Tech Off Thread

13 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

POST through code behind in asp.net

Back to Forum: Tech Off
  • User profile image
    lesmemphis

    I've got a booking that needs to send data to a payment gateway. I do not want to use query string, seeing as this is not a secure method of sending data. Currently I have a 2nd form with hidden fields and a submit button that sends the data via the form's POST action. Problem is this:

     

    I first need to execute a whole bunch of code before this form can be submitted. The ideal would be to be able to post all the data via code behind, alternatively to invoke the form submit through code behind. How do I do this? Perplexed

  • User profile image
    W3bbo

    Use the HttpWebRequest (or just the easier-to-use WebClient) class to formulate your own request off to the gateway from within your ASP.NET application. Ensure that there aren't any cross-domain form postings too.

     

    Note that POST is no more secure then GET/querystrings.

  • User profile image
    lesmemphis

    Problem solved.

     

    I did not manage with HttpWebRequest, reason being I actually wanted to navigate to the page I was posting to. Maybe I just didn't know what I was doing! LOL

    Haven't tried WebClient, only got this reply after I solved my problem.

     

    Found a work-around though:

     

    private void submitForm()
        {
            System.Web.HttpContext.Current.Response.Write("<form name='newForm' target='_parent' method=post

                  action='https:// targetUrl'>");

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p1\" value=\"{0}\">", p1TerminalID));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p2\" value=\"{0}\">", p2Reference));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p3\" value=\"{0}\">", p3Description));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p4\" value=\"{0}\">",

                   p4TransactionAmount));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p5\" value=\"{0}\">", p5Currency));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p11\" value=\"{0}\">",

                  p11ReceiptEmail));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"Budget\" value=\"{0}\">",

                  isBudgetAllowed));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"m_1\" value=\"{0}\">", m1BookID));

            System.Web.HttpContext.Current.Response.Write("</form>");
            System.Web.HttpContext.Current.Response.Write("</body>");

            Response.Write("<SCRIPT LANGUAGE='JavaScript'>document.forms[0].submit();</SCRIPT>");

    }

     

    Thanks for help though!

  • User profile image
    figuerres

    lesmemphis said:

    Problem solved.

     

    I did not manage with HttpWebRequest, reason being I actually wanted to navigate to the page I was posting to. Maybe I just didn't know what I was doing! LOL

    Haven't tried WebClient, only got this reply after I solved my problem.

     

    Found a work-around though:

     

    private void submitForm()
        {
            System.Web.HttpContext.Current.Response.Write("<form name='newForm' target='_parent' method=post

                  action='https:// targetUrl'>");

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p1\" value=\"{0}\">", p1TerminalID));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p2\" value=\"{0}\">", p2Reference));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p3\" value=\"{0}\">", p3Description));

            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p4\" value=\"{0}\">",

                   p4TransactionAmount));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p5\" value=\"{0}\">", p5Currency));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"p11\" value=\"{0}\">",

                  p11ReceiptEmail));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"Budget\" value=\"{0}\">",

                  isBudgetAllowed));


            System.Web.HttpContext.Current.Response.Write(string.Format("<input type=hidden name=\"m_1\" value=\"{0}\">", m1BookID));

            System.Web.HttpContext.Current.Response.Write("</form>");
            System.Web.HttpContext.Current.Response.Write("</body>");

            Response.Write("<SCRIPT LANGUAGE='JavaScript'>document.forms[0].submit();</SCRIPT>");

    }

     

    Thanks for help though!

    just fyi for anyone who reads this.

     

    you can use fiddler to see the http traffic by going to the page with your browser and then you can use the webrequest class to copy what you did.

    in the past i had to write an app that had to go to a site, login, request a menu page, navigate to a page, enter parameters to a form, post get the result and then get an href in the result and do a get on a file that was generated by the form i posted to.

    all from code in .net w/o ever opening a browser and w/o writing out any html to any page.

     

  • User profile image
    Matthew van Eerde

    W3bbo said:

    Use the HttpWebRequest (or just the easier-to-use WebClient) class to formulate your own request off to the gateway from within your ASP.NET application. Ensure that there aren't any cross-domain form postings too.

     

    Note that POST is no more secure then GET/querystrings.

    > POST is no more secure then GET/querystrings

     

    While not any more "secure", per se, it is reasonable to expect that proxy servers will log querystrings buts not (usually) POST content.

  • User profile image
    Dr Herbie

    Matthew van Eerde said:
    W3bbo said:
    *snip*

    > POST is no more secure then GET/querystrings

     

    While not any more "secure", per se, it is reasonable to expect that proxy servers will log querystrings buts not (usually) POST content.

    The Secure3D system requires a post (with a page redirect to their site) -- I've just written code for this in our booking system too Smiley

     

    Herbie

     

  • User profile image
    lesmemphis

    I've been doing tests, and it turns out that my Post does not redirect when not in Internet Explorer. I need to post, because the payment gateway only receives the post and not querystring. Help! Perplexed

  • User profile image
    Dr Herbie

    lesmemphis said:

    I've been doing tests, and it turns out that my Post does not redirect when not in Internet Explorer. I need to post, because the payment gateway only receives the post and not querystring. Help! Perplexed

    ok, even though you're the competition, here's what I have used:

     

    System.Web.HttpContext.Current.Response.Clear();
    System.Web.HttpContext.Current.Response.Write("<html><head>");
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "</head><link text=\"text/css\" rel=\"stylesheet\" href=\"../../styles/styles.css\" />"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<body onload=\"document.{0}.submit(); \">", "mainform"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<body>"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<form name=\"{0}\" method=\"{1}\" action=\"{2}\">", "mainform", "post", Url));
    for (int i = 0; i < Inputs.Keys.Count; i++)
    {
    	System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<input name=\"{0}\" type=\"hidden\" value=\"{1}\">", Inputs.Keys[i], Inputs[Inputs.Keys[i]]));
    }
    System.Web.HttpContext.Current.Response.Write("</form>");
    System.Web.HttpContext.Current.Response.Write("</body></html>");
    

     

    Smiley

    Share and share alike -- I believe I picked this up somewhere on the internet, so it's only fair that I pass it on.

     

    Inputs is a NameValueCollection of the variables to add in the post.

    Url is the taget Url.

     

    Herbie

     

  • User profile image
    Matthew van Eerde

    lesmemphis said:

    I've been doing tests, and it turns out that my Post does not redirect when not in Internet Explorer. I need to post, because the payment gateway only receives the post and not querystring. Help! Perplexed

    Redirecting to POST is bad juju.

     

    RFC 2616:

       If the 301 status code is received in response to a request other
       than GET or HEAD, the user agent MUST NOT automatically redirect the
       request unless it can be confirmed by the user, since this might
       change the conditions under which the request was issued.

  • User profile image
    blowdart

    lesmemphis said:

    I've been doing tests, and it turns out that my Post does not redirect when not in Internet Explorer. I need to post, because the payment gateway only receives the post and not querystring. Help! Perplexed

    You're not doing a redirect though, if you're using the code you posted, you're doing a POST request.

     

    What I'd try with your code is removing the Response.Write("<SCRIPT LANGUAGE='JavaScript'>document.forms[0].submit();</SCRIPT>"); and adding a manual submit button. If you click the submit button does it work? If not, well, it's not a problem with IE.

  • User profile image
    lesmemphis

    Dr Herbie said:
    lesmemphis said:
    *snip*

    ok, even though you're the competition, here's what I have used:

     

    System.Web.HttpContext.Current.Response.Clear();
    System.Web.HttpContext.Current.Response.Write("<html><head>");
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "</head><link text=\"text/css\" rel=\"stylesheet\" href=\"../../styles/styles.css\" />"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<body onload=\"document.{0}.submit(); \">", "mainform"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<body>"));
    System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<form name=\"{0}\" method=\"{1}\" action=\"{2}\">", "mainform", "post", Url));
    for (int i = 0; i < Inputs.Keys.Count; i++)
    {
    	System.Web.HttpContext.Current.Response.Write(string.Format(CultureInfo.InvariantCulture, "<input name=\"{0}\" type=\"hidden\" value=\"{1}\">", Inputs.Keys[i], Inputs[Inputs.Keys[i]]));
    }
    System.Web.HttpContext.Current.Response.Write("</form>");
    System.Web.HttpContext.Current.Response.Write("</body></html>");
    

     

    Smiley

    Share and share alike -- I believe I picked this up somewhere on the internet, so it's only fair that I pass it on.

     

    Inputs is a NameValueCollection of the variables to add in the post.

    Url is the taget Url.

     

    Herbie

     

    Thanks for the help!!! Much appreciated! I'll try the code out and let you know if I managed!

     

    blowdart... I need to write  then post the script, because there is a lot that needs to be done before the site submits and redirects. It does work in IE. It's all those open source browsers that's giving me the headache! LOL

  • User profile image
    W3bbo

    lesmemphis said:
    Dr Herbie said:
    *snip*

    Thanks for the help!!! Much appreciated! I'll try the code out and let you know if I managed!

     

    blowdart... I need to write  then post the script, because there is a lot that needs to be done before the site submits and redirects. It does work in IE. It's all those open source browsers that's giving me the headache! LOL

    If that's your problem then you're probably doing something wrong, because "those open source browsers" do considerably better than IE when it comes to standards compliance.

     

    I also note that your solutions all require that scripting be supported on the client. This is a huge no-no.

  • User profile image
    lesmemphis

    W3bbo said:
    lesmemphis said:
    *snip*

    If that's your problem then you're probably doing something wrong, because "those open source browsers" do considerably better than IE when it comes to standards compliance.

     

    I also note that your solutions all require that scripting be supported on the client. This is a huge no-no.

    Hey, I've managed to get it working. Although, I've no idea if what I'm doing is correct. Lately I've become more and more aware of my lack of knowledge when it comes to standards compliance. The POST and redirect does however work in numerous browsers I've tested, I haven't found one that doesn't work anymore. So that's at least good! Hehe

     

    Basically I used Dr Herbie's method, all I changed was to write the document in full (html, head, title, body, and form tags; then the script)

    It seems that IE just looks at the script and looks for the form to post. Whereas Firefox and Chrome for example, requires all the tags of a conventional web-page to be present for it to execute the POST.

     

    Thanks for all the help, the help and advice is part of why I love IT as much as I do. IT is one of the only industries I know of that bases success on one's willingnes to learn, and while being extremely competitive, knowledge is still shared freely!

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.