public IActionResult Index(string token) { var customerToken = PunchoutUserService.GetUserToken(); if (customerToken != token) { //Prevent user from accessing the products catalog //Invalid token - show access denied error page return(StatusCode(401)); } // Valid token: login user and display catalog page where user can view products // and add required products to their cart return(View()); }
public async Task Invoke(HttpContext context) { using (var reader = new StreamReader(context.Request.Body, Encoding.UTF8)) { string xml = reader.ReadToEnd(); XDocument document = XDocument.Load(new StringReader(xml)); XElement cXml = document.Element("cXML"); if (GetSenderSharedSecretFromRequest(cXml) == PunchoutUserService.GetUserSharedSecret()) { responseStatus = "Success"; resposeText = "OK"; responseCode = "200"; startPageUrl = context.Request.Scheme + "://" + context.Request.Host.Value + "/home?token=" + PunchoutUserService.GetUserToken(); var url = GetProcurementSystemPostUrlFromRequest(cXml); PunchoutUserService.SaveProcurementSystemPostUrl(GetProcurementSystemPostUrlFromRequest(cXml)); } } XDocument responseDocument = new XDocument(new XDeclaration("1.0", "utf-8", "yes")); XElement statusElement = new XElement("Status", responseStatus); statusElement.Add(new XAttribute("code", responseCode)); statusElement.Add(new XAttribute("text", resposeText)); XElement response = new XElement("cXML", new XElement("Response", statusElement, new XElement("PunchOutSetupResponse", new XElement("StartPage", new XElement("URL", startPageUrl))))); responseDocument.Add(response); context.Response.ContentType = "text/xml"; await context.Response.WriteAsync (responseDocument.ToString()); }