protected void Page_Load(object sender, EventArgs e)
{
if (Request.HttpMethod != "POST")
{
return;
}
// Build the Request Onescan Session payload
JObject onescanRequest = new JObject();
onescanRequest.Add("ProcessType", "Payment");
onescanRequest.Add("MessageType", "StartPayment");
// TODO: For WebContent Processes change the process and messagetypes:
//onescanRequest.Add("ProcessType", "WebContent");
//onescanRequest.Add("MessageType", "WebContent");
// TODO: For Login Processes:
//createLoginRequest(onescanRequest);
// The Session Data property can be set by you to represent a hold data relating
// to the users session in some way and will be passed back with each callback
// so you can locate the session (eg Order number) that the request belongs to.
onescanRequest.Add("SessionData", "CUSTOM SESSION DATA");
onescanRequest.Add("Version", 2);
JObject metaData = new JObject();
metaData.Add("EndpointURL", ConfigurationManager.AppSettings["OnescanCallbackURL"]);
onescanRequest.Add("MetaData", metaData);
// TODO: You can set the PurchasePayload early if you wish (see StartPayment callback)
var onescanRequestMessage = JsonConvert.SerializeObject(onescanRequest);
// TODO: Onescan no longer supports TLS1.0 and SSL 3.
// TLS10 can be the default for many .NET servers so you may need the following command to force a change of protocol
// This code is just here to higlight the requirement and you should consider moving it to your start up code in global.asax for example
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
HttpWebRequest http = (HttpWebRequest)WebRequest.Create(ConfigurationManager.AppSettings["OnescanServerURL"]);
http.ContentType = "application/json";
string acckey = ConfigurationManager.AppSettings["OnescanAccountKey"];
http.Headers.Add("x-onescan-account", acckey);
string hmac = HMAC.Hash(onescanRequestMessage, ConfigurationManager.AppSettings["OnescanSecret"]);
http.Headers.Add("x-onescan-signature", hmac);
http.Method = "POST";
byte[] lbPostBuffer = System.Text.Encoding.UTF8.GetBytes(onescanRequestMessage);
http.ContentLength = lbPostBuffer.Length;
Stream postStream = http.GetRequestStream();
postStream.Write(lbPostBuffer, 0, lbPostBuffer.Length);
postStream.Close();
string jsonResponse = "";
HttpWebResponse webResponse = (HttpWebResponse)http.GetResponse();
using (webResponse)
{
Stream responseStream = responseStream = webResponse.GetResponseStream();
try
{
StreamReader reader = new StreamReader(responseStream, Encoding.Default);
using (reader)
{
jsonResponse = reader.ReadToEnd();
}
// Check that the signature of the header matches the payload
HMAC.ValidateSignature(jsonResponse, webResponse.Headers);
}
finally
{
webResponse.Close();
responseStream.Close();
}
}
Response.Write(jsonResponse);
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request.HttpMethod != "POST")
{
return;
}
JObject onescanMessage = null;
Stream httpBodyStream = Request.InputStream;
if (httpBodyStream.Length > int.MaxValue)
{
throw new ArgumentException("HTTP InputStream too large.");
}
int streamLength = Convert.ToInt32(httpBodyStream.Length);
httpBodyStream.Position = 0;
using (StreamReader sr = new StreamReader(httpBodyStream))
{
string jsonContent = sr.ReadToEnd();
HMAC.ValidateSignature(jsonContent);
onescanMessage = JsonConvert.DeserializeObject <JObject>(jsonContent);
}
// the responseMessage to be returned to Onescan
JObject responseMessage = null;
string messageType = (string)onescanMessage["MessageType"];
// to allow correlation with the original payment request,
// this callback includes SessionData property that can be set
// on the original payment request onescanMessage["SessionData"];
switch (messageType)
{
case "StartPayment":
responseMessage = startPayment(onescanMessage);
break;
case "AdditionalCharges":
// Optionally include delivery options
// Needs surcharges and deliveroptions set to true in start payment callback
responseMessage = additionalCharges(onescanMessage);
break;
case "PaymentTaken":
// For 1-step payment processes (see your payment gateway set up)
case "PaymentConfirmed":
// For 2-step payment processes (see your payment gateway set up)
responseMessage = purchaseDone(onescanMessage);
break;
case "PaymentCaptured":
// TODO Handle capture (if 2-step transaction used).
responseMessage = createSuccessMessage(onescanMessage);
break;
case "PaymentFailed":
// TODO: Handle a payment failure (check errors)
responseMessage = createSuccessMessage(onescanMessage);
break;
case "PaymentCancelled":
// TODO Handle cancelled event
responseMessage = createSuccessMessage(onescanMessage);
break;
// Web Content Process
case "WebContent":
responseMessage = createWebContentMessage(onescanMessage);
break;
case "StartLogin":
// Called with LoginModes: TokenOrCredentials and UserToken
responseMessage = createStartLoginMessage(onescanMessage);
break;
case "Login":
// Called with LoginModes: TokenOrCredentials and UserToken (if first request did not complete)
// and for "UsernamePassword", "Register"
responseMessage = createLoginMessage(onescanMessage);
break;
default:
throw new Exception("Unexpected Message Type " + onescanMessage["MessageType"] +
". See documentation on how to respond to other message types.");
}
var jsonResponse = JsonConvert.SerializeObject(responseMessage);
// Create and sign the headers.
string acckey = ConfigurationManager.AppSettings["OnescanAccountKey"];
Response.Headers.Add("x-onescan-account", acckey);
string hmac = HMAC.Hash(jsonResponse, ConfigurationManager.AppSettings["OnescanSecret"]);
Response.Headers.Add("x-onescan-signature", hmac);
Response.ContentType = "application/json";
// need to send the response back
Stream httpResponseStream = Response.OutputStream;
using (StreamWriter sw = new StreamWriter(httpResponseStream))
{
sw.Write(jsonResponse);
Response.Flush();
}
}