Link to home
Start Free TrialLog in
Avatar of tippingpoint
tippingpoint

asked on

Create a Secure connection using X509Certificate object and post XML file using StreamReader

Hi,

An affilate has provided an applicationg to post XML to https://partners.netsuite.com/s/SmbXml?pid=1234567890&pacct=accountname.

I've created the certificate, sent to get signed, and recieved and installed the corresponding certificates.

I'm after some resources (or code) on how to:

1. create a 2 way SSL connection using my client.der certificate using a X509Certificate object
2. then post a pre formatted xml file using StreamReader

I've searched the net and can't find any resources linking the two processes.

Here is some code I've been working on:

// NetSuite URL to post to
string url =
"https://partners.netsuite.com/s/SmbXml?pid=22999&pacct=ShutterFly";
HttpWebRequest req;
HttpWebResponse res;
// Create request object that connects to NetSuite
req = (HttpWebRequest) WebRequest.Create( url );
req.Method = "POST";
req.ContentType = "text/xml";
// The path to the certificate.
string certFilePath = "C:\\client.der";
// Load the certificate into an X509Certificate object.
X509Certificate x509Cert = X509Certificate.CreateFromCertFile( @certFilePath );
// Add certificate to request
req.ClientCertificates.Add( x509Cert );
// Read smbXML file and write contents to request stream
StreamReader inFileReader = new StreamReader("c:\\queryAllSalesOrders.xml");
StreamWriter reqWriter = new StreamWriter( req.GetRequestStream() );
string sLine = null;
while ( ( sLine = inFileReader.ReadLine() ) != null )
{
reqWriter.WriteLine( sLine );
}
inFileReader.Close();
reqWriter.Close();
// Get response
res = (HttpWebResponse) req.GetResponse();
System.Console.Out.WriteLine( "Status Code: " + res.StatusCode );
StreamReader responseReader =
new StreamReader(res.GetResponseStream(), Encoding.ASCII);
// Put the results in a string and print to console
System.Console.Out.WriteLine("\n");
strResult = responseReader.ReadToEnd();
responseReader.Close();
Console.WriteLine(strResult);


Thanks.

tp (I can provide a follow up 500 points if both parts can be solved!)
Avatar of AerosSaga
AerosSaga

Alright heres the low down, your server has to have a certificate installed on it.  After you have the certificate installed on your server you simply address the xml post the secure site your listed and the .NET framework handles the rest.  Below is an entire class I wrote to work with the Authorize.NET Payment Processing gateway.  This does exactly what your looking to acomplish.

Public Class AuthorizeNet

#Region " Definitions "
    Private _Login As String = "xxxx"
    Private _Password As String = "xxxx"
    Private _TranKey As String

    Private _TestRequest As Boolean

    Private _BillingAddress As New Address
    Private _ShippingAddress As New Address
    Private _AdditionalInfo As PaymentCustomerInformation

    Private _CreditCard As CreditCard
    Private _ElectronicFundsTransfer As BankTransfer
    Private _TransactionType As TransactionFlow

    Private _Amount As Single
    Private _Tax As Single
    Private _Freight As Single

    Private _AuthCode As String
    Private _TransID As String
#End Region

#Region " Types "
    Public Enum TransactionFlow
        Capture
        Credit
    End Enum
#End Region

#Region " Properties "
    Public Property Login() As String
        Get
            Return _Login
        End Get
        Set(ByVal Value As String)
            _Login = Login
        End Set
    End Property
    Public Property Password() As String
        Get
            Return _Password
        End Get
        Set(ByVal Value As String)
            _Password = Password
        End Set
    End Property
    Public Property TranKey() As String
        Get
            Return _TranKey
        End Get
        Set(ByVal Value As String)
            _TranKey = Value
        End Set
    End Property
    Public Property TestRequest() As Boolean
        Get
            Return _TestRequest
        End Get
        Set(ByVal Value As Boolean)
            _TestRequest = True
        End Set
    End Property
    Public ReadOnly Property CreditCard() As CreditCard
        Get
            Return _CreditCard
        End Get
    End Property
    Public ReadOnly Property ElectronicFundsTransfer() As BankTransfer
        Get
            Return _ElectronicFundsTransfer
        End Get
    End Property
    Public ReadOnly Property AuthCode() As String
        Get
            Return _AuthCode
        End Get
    End Property
    Public ReadOnly Property TransID() As String
        Get
            Return _TransID
        End Get
    End Property
    Public ReadOnly Property BillingAddress() As Address
        Get
            Return _BillingAddress
        End Get
    End Property
    Public Property ShippingAddress() As Address
        Get
            Return _ShippingAddress
        End Get
        Set(ByVal Value As Address)
            _ShippingAddress = Value
        End Set
    End Property
    Public Property TransactionType() As TransactionFlow
        Get
            Return _TransactionType
        End Get
        Set(ByVal Value As TransactionFlow)
            _TransactionType = Value
        End Set
    End Property
    Public Property AdditionalInfo() As PaymentCustomerInformation
        Get
            Return _AdditionalInfo
        End Get
        Set(ByVal Value As PaymentCustomerInformation)
            _AdditionalInfo = Value
        End Set
    End Property

    Public Property Amount() As Single
        Get
            Return _Amount
        End Get
        Set(ByVal Value As Single)
            _Amount = Value
        End Set
    End Property
    Public Property Tax() As Single
        Get
            Return _Tax
        End Get
        Set(ByVal Value As Single)
            _Tax = Value
        End Set
    End Property
    Public Property Freight() As Single
        Get
            Return _Freight
        End Get
        Set(ByVal Value As Single)
            _Freight = Value
        End Set
    End Property
#End Region

#Region " Constructors "
    Public Sub New(ByVal CreditCard As CreditCard, ByVal BillingAddress As Address, _
        ByVal Amount As Single, ByVal TransactionType As TransactionFlow, _
        Optional ByVal AdditionalInfo As PaymentCustomerInformation = Nothing)
        _CreditCard = CreditCard
        _BillingAddress = BillingAddress
        _Amount = Amount
        _TransactionType = TransactionType
        If Not AdditionalInfo Is Nothing Then
            _AdditionalInfo = New PaymentCustomerInformation
            _AdditionalInfo = AdditionalInfo
        End If

        _ElectronicFundsTransfer = Nothing
    End Sub

    Public Sub New(ByVal ElectronicFundsTransfer As BankTransfer, _
        ByVal BillingAddress As Address, ByVal Amount As Single, _
        ByVal TransactionType As TransactionFlow, _
        Optional ByVal AdditionalInfo As PaymentCustomerInformation = Nothing)
        _ElectronicFundsTransfer = ElectronicFundsTransfer
        _BillingAddress = BillingAddress
        _Amount = Amount
        _TransactionType = TransactionType
        If Not AdditionalInfo Is Nothing Then
            _AdditionalInfo = New PaymentCustomerInformation
            _AdditionalInfo = AdditionalInfo
        End If

        _CreditCard = Nothing
    End Sub
#End Region

#Region " Methods "
    Public Sub PostTransaction()

        Dim AuthorizeRequest As New Net.WebClient
        Dim Information As New Collections.Specialized.NameValueCollection(30)
        Dim ReturnInformation As New Collections.Specialized.NameValueCollection(30)
        Dim ReturnBytes As Byte()
        Dim ReturnValues As String()
        Dim ReturnValue, ReturnError As String
        If Login = "" Then Throw New AuthorizeNetException("You must set the login value of the AuthorizeNet class.")

        With Information

            .Add("x_Version", "3.1")
            .Add("x_Delim_Data", "True")
            .Add("x_Login", _Login)
            .Add("x_Password", _Password)
            '.Add("x_Tran_Key", _TranKey)
            .Add("x_Test_Request", "True") '_TestRequest.ToString()

            'A comma is used to seperate the fields while a pipe is used to encapsulate the data.
            '   Authorize.NET doesn't have an escape character for data, so I had to use the pipe to
            '   encapsulate it -- regular expressions up to this point will prevent the pipe symbol
            '   from occuring within the actual data.
            .Add("x_Delim_Char", ",")
            .Add("x_Encap_Char", "|")

            .Add("x_First_Name", BillingAddress.FirstName)
            .Add("x_Last_Name", BillingAddress.LastName)
            .Add("x_Address", BillingAddress.Address)
            .Add("x_City", BillingAddress.City)
            .Add("x_State", BillingAddress.State)
            .Add("x_Zip", BillingAddress.Zip)

            If Not ShippingAddress Is Nothing Then
                .Add("x_Ship_To_First_Name", ShippingAddress.FirstName)
                .Add("x_Ship_To_Last_Name", ShippingAddress.LastName)
                .Add("x_Ship_To_Address", ShippingAddress.Zip)
                .Add("x_Ship_To_City", ShippingAddress.City)
                .Add("x_Ship_To_State", ShippingAddress.State)
                .Add("x_Ship_To_Zip", ShippingAddress.Zip)
            End If

            If Not AdditionalInfo Is Nothing Then
                If AdditionalInfo.Phone <> "" Then .Add("x_Phone", AdditionalInfo.Phone)
                If AdditionalInfo.CustomerID <> 0 Then _
                    .Add("x_Cust_ID", AdditionalInfo.CustomerID.ToString())
                If AdditionalInfo.CustomerIP.ToString() <> "0.0.0.0" Then
                    .Add("x_Customer_IP", AdditionalInfo.CustomerIP.ToString())
                End If
                If AdditionalInfo.EmailAddress <> "" Then .Add("x_Email", AdditionalInfo.EmailAddress)

                If AdditionalInfo.InvoiceNumber.ToString() <> "" Then _
                    .Add("x_Invoice_Num", AdditionalInfo.InvoiceNumber.ToString())
                If AdditionalInfo.Description <> "" Then .Add("x_Description", AdditionalInfo.Description)
            End If

            If Not _CreditCard Is Nothing Then
                'It's a credit card transaction
                .Add("x_Card_Num", _CreditCard.CardNumber)
                .Add("x_Exp_Date", _CreditCard.ExpDate.ToString("MM/yy"))
                .Add("x_Method", "CC")
            ElseIf Not _ElectronicFundsTransfer Is Nothing Then
                'It's an e-check transaction
                .Add("x_Bank_ABA_Code", _ElectronicFundsTransfer.RoutingNumber)
                .Add("x_Bank_Acct_Num", _ElectronicFundsTransfer.AccountNumber)
                Select Case _ElectronicFundsTransfer.AccountType
                    Case BankTransfer.BankAccountType.Savings
                        .Add("x_Bank_Acct_Type", "Savings")
                    Case BankTransfer.BankAccountType.Checking
                        .Add("x_Bank_Acct_Type", "Checking")
                End Select
                .Add("x_Bank_Name", _ElectronicFundsTransfer.BankName)
                .Add("x_Bank_Acct_Name", _ElectronicFundsTransfer.AccountName)
                .Add("x_Method", "ECHECK")
            End If

            Select Case TransactionType
                Case TransactionFlow.Capture
                    'It's a payment to our account
                    .Add("x_Type", "AUTH_CAPTURE")
                Case TransactionFlow.Credit
                    'It's a credit to their account
                    .Add("x_Type", "CREDIT")
            End Select
            .Add("x_Amount", Amount.ToString())

            'Tax and Freight are NOT added onto the total; these values are the tax value (in dollars)
            '   of the transaction and the freight cost of the sale. Again, the total already includes
            '   the sum of the tax and freight.
            If Tax <> 0 Then .Add("x_Tax", Tax.ToString())
            If Freight <> 0 Then .Add("x_Freight", Freight.ToString())

        End With

        AuthorizeRequest.BaseAddress = "https://certification.authorize.net/gateway/transact.dll"
        ReturnBytes = AuthorizeRequest.UploadValues(AuthorizeRequest.BaseAddress, "POST", Information)
        ReturnValues = System.Text.Encoding.ASCII.GetString(ReturnBytes).Split(",".ToCharArray())
               
        If ReturnValues(0).Trim(CChar("|")) = "1" Then
            _AuthCode = ReturnValues(4).Trim(CChar("|"))
            _TransID = ReturnValues(6).Trim(CChar("|"))
        Else
            ReturnError = ReturnValues(3).Trim(CChar("|"))
            If ReturnValues(2).Trim(CChar("|")) = "45" Then
                ReturnError &= " Our Address Verification System (AVS) returned the following error: "
                Select Case ReturnValues(5).Trim(CChar("|"))
                    Case "A"
                        ReturnError &= " the zip code entered does not match the billing address."
                    Case "B"
                        ReturnError &= " no information was provided for the AVS check."
                    Case "E"
                        ReturnError &= " a general error occurred in the AVS system."
                    Case "G"
                        ReturnError &= " the credit card was issued by a non-US bank."
                    Case "N"
                        ReturnError &= " neither the entered street address nor zip code matches the billing address."
                    Case "P"
                        ReturnError &= " AVS is not applicable for this transaction."
                    Case "R"
                        ReturnError &= " please retry the transaction; the AVS system was unavailable or timed out."
                    Case "S"
                        ReturnError &= " the AVS service is not supported by your credit card issuer."
                    Case "U"
                        ReturnError &= " address information is unavailable for the credit card."
                    Case "W"
                        ReturnError &= " the 9 digit zip code matches, but the street address does not."
                    Case "Z"
                        ReturnError &= " the zip code matches, but the address does not."
                End Select
            End If
            Throw New AuthorizeNetException(ReturnError)
        End If

    End Sub
#End Region

End Class

Regards,

Aeros
If you need help installing your certificate on your server look here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod30.asp
Avatar of tippingpoint

ASKER

I've already got the certificate installed on my server, broswer. It has been signed.

The XML I have is already preformatted, how would I go about sending it as a file?
Dim AuthorizeRequest As New Net.WebClient
        Dim Information As New Collections.Specialized.NameValueCollection(30)
        Dim ReturnInformation As New Collections.Specialized.NameValueCollection(30)
        Dim ReturnBytes As Byte()
        Dim ReturnValues As String()
        Dim ReturnValue, ReturnError As String
        If Login = "" Then Throw New AuthorizeNetException("You must set the login value of the AuthorizeNet class.")

        With Information

            .Add("x_Version", "3.1")
            .Add("x_Delim_Data", "True")
            .Add("x_Login", _Login)
            .Add("x_Password", _Password)
            '.Add("x_Tran_Key", _TranKey)
            .Add("x_Test_Request", "True") '_TestRequest.ToString()

            'A comma is used to seperate the fields while a pipe is used to encapsulate the data.
            '   Authorize.NET doesn't have an escape character for data, so I had to use the pipe to
            '   encapsulate it -- regular expressions up to this point will prevent the pipe symbol
            '   from occuring within the actual data.
            .Add("x_Delim_Char", ",")
            .Add("x_Encap_Char", "|")

            .Add("x_First_Name", BillingAddress.FirstName)
            .Add("x_Last_Name", BillingAddress.LastName)
            .Add("x_Address", BillingAddress.Address)
            .Add("x_City", BillingAddress.City)
            .Add("x_State", BillingAddress.State)
            .Add("x_Zip", BillingAddress.Zip)

            If Not ShippingAddress Is Nothing Then
                .Add("x_Ship_To_First_Name", ShippingAddress.FirstName)
                .Add("x_Ship_To_Last_Name", ShippingAddress.LastName)
                .Add("x_Ship_To_Address", ShippingAddress.Zip)
                .Add("x_Ship_To_City", ShippingAddress.City)
                .Add("x_Ship_To_State", ShippingAddress.State)
                .Add("x_Ship_To_Zip", ShippingAddress.Zip)
            End If

            If Not AdditionalInfo Is Nothing Then
                If AdditionalInfo.Phone <> "" Then .Add("x_Phone", AdditionalInfo.Phone)
                If AdditionalInfo.CustomerID <> 0 Then _
                    .Add("x_Cust_ID", AdditionalInfo.CustomerID.ToString())
                If AdditionalInfo.CustomerIP.ToString() <> "0.0.0.0" Then
                    .Add("x_Customer_IP", AdditionalInfo.CustomerIP.ToString())
                End If
                If AdditionalInfo.EmailAddress <> "" Then .Add("x_Email", AdditionalInfo.EmailAddress)

                If AdditionalInfo.InvoiceNumber.ToString() <> "" Then _
                    .Add("x_Invoice_Num", AdditionalInfo.InvoiceNumber.ToString())
                If AdditionalInfo.Description <> "" Then .Add("x_Description", AdditionalInfo.Description)
            End If

            If Not _CreditCard Is Nothing Then
                'It's a credit card transaction
                .Add("x_Card_Num", _CreditCard.CardNumber)
                .Add("x_Exp_Date", _CreditCard.ExpDate.ToString("MM/yy"))
                .Add("x_Method", "CC")
            ElseIf Not _ElectronicFundsTransfer Is Nothing Then
                'It's an e-check transaction
                .Add("x_Bank_ABA_Code", _ElectronicFundsTransfer.RoutingNumber)
                .Add("x_Bank_Acct_Num", _ElectronicFundsTransfer.AccountNumber)
                Select Case _ElectronicFundsTransfer.AccountType
                    Case BankTransfer.BankAccountType.Savings
                        .Add("x_Bank_Acct_Type", "Savings")
                    Case BankTransfer.BankAccountType.Checking
                        .Add("x_Bank_Acct_Type", "Checking")
                End Select
                .Add("x_Bank_Name", _ElectronicFundsTransfer.BankName)
                .Add("x_Bank_Acct_Name", _ElectronicFundsTransfer.AccountName)
                .Add("x_Method", "ECHECK")
            End If

Substitute whatever you need to send for information in the above routine I'll post a more generic one below
Dim web As New System.Net.WebClient()

web.Headers.Add("Content-Type", "application/x-www-form-urlencoded")

Dim d As Byte() = System.Text.Encoding.ASCII.GetBytes("SEARCHSTRING=test")
Dim res As Byte() = web.UploadData("http://abstractvb.com/search.asp", "POST", d)

Console.Write(System.Text.Encoding.ASCII.GetString(res))
Dim myRequest As HttpWebRequest = CType(HttpWebRequest.Create("http://www.creditcardgateway.com/"), HttpWebRequest)
            myRequest.AllowAutoRedirect = False
            myRequest.Method = "POST"
            myRequest.ContentType = "application/x-www-form-urlencoded"

'Create post stream
            Dim RequestStream As Stream = myRequest.GetRequestStream()
            Dim SomeBytes() As Byte = Encoding.UTF8.GetBytes(strToSend)

            RequestStream.Write(SomeBytes, 0, SomeBytes.Length)
            RequestStream.Close()

            'Send request and get response
            Dim myResponse As HttpWebResponse = CType(myRequest.GetResponse(), HttpWebResponse)


Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.Load
         Dim url As String
        Try
            url = "http://www.yahoo.com"
            Dim webReq As HttpWebRequest = CType(WebRequest.Create(url), HttpWebRequest)
            Dim webResp As HttpWebResponse = CType(webReq.GetResponse(), HttpWebResponse)
            Dim responseStream As Stream = webResp.GetResponseStream
            Dim readStream As New StreamReader(responseStream)
            Dim strContent As New StringBuilder
            Dim sLine As String = ""
            Do While Not sLine Is Nothing
                sLine = readStream.ReadLine
                If Not sLine Is Nothing Then
                    strContent.Append(sLine)
                End If
            Loop
            readStream.Close()
            responseStream.Close()
            RichTextBox1.AppendText("Done")
            RichTextBox1.Refresh()
        Catch ex As Exception
            MsgBox("ex=" & ex.Message & Chr(13) & ex.StackTrace)
        End Try
End Sub
If you havent gotten it by the time I get to work tomorrow am I'll show you how to construct the xml string or load it in.
You could always create a dataset like this, I'll post the string option when I get to work tomorrow

' Visual Basic
Dim filePath As String
filePath = "Complete path where you saved the XML file"
dsAuthors.ReadXml(filePath)
With DataGrid1
   .DataSource = dsAuthors
   .DataMember = "authors"
   .CaptionText = .DataMember
End With

Private Sub WriteXmlToFile(thisDataSet As DataSet)
    If thisDataSet Is Nothing Then
        Return
    End If
    ' Create a file name to write to.
    Dim filename As String = "myXmlDoc.xml"
    ' Create the FileStream to write with.
    Dim myFileStream As New System.IO.FileStream _
       (filename, System.IO.FileMode.Create)
    ' Create an XmlTextWriter with the fileStream.
    Dim myXmlWriter As New System.Xml.XmlTextWriter _
       (myFileStream, System.Text.Encoding.Unicode)
    ' Write to the file with the WriteXml method.
    thisDataSet.WriteXml(myXmlWriter)
    myXmlWriter.Close()
End Sub
Sorry, this is all a bit too difficult for me. I'm still having issues authenticating with the server.

I will keep trying and let you know.
ASKER CERTIFIED SOLUTION
Avatar of AerosSaga
AerosSaga

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As you can see your authentication goes in your xml stream that you post.   In this particular instance:

AccessRequest = "<?xml version=""1.0""?>" & "<AccessRequest xml:lang=""en-US"">" & _
        "<AccessLicenseNumber>" & _AccessLicenseNumber & "</AccessLicenseNumber>" & _
        "<UserId>" & _UserId & "</UserId>" & "<Password>" & _Password & "</Password>" & _
        "</AccessRequest>"

This authenticates the request with the UPS server which is encrypted using the certificate you installed on the server.

Regards,

Aeros
I'm starting to think the application has not been set up properly from their end as I'm not getting a response. I do see my certificate there but nothing after that screen.

Try this URL.
https://partners.netsuite.com/s/SmbXml?pid=1234567890&pacct=accountname


I'm chasing up the vendor...
The request goes out, but you never receive a response of any kind?
I have the corresponding certificate and it sees it fine when I go to view it.

Even when I follow the link and accept the certificate and follow it to the next page it says 'page not found'.

I'm chasing it up with the vendor. I'm thinking they might not have it ready to accpt connections beyond going past the certificate auth.

I can show you cert to see for yourself if you want.
no thats ok, I know my methodolgy is correct as this code is in production and used daily.  Let me know if theres anything else I can do.

Regards,

Aeros
My answer is entirely correct and the asker never revisted with additional information.  I feel I should be awarded the points.

Aeros
I am currently speaking to the vendor to resolve this problem.

I'm not sure if your solution will work for me yet.

I'll keep you posted.

I have multiple shipping classes & online transaction payment classes that use this for ecommerce on a daily basis.  I assure you my friend that the methods contained are correct and functional.  Youve been talking to the vendor for some time now.

Aeros