I have a form in asp.net containing more than 20 textboxes. I have to use POST method to send only some of the parameters to payment gateway. Is there any way so that only required parameters from the form can be posted to payment gateway? Any help will be appreciated.
You could either make an explicit post with the values you want e.g. using jQuery (see jQuery.post()) or copy the values to another form that contains only the values of interest and submit that one.
Have you tried just posting ALL your web form elements to the payment gateway? Chances are their page will just use the parameters they are expecting to receive and just ignore the others (that is the default behavior in web pages, interpret what you can and just ignore the rest).
If so, you would just need to make sure the client name of your form elements matches the name of the parameters the payment gateway is expecting to receive.
Since it's a webforms application, you may want to look at How to: Post ASP.NET Web Pages to a Different Page on the MSDN.
input-element without a name-attribute wont be submitted, so just remove the name-attribute on those fields and your fine.
Related
I'm trying to query a delivery companies consignment status page, though it uses ASP.NET viewstate which when not supplied as parameters it does not return a result.
How can I reliably either:
Not submit the values, or submit blank values
Submit a constant value that is reliable.
The resource in question is http:// 61.9.216.242 /xlcoads/contrack.aspx
I've tried using cURL and been successful but I don't know if I need to change viewstate etc.
I've also contacted the company without luck in having a more ReSTful version of the site available.
First of all you are trying to do something which doesn't support it, therefore there will not be any standard method for doing it.
__VIEWSTATE and __EVENTVALIDATION is used by .net to provide a sense of statefulness over stateless protocol(Tcp/ip), but it is easy to fool it.
Your friends will be Firefox and firebug, Submit 4-5 different request and see the sent data in firebug, you will be able to figure out which datas are constant and which changes. When figured out, use webrequest to get the url data, then extract view state and other datas as needed make another webrequest to submit the modified data with the search string.
and yes I use this method for a site with the same problem.
I have a large HTML form which has approximately 60 fields with a lot of jQuery based conditional fields, validation, and a lot of CSS applies to UL and LI tags.
The goal is to email the form responses and redirect user to a specific URL upon form submit.
SMTP has been configured on IIS 7.5 and is working. What I don't have is a .Net based sendmail equivalent on IIS that does not require for me to code in every single form field.
I have seen numerous solutions out there which suggest to wrap the form fields into <asp:textbox> <asp:checkbox> etc. tags, but that is totally out of the question. I need to preserve the existing form as is in HTML markup of the page and simply find a suitable form action that will allow me to post the form such that it's emailed out (and hopefully redirected to a new URL).
I understand that I may need to create an emailer script and I realize that it there is System.Net.Mail I am just not clear how to pass my entire form into the mail.Body without that it has to become an ASP form first.
You can use Request.Form to access posted form from any HttpHandler, Page or Controller. Given that you only need to post, maybe HttpHandler is the best choice actually.
Then it is up to you how to work keys/values in Request.Form to build your email.
So I am implementing a payment system with 2co on my website. I am using their 'Header Redirect' which returns the customer to an ASPX page on my website with a bunch of querystrings after a successful payment.
Anyway, I was wondering. What is the proper way to secure this? What If a customer typed the parameters him/herself such as `Payment.aspx?params-here' and added credits as they wish to their account.
How can I make sure that this is 100% authentic?
Suggestions? Thanks!
A solution approach to parameter tampering is usually mapping the query parameters to something that cannot be easily manipulated, e.g. by using a one-way hash function to create a digest to send along with the original parameter and limiting the duration during which a particular mapping/digest is valid. If the digest matches the query parameter you know the request has not been tampered with.
E.g. your URL
Payment.aspx?Amount=100
could become
Payment.aspx?Amount=100&Digest=53e5e07397f7f01c2b276af813901c2
Here's an old but still relevant, detailed article on the topic: Passing Tamper-Proof QueryString Parameters
In ASP.NET you can use Page.EnableEventValidation which uses a hidden textbox as part of a form to validate that a request was issued from the form:
When the EnableEventValidation property is set to true, ASP.NET
validates that a control event originated from the user interface that
was rendered by that control. A control registers its events during
rendering and then validates the events during postback or callback
handling. For example, if a list control includes options numbered 1,
2, or 3 when the page is rendered, and if a postback request is
received specifying option number 4, ASP.NET raises an exception. All
event-driven controls in ASP.NET use this feature by default.
I have an idea for an App that would really help me out in work but I'm not sure if it's possible.
I want to run a C# desktop application that will ask for a value. When a value is supplied, the application will open a browswer, go to a webpage and add the value into a form on an online website. The form is then submitted and a new page is loaded that contains a table of results. I then want to extract the table of results from the page source and write code to parse the result values.
It is not important that the user see's this happen in an actual browser. In other words if there's a way to do it by reading HTTP requests then thats great.
The biggest problem I have is getting the values into the form and then retrieving the page source after the form is submitted and the next page loads.
Any help really appreciated.
Thanks
Provided that you're only using this in a legal context:
Usually, web forms are sent via POST request to the web server, specifically some script that handles it. You can look at the HTML code for the form's page and find out the destination for the form (form's action).
You can then use a HttpWebRequest in C# to "pretend you are the form", sending a POST request with all the required parameters (adding them to the HTTP header).
As a result you will get the source code of the destination page as it would be sent to the browser. You can parse this.
This is definitely possible and you don't need to use an actual web browser for this. You can simply use a System.Net.WebClient to send your HTTP request and get an HTTP response.
I suggest to use wireshark (or you can use Firefox + Firebug) it allows you to see HTTP requests and responses. By looking at the HTTP traffic you can see exactly how you should pass your HTTP request and which parameters you should be setting.
You don't need to involve the browser with this. WebClient should do all that you require. You'll need to see what's actually being posted when you submit the form with the browser, and then you should be able to make a POST request using the WebClient and retrieve the resulting page as a string.
The docs for the WebClient constructor have a nice example.
See e.g. this question for some pointers on at least the data retrieval side. You're going to know a lot more about the http protocol before you're done with this...
Why would you do this through web pages if you don't even want the user to do anything?
Web pages are purely for interaction with users, if you simply want data transfer, use WCF.
#Brian using Wireshark will result in a very angry network manager, make sure you are actually allowed to use it.
This seems like a simple question, but I haven't been able to find the answer online via many Google searches. I have a C# web service and, when I visit its ASMX page in the browser, for a particular method it always has the following:
"The following is a sample SOAP 1.1 request and response. The placeholders shown need to be replaced with actual values."
Likewise for SOAP 1.2 and HTTP POST. What I want to know is how I replace the placeholders shown, which are things like:
<myParameter>string</myParameter>
Where 'string' is the placeholder. And in the response:
<xsd:schema>schema</xsd:schema>xml
Where 'schema' and 'xml' are the placeholders. I've been using another web service that has these placeholders filled out with example values for the parameters and responses, and I would like to define such examples for my own web methods, too. I was able to describe the entire method with the following:
[WebMethod(Description="Does awesome things.")]
But I have not found such a thing for the individual parameters of a web method.
By default DefaultWsdlHelpGenerator.aspx is called to generate the "help" page.
You can set another (or modified) template with the wsdlHelpGenerator Element in your web.config file.
Why would you want to do that? That page you see in the browser when hitting your asmx is just giving sample requests and reponses. If you want to get data using those examples, replace the placholder values in the request with what you are querying from the service, and POST to it...
Edit: I mean, if you really need to replace those placholder values, write code in your service to determine when someone does a GET (implying viewing from a browser), and play with the response, changing the placeholder values to whatever you require.
You can't do it. If the help page (which is what you're describing) does not have an input box for a particular parameter, then it means it doesn't know how to do that.
You should not pay too much attention to those pages in any case. They go away with WCF.
They were never of very much use anyway, except for the simplest web services. They were a way to get people into the web service game way back in the beginning when there were no tools to help you test a web service. Use soapUI instead.
BTW, also see Microsoft: ASMX Web Services are a “Legacy Technology” for why it makes good sense to ignore ASMX-only pages.