public ActionResult SimResponse(FormCollection post)
{
var response = new SIMResponse(post);
//first order of business - validate that it was Auth.net that posted this using the
//MD5 Hash passed to use from Auth.net
var isValid = response.Validate(ConfigurationManager.AppSettings["MerchantHash"],
ConfigurationManager.AppSettings["ApiLogin"]);
//if it's not valid - just send them to the home page. Don't throw - that's how
//hackers figure out what's wrong :)
if (!isValid)
{
return(Redirect("/"));
}
//pull the order ID from the order
var orderId = new Guid(Request.Form["order_id"]);
//pull the order
var order = MvcApplication.FindOrder(orderId);
//the URL to redirect to
var redirectAction = Url.Action("details", "orders", new { id = orderId.ToString() });
var returnUrl = Url.SiteRoot() + redirectAction;
if (response.Approved)
{
order.AuthCode = response.ToString();
order.TransactionID = response.TransactionID;
order.OrderMessage = string.Format("Thank you! Order approved: {0}", response.AuthorizationCode);
}
else
{
//pin the message to the order so we can show it to the user
order.OrderMessage = response.Message;
redirectAction = Url.Action("error", "orders", new { id = orderId.ToString() });
returnUrl = Url.SiteRoot() + redirectAction;
}
//save the order somewhere
MvcApplication.SaveOrder(order);
//Direct Post method
return(Content(CheckoutFormBuilders.Redirecter(returnUrl)));
//or just return the page back to the AuthNet server if you don't want to bounce the return
//MAKE SURE it has absolute URLs
//return Redirect(redirectAction);
}
public ActionResult New(string id)
{
//the "slug" is the item to be ordered. In our case it's "small", "medium", or "large"
//if it's not one of these... the user must be confused :)
if (id != "small" && id != "medium" && id != "large")
{
id = "small";
}
var order = new Order(id);
//save to in-memory list to accomodate demo app
//of course... save this to the DB in a real app.
MvcApplication.SaveOrder(order);
ViewData["order"] = order;
return(View());
}
public ActionResult Create()
{
var orderId = new Guid(Request.Form["order_id"]);
//pull from the store
var order = MvcApplication.FindOrder(orderId);
var gate = OpenGateway();
//build the request from the Form post
var apiRequest = CheckoutFormReaders.BuildAuthAndCaptureFromPost();
//send to Auth.NET
var response = gate.Send(apiRequest);
//be sure the amount paid is the amount required
if (response.Amount < order.Price)
{
order.OrderMessage = "The amount paid for is less than the amount of the order. Something's fishy...";
MvcApplication.SaveOrder(order);
return(Redirect(Url.Action("error", "orders", new { id = orderId.ToString() })));
}
if (response.Approved)
{
order.AuthCode = response.AuthorizationCode;
order.TransactionID = response.TransactionID;
order.OrderMessage = string.Format("Thank you! Order approved: {0}", response.AuthorizationCode);
MvcApplication.SaveOrder(order);
//record the order, send to the receipt page
return(Redirect(Url.Action("details", "orders", new { id = orderId.ToString() })));
}
else
{
//error... oops. Reload the page
order.OrderMessage = response.Message;
MvcApplication.SaveOrder(order);
return(Redirect(Url.Action("error", "orders", new { id = orderId.ToString() })));
}
}