All geek questions in one place

Necessary instructions for applying in ASP.NET form

Guys, I apologize if the question is less organized and less clear. I'm in a hurry: (

My web application has a form of payment, which must be sent to another ASP.NET page (allows you to call it http://vendor.com/getpay.aspx ) on another server.

This page will do some mumbo-jumbo work and then redirect it to the acutal payment gateway site.

when I submit my payment form to getpay.aspx via a simple HTML form, it works and redirects the penalty.

if I change the form and its hidden inputs to server controls, it does not work. their page throws a viewstate exception.

  • I need hidden form attachments to be server controls so that I can bind some values ​​generated by my code. (I think I can do it like the classic asp method using <% =%>, but it seems like going back to standard!)
  • I tried HttpWebRequest in the code behind, it publishes the form, but the browser does not redirect the Payment Gateway page.
  • I post payment information outside of https, how can I prevent user intervention in published data?
  • I want to check the form of payment in the backend, and then publish it, I can not trust the user input.
  • Also, the result was returned to my redirect page with added query strings. This also happens without https. How much can I trust this forwarding data?

thanks a lot

+3
1

, Response HTML- html . , .

EDIT: , , , , :

ASPX, "" :

        protected void Page_Load(object sender, EventArgs e)
        {

            // Capture the post to this page
            IDictionary<string, string> variables = new Dictionary<string, string>();

            variables.Add("test", Request.Form["test"]); // collect all variables after checking they exist

            RewriteContent(variable);
        }

        public void RewriteContent(IDictionary<string, string> variables)
        {
            string formContent = @"
    <html>
        <head>
            <title>My Form</title>
        </head>
        <body>
            <form action='' method=''>";

            foreach (KeyValuePair<string, string> keyVal in variables)
            {
                formContent += @"<input type='" + keyVal.Key + "' value='" + keyVal.Value + "' />";
            }

        formContent += @"
            </form>
        </body>
    </html>"; // Add either an auto post in a javascript or an explicit submit button

            Response.Clear();
            Response.Write(formContent);
            Response.Flush();
            Response.End();
        }

2: , , .

Q3/Q4/Q5. https, , , , . , , , , , , , .

, , MD5 SHA1, :

http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1.aspx http://www.developerfusion.com/code/4601/create-hashes-md5-sha1-sha256-sha384-sha512/ http://snippets.dzone.com/posts/show/5816

3: , ( ). , , , , , , :)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using log4net;

namespace MyCompany.Cipher
{
    private static readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);

    public string GenerateSha1HashForString(string valueToHash, EncodeStyle encodeStyle)
    {
        string hashedString = string.Empty;

        try
        {
            hashedString = SHA1HashEncode(Encoding.UTF8.GetBytes(valueToHash), encodeStyle);
        }
        catch (Exception ex)
        {
            if (log.IsErrorEnabled) { log.Error(string.Format("{0}\r\n{1}", ex.Message, ex.StackTrace)); }
            throw new Exception("Error trying to hash a string; information can be found in the error log", ex);
        }

        return hashedString;
    }

    private string ByteArrayToString(byte[] bytes, EncodeStyle encodeStyle)
    {
        StringBuilder output = new StringBuilder(bytes.Length);

        if (EncodeStyle.Base64 == encodeStyle)
        {
            return Convert.ToBase64String(bytes);
        }

        for (int i = 0; i < bytes.Length; i++)
        {
            switch (encodeStyle)
            {
                case EncodeStyle.Dig:
                    //encode to decimal with 3 digits so 7 will be 007 (as range of 8 bit is 127 to -128)
                    output.Append(bytes[i].ToString("D3"));
                    break;
                case EncodeStyle.Hex:
                    output.Append(bytes[i].ToString("X2"));
                    break;
            }
        }

        return output.ToString();
    }

    private string SHA1HashEncode(byte[] valueToHash, EncodeStyle encode)
    {
        SHA1 a = new SHA1CryptoServiceProvider();
        byte[] arr = new byte[60];
        string hash = string.Empty;

        arr = a.ComputeHash(valueToHash);
        hash = ByteArrayToString(arr, encode);

        return hash;
    }
}

, , SHA1 , .

+3

Source: https://habr.com/ru/post/1769350/

More articles:


All Articles