Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.net on GitHub Authorize.net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Member
Serenarules
Posts: 3
Registered: ‎08-04-2011
Accepted Solution

Questions on DPM and asp.net MVC

‎08-04-2011 12:05 PM

We are looking at possibly using Auth.net's DPM solution for our cc processing. The plan is to use asp.net mvc as the host application. Here are a few questions that I need answered.

 

1) Is there a way to pass in extra info to be passed back to the success page, such as productId and a security token?

2) On postback, will the request still be viewed as being withing the original user session, or will it spawn a new userless session?

 

A sample route might look like this:  Payment/Success/{productId}

 

The handling action would make an entry into the local db associating the user with his newly purchased product, giving him online access to it. The problem I foresee is if a user who has not made an actual purchase learns the url and makes a static form page of his own, posts to our system, and get's free access. I'd like to make use of .net's SecurityTokens but am unsure if Auth.net postbacks are setup to include this information.

 

Thanks for any advice or tips you may have for me.

 

 

Message 1 of 5 (80,430 Views)
0 Kudos

Accepted Solutions
Solution
Accepted by topic author Serenarules
‎08-21-2015 01:58 AM
Administrator Administrator
Administrator
Trevor
Posts: 591
Registered: ‎08-21-2009

Re: Questions on DPM and asp.net MVC

‎08-09-2011 12:48 PM

The SDK currently doesn't natively support returning these custom fields.  However, you can either read the post fields directly without using the SDK, or you could modify the SDK to add this ability.  If you are willing to modify the SDK, you could simply change the FindKey method in SIMResponse to be public.  You could then access any custom field with SIMResponse.FindKey(<keyName>).

View solution in original post

1 person found this solution to be helpful.
Message 5 of 5 (115,786 Views)
0 Kudos

All Replies
Member
Serenarules
Posts: 3
Registered: ‎08-04-2011

Re: Questions on DPM and asp.net MVC

‎08-04-2011 12:42 PM

Further info...

 

I know how to setup the form using the mvc helper BeginSIMForm(), and how to handle the response by using SIMResponse(post). But response.CardNumber gives me pause. Doesn't this break PCI to have this resident in memory, even if it's garbage collected at the end of the request?

Message 2 of 5 (80,426 Views)
0 Kudos
Administrator Administrator
Administrator
Trevor
Posts: 591
Registered: ‎08-21-2009

Re: Questions on DPM and asp.net MVC

‎08-08-2011 03:42 PM

You can add any field that you would like to the simform before submitting it.  Any field passed that is not a defined field withint he Authorize.Net API will simply be echoed back to you in the transaction response.  Because the user is completely leaving your site (for a brief moment), any session will be terminated.  In addition to using merchant defined fields to pass session data, you can verify that the post is coming from Authorize.Net by validating the transaction hash that is returned.  The transaction Hash is generated using a secret key that you enter into your account settings and should be known only to you and Authorize.Net.

 

The Card Number returned in the transaction response is only the last 4 digits of the card number.  None of the Authorize.Net APIs ever return a full card number.

Message 3 of 5 (80,398 Views)
0 Kudos
Member
Serenarules
Posts: 3
Registered: ‎08-04-2011

Re: Questions on DPM and asp.net MVC

‎08-09-2011 09:47 AM

One final question then. How do I access custom fields, upon return, using the SIMRespose object? Is it a dynamic class?

Message 4 of 5 (80,392 Views)
0 Kudos
Solution
Accepted by topic author Serenarules
‎08-21-2015 01:58 AM
Administrator Administrator
Administrator
Trevor
Posts: 591
Registered: ‎08-21-2009

Re: Questions on DPM and asp.net MVC

‎08-09-2011 12:48 PM

The SDK currently doesn't natively support returning these custom fields.  However, you can either read the post fields directly without using the SDK, or you could modify the SDK to add this ability.  If you are willing to modify the SDK, you could simply change the FindKey method in SIMResponse to be public.  You could then access any custom field with SIMResponse.FindKey(<keyName>).

1 person found this solution to be helpful.
Message 5 of 5 (115,787 Views)
0 Kudos