im implementing a shopping cart in asp.net (framework 3.5). The payment is done through an external payment gateway which of course is using ssl. The payment gateway requires me to send all my data in a form hidden input fields using post. This is no problem as i have managed to do this fine. The user is then redirected to the gateways payment page and inserts the card info. When user hits the "Pay" button the payment gateway wants to validate some of the data (i.e. my merchant id, the amount etc...). So the payment gateway POSTs this data to a page on my website called say validation.aspx. The problem arises then, as when the payment gateway posts to my validation.aspx page, it gets a response back "http 302 object moved" which obviously causes the whole thing to fall apart since the only accepted response for my payment gateway is HTTP 200 OK response and an [OK] in clear text assuming the validation process from my page was fine. My problem is why my server responds with http 302 and obviously my validation.aspx never gets hit?
Some side info on the setup:
I have set up the website on an internal server (proper server running Microsoft Windows Server 2003 R2 x64). The server lies on the internal network 192.168.0.0 having an ip address of this network 192.168.0.66 say. I have used DynDNS and given my site's a domain name say htpp://mysite.com by assigning my static global ip address to that domain name. The website lies in folder say called "mysitesfoldername" so in order to hit it from outside i have to type http://mysite.com/mysitesfoldername/
Now of course i have setup the router (the one directly connected to my ISP) to redirect all http port 80 traffic to my site (i.e. 192.168.0.66). Note i cannot change port number as the payment gateway only posts to port 80. Another thing to mention is that the payment gateway uses SSL while my page doesn't as its not required, however i don't know whether this could be a problem as maybe my web server sees the "https" at the source field of the packet and this is why it redirects(?)...
Also note that i have provided my payment gateway (as this was a requirement) the full urls of my checkout page (i.e. the page that is going to redirect my clients to the gateway's page), and among others my validation page. So the payment gateway has a full url for my validation page that posts data to, something like http://mysite.com/mysitesfoldername/validation.aspx
PS: I have tried a few things before posting here with on luck.
I have tried playing around with the cookieless attribute in the web.config as i found somewhere about asp.net wanting to create a session id which causes a redirect depending on the cookieless attribute value etc.
I have also tried setting the EnableSessionState="False"
at the page directive, but also with no luck...
However, note that I've also done the following which worked!
I have a live server where another web application written in php is hosted. This server runs Apache not IIS. I placed a file there called validation.php which suppose checks data sent by the gateway and responds with [OK] and gave my payment's gateway the new url for my validation page (i.e. http://myliveserverdomainname/validation.php
But why asp.net with IIS doesn't work?