On one of the pages of my DNN website I've set up a BuyNow button inside a HTML/Text module. The button does a POST on submit to the PayPal Sandbox URL. I've also set up a REST based service which PayPal is going to post the IPN information to.
In this service I'm sending a POST with the cmd_notify parameter and get back the information associated to the transaction.
At this point I would like to check whether the receiver_email parameter which PayPal sends coincides with my seller email adress from inside the Sandbox account. However I don't want to hardcode the value for the latter. I've noticed that DNN has a "Payment Settings" section under Admin->Advanced Settings.
[TL;DR]
How can I programatically access the PayPal email address info stored at Admin->Advanced Settings->Payment Settings from back-end webservice C# code? Is this possible?
This is stored in the HostSettings table as a setting key named "ProcessorUserId":
select * from hostsettings where settingname='ProcessorUserId'
Programmatically, if you're inside DNN you can access it through:
DotNetNuke.Common.Globals.HostSettings(KEY)
that is:
string pid= DotNetNuke.Common.Globals.HostSettings("ProcessorUserId");
Hope it helps,
al.
Related
I wasn't really sure on how to form the search terms for this question but I didn't really find what I was looking for either way, so here goes:
How would I force a client to only enter certain parts of my website from certain entry points? For example I have an overview of what activities the company I work in currently got going but I only want users to be able to enter the page responsible for adding a new activity by pressing the "Add New Activity" button.
So that you can't enter that page just by typing in the URL for example. How would one achieve this in ASP?
The same way we do it in the real world, authentication, authorization. Whenever a visitor views a page on your website. They are sending a HTTP request, along with that request you'll receive any cookies that have been set by your web application on their computer on any previous visits, this happens on each and every request.
Authenticated users can be identified using cookies, usually what happens is... upon sign on, the server will set a cookie containing their identity. So when the authorized user requests to view "foo.com/topsecret" and the server receives that request, the server decrypts the data stored on the cookies and checks to see if its been tampered with... if all is good... access granted... if not... then it's simply denied.
In your case u can use the Session Variables and in login u can check all permission.
In your page you can add a check in Page_Load same this:
User myUser = (User)Session["User"];
string page = Path.GetFileName( Request.Url.AbsolutePath );
if(!myUser.pageSee.Contains(page)){
Response.Redirect("home.aspx");
}
you create a User class with proprerty a list of strings for the pages that you can view,
you may also add permissions for a single div.
I have setup a quick page to accept an email address which will send an email to it which will later contain a link to reset password or a new temporary one.
My project is a new ASP .Net MVC project using Identity. I thought the best way to reset it would be to send a link to the email which when clicked allows the user to enter a new one but then I'm not sure what to put on the page the link is directed to, to allow this functionality and keep the site secure.
Is it simply easiest in this case to send a new temporary one?
This was too long to fit in a comment so hopefully I don't get downvoted without actual code examples :O
A common solution that I've seen:
When a user requests a password reset, record a guid/random hash and expiration datetime to the user's information in your user store (db most likely).
An email with a link to a temporary page is sent to the user's email address on file (this solution does require a valid email address).
Once the temporary page is hit, the link can be set to immediately expire (set the expiration date to datetime.now, or remove the guid/hash from the user info, etc).
This temporary page URL would likely have the guid/hash for the recorded user in the query string, so it should be pretty hard to find without having the link in the email. For added security, the user can be required to put in the username/email that requested the password reset (as there should potentially be no mention of usernames/passwords on the page. Once this validation is done (or not) give the user the appropriate fields to reset their password.
Another final note on the "forgot password link" don't provide any information on whether or not a username "does not exist" as this can give the potential of finding valid user names on your site.
EDIT:
here's a previous stack overflow question that might explain it better than I did (don't look at the "accepted" answer, look at the most upvoted answer. :)
Generate temporary URL to reset password
You can find a complete sample that uses "Forgot password" functionality in the prerelease version of "Microsoft ASP.NET Identity Samples 2.1.0-alpha1" NuGet package.
Steps
Create Empty Web Application project
Install sample project: Install-Package Microsoft.AspNet.Identity.Samples -Pre
Start the application and register a new user.
Go to Log in page an click on "Forgot password". Then add the recent registered user e-mail.
Then, you will be able to debug the application checking the "Forgot password" process.
I have a website that holds one setting - a number that the user clicked.
I want the user to see this number and be able to change it at any time. Up until now I was using cookies to achieve this. But then I stumbled across an error : When user opens this address to my website :
http://ServerName/Pick
He sees a certain number. But when he opens this address :
http://ServerName.ServerDomain/Pick
He sees a diffirent number. And in the browser settings I see 2 cookies : one with the domain "ServerName" and one with the domain "ServerName.ServerDomain".
Is there any way to share the same cookie without relaying on wether the user specified a domain name? If not, is there a way to do this without cookies?
NOTE : I have full control over the client and server side (ASP.Net MVC)
You can't share cookies for different domains, but you can use one domain as a primary domain that will issue a cookie and to read cookie from other domains you should redirect to that domain, read cookie and redirect back with a value in query string. Similar, like google redirects all Sign-In requests from google.com, google+, docs etc to account.gooogle.com or microsoft from MSN, Hotmail, etc to login.live.com and then back.
Could someone explain to me how to send a verification email, without using asp.net usercreation wizard, i want it so that when the email is sent, it will contain a url link to activate an account
First Add a field to Users table called RegisterGuidId with type uniqueidentifier
Second after registration send a normal email to user with link to your activation page with new generated RegisterGuidId
Third after user redirected to you activation page use the generated guid to get user data from database
Basically what you need to do is, when the user registers generate a hash that is specific to the user (ideally something that can't be predicted by the bad guys) -> send this hash to the email that the user provided.
If you get a request with the url/hash that means he verified his account.
That's the basic idea anyway.
Using paypal_base.dll and Payflow_dotNET.dll
Have the following setup:
SetExpressCheckoutRequestType.SetExpressCheckoutRequestDetails.AllowNote = "1"
When checking out with PayPal Express Checkout (sandbox), the user can add notes. However, when the user submits an item, the notes field is null. Specifically:
Calling DoExpressCheckoutPayment
Populating DoExpressCheckoutPaymentResponseType
However, on the response, the Note field located here:
DoExpressCheckoutPaymentResponseDetails
is null. Is there some setting that I am missing? Is this not the field that corresponds to the order notes when using Paypal?
Thanks for the help!
You need to modify the settings in your paypal account settings.
Both in sandbox, and in production you must allow the account the ability to receive the payment.
The API does not override.