to Paypal. However, my attempts at this code have
> > failed. I am using the PDT process for payments. All works well if I
> > use a response.redirect but I would appreciate anyone taking a look at
> > my latest attempt a hopefully pointing out where I am going wrong.
> >
> > Dim req As WebRequest
> > req =
> > WebRequest.Create("https://www.sandbox.paypal.com/uk/cgi-bin/webscr")
> > req.Method = "POST"
> > req.ContentType = "application/x-www-form-urlencoded"
> > Dim urlString As String =
> > "cm********************************@myemailaddress .com&currency_code=GBP&return=http://www.mysite/paypalreturn.aspx"
> >
> > Dim urlEncoded As New StringBuilder
> >
> > urlEncoded.Append(urlString)
> >
> > urlEncoded.Append("&item_name_1=firstitem")
> > urlEncoded.Append("&on0_1=Size")
> > urlEncoded.Append("&os0_1=6x4 (MATT)")
> > urlEncoded.Append("&amount_1=1.00")
> > urlEncoded.Append("&quantity_1=1")
> >
> > Dim SomeBytes() As Byte
> > SomeBytes =
> > System.Text.Encoding.UTF8.GetBytes(urlEncoded.ToSt ring())
> > req.ContentLength = SomeBytes.Length
> > Dim RequestStream As Stream
> > RequestStream = req.GetRequestStream
> > RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
> > RequestStream.Close()
> >
> > Executing this code does not return an error, neither does it redirect
> > me to the paypal site!
> >
> > Any thoughts,
> >
> > Jason.


Jun 14 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.