• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1563
  • Last Modified:

http 302 object moved server response?

Hi,

im implementing a shopping cart in asp.net (framework 3.5). The payment is done through an external payment gateway which of course is using ssl. The payment gateway requires me to send all my data in a form hidden input fields using post. This is no problem as i have managed to do this fine. The user is then redirected to the gateways payment page and inserts the card info. When user hits the "Pay" button the payment gateway wants to validate some of the data (i.e. my merchant id, the amount etc...). So the payment gateway POSTs this data to a page on my website called say validation.aspx. The problem arises then, as when the payment gateway posts to my validation.aspx page, it gets a response back "http 302 object moved" which obviously causes the whole thing to fall apart since the only accepted response for my payment gateway is HTTP 200 OK response and an [OK] in clear text assuming the validation process from my page was fine. My problem is why my server responds with http 302 and obviously my validation.aspx never gets hit?

Some side info on the setup:
I have set up the website on an internal server (proper server running Microsoft Windows Server 2003 R2 x64). The server lies on the internal network 192.168.0.0 having an ip address of this network 192.168.0.66 say. I have used DynDNS and given my site's a domain name say htpp://mysite.com by assigning my static global ip address to that domain name. The website lies in folder say called "mysitesfoldername" so in order to hit it from outside i have to type http://mysite.com/mysitesfoldername/.
Now of course i have setup the router (the one directly connected to my ISP) to redirect all http port 80 traffic to my site (i.e. 192.168.0.66). Note i cannot change port number as the payment gateway only posts to port 80. Another thing to mention is that the payment gateway uses SSL while my page doesn't as its not required, however i don't know whether this could be a problem as maybe my web server sees the "https" at the source field of the packet and this is why it redirects(?)...
Also note that i have provided my payment gateway (as this was a requirement) the full urls of my checkout page (i.e. the page that is going to redirect my clients to the gateway's page), and among others my validation page. So the payment gateway has a full url for my validation page that posts data to, something like http://mysite.com/mysitesfoldername/validation.aspx


PS: I have tried a few things before posting here with on luck.
I have tried playing around with the cookieless attribute in the web.config as i found somewhere about asp.net wanting to create a session id which causes a redirect depending on the cookieless attribute value etc.
I have also tried setting the EnableSessionState="False" at the page directive, but also with no luck...

However, note that I've also done the following which worked!
I have a live server where another web application written in php is hosted. This server runs Apache not IIS. I placed a file there called validation.php which suppose checks data sent by the gateway and responds with [OK] and gave my payment's gateway the new url for my validation page (i.e. http://myliveserverdomainname/validation.php). But why asp.net with IIS doesn't work?
0
andreas13
Asked:
andreas13
  • 4
  • 2
1 Solution
 
Praveen VenuCommented:
Response.BufferOutput = true has to be placed directly before the redirect
 statement
0
 
andreas13Author Commented:
where, to which page?

my shoppingCart page "shoppingCart.aspx" stores required values in session and does a response redirect to my Checkout.aspx. This is the only redirect statement but i don't think will make any difference adding it there... (although i just did try, with no luck).

The checkout.aspx page contains a form with method="post", action="the payment gateways url",  and also a few hidden input fields with runat="server". The checkout.aspx on PageLoad reads the values from the session, and writes them to the form's hidden input fields. now on the client side (after all this is done, on the bodyLoad event of the checkout page i do a form.submit through javascript in order to POST the form to the url specified by action property of the form. There is not any response redirect at the checkout.aspx page.
0
 
Praveen VenuCommented:
you must have a redirect in the  validation.aspx.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
andreas13Author Commented:
I don't have as all comunication between the payment gateway and my validation.aspx happens behind the scenes i just read the values sent from the gateway, validate them against my DB, wirte to the Response. I do something like that: But the problem is that my validation.aspx doesn't get called becuase before that server sends an http 302.




protected void Page_Load(object sender, EventArgs e)
{
   string merchantID = Request["Shop"].ToString().Trim();
   string orderID = Request["Ref"].ToString().Trim(); // the orderID
   string amount = Request["Amount"].ToString().Trim();
   string currency = Request["Currency"].ToString().Trim();
   
   if (DataIsValid(merchantID, orderID, amount, currency))
   {
      // update order status (i.e. set to validated)
      System.Web.HttpContext.Current.Response.Clear();
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Write("[OK]");
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Flush(); 
   }
   else
   {
      System.Web.HttpContext.Current.Response.Clear();
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Write("[NOTOK]");
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Write("");
      System.Web.HttpContext.Current.Response.Flush(); 
   }
}

Open in new window

0
 
andreas13Author Commented:
I have founf out that the problem is the Session. If i set cookieless property for anonymousIdentification config setting to "UseDeviceProfile" then it works. The problem is that since it does not use cookies to store the session id it modifies the url by adding a unique id there....which in turn means i CANNOT use it because my payment gateway provider MUST know the url of my Checkout page (the page that is going to be calling it) but i won't be able to provide them with any since the url will be variable every time if i set that property in the web.config i mentioned at the begining (cookieless="UseDeviceProfile")...

So it the comes down to "how to disable session state" for that particular page, i.e. the OrderValidation.aspx. Well as we all probably know there is a property for the page directive the EnableSessionState="False" which SUPPOSE (yeah, right....) to not use session object for that page if set to false... but IT DOES NOT bloody WORK. Thanx MS ;)
0
 
andreas13Author Commented:
I solved it myself in the end, how? Well, by interupting the asp.net process...
protected void Application_BeginRequest(object sender, EventArgs e)
{
   if (Request.Url.LocalPath.EndsWith("OrderValidation.aspx"))
   {
      /* do job here and end response */
      // get Request variables of interest
      // validate order data
      if (OrderDataValid())
         Response.Write("[OK]");
      else
         Response.Write("[BAD]");
   
      Response.End();
   }
}

Open in new window

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now