Reply
Member
Serenarules
Posts: 3
Registered: ‎08-04-2011
Accepted Solution

Questions on DPM and asp.net MVC

We are looking at possibly using Auth.net's DPM solution for our cc processing. The plan is to use asp.net mvc as the host application. Here are a few questions that I need answered.

 

1) Is there a way to pass in extra info to be passed back to the success page, such as productId and a security token?

2) On postback, will the request still be viewed as being withing the original user session, or will it spawn a new userless session?

 

A sample route might look like this:  Payment/Success/{productId}

 

The handling action would make an entry into the local db associating the user with his newly purchased product, giving him online access to it. The problem I foresee is if a user who has not made an actual purchase learns the url and makes a static form page of his own, posts to our system, and get's free access. I'd like to make use of .net's SecurityTokens but am unsure if Auth.net postbacks are setup to include this information.

 

Thanks for any advice or tips you may have for me.

 

 

Member
Serenarules
Posts: 3
Registered: ‎08-04-2011

Re: Questions on DPM and asp.net MVC

Further info...

 

I know how to setup the form using the mvc helper BeginSIMForm(), and how to handle the response by using SIMResponse(post). But response.CardNumber gives me pause. Doesn't this break PCI to have this resident in memory, even if it's garbage collected at the end of the request?

Moderator
Trevor
Posts: 555
Registered: ‎08-21-2009

Re: Questions on DPM and asp.net MVC

You can add any field that you would like to the simform before submitting it.  Any field passed that is not a defined field withint he Authorize.Net API will simply be echoed back to you in the transaction response.  Because the user is completely leaving your site (for a brief moment), any session will be terminated.  In addition to using merchant defined fields to pass session data, you can verify that the post is coming from Authorize.Net by validating the transaction hash that is returned.  The transaction Hash is generated using a secret key that you enter into your account settings and should be known only to you and Authorize.Net.

 

The Card Number returned in the transaction response is only the last 4 digits of the card number.  None of the Authorize.Net APIs ever return a full card number.

Member
Serenarules
Posts: 3
Registered: ‎08-04-2011

Re: Questions on DPM and asp.net MVC

One final question then. How do I access custom fields, upon return, using the SIMRespose object? Is it a dynamic class?

Moderator
Trevor
Posts: 555
Registered: ‎08-21-2009

Re: Questions on DPM and asp.net MVC

The SDK currently doesn't natively support returning these custom fields.  However, you can either read the post fields directly without using the SDK, or you could modify the SDK to add this ability.  If you are willing to modify the SDK, you could simply change the FindKey method in SIMResponse to be public.  You could then access any custom field with SIMResponse.FindKey(<keyName>).