开发者

How to post data to another website without using any browser related component?

I have a page where user is asked only for the payment amount, then user will be redirected to another website where the payment will be processed, I want the amount to be set on the redirected page without using querystring,cokkie, etc..

I tried to use web service but here is my challange:

user enters amount on the website. webservice is called and set the amount to ex:400$ then user is redirected without any query string to another website.

Now:

how this payment website will know that this user is the user entered 400$ on the redirecting page?

I can count on approaches more secure than this also.

thanks

I have made 开发者_JAVA百科some research on net and asked my experienced friends, the answer is "impossible" this way. Because redirected website somehow identify that user and there is no solution without querystrings or browser related components,

Here is my friend's advice and i am little bit satisfied, not totally :)

He calls this approach as ticketing,

First create a datetime.now integer, with that number add id and amount of money to be processed. Then make a complex function to encrypt data. take square of every odd digit then divide to 7 etc. then on the other website, decrypt data and check datetime if its within 5 minutes for example, the link is valid.


You have to pass the data to the other website somehow.

Cookies wouldn't work due to domain restrictions.

Query string or form posts could work, but you don't want to use query strings.

Alternatively, if both sites share infrastructure, you could use that to share information - for example if they both have access to the same database, you could use that to share data (though you would still need to identify the specific user to both sites).


The way the service would have to work is to give back some token, probably a GUID, that the site will then look for in the querystring of an HTTP request, to identify the owner of that pre-populated data. You then tack that token onto your redirect, and the client makes a request that causes the payment site to go pull the pre-loaded data for that client.

You still have to use a query string, but now, the query string doesn't contain any human-consumable information; they can't identify their $400 amount in the query string and change it to a different amount of money. If they change the GUID at all, the request will most likely fail as that GUID won't exist in whatever datastore of pre-populated data exists behind the payment site.


Contact the website/web service/gateway. They will provide you the API which will define parameters and methods to accept payment amount. If you are the author of such service, provide mechanism to accept such parameters from your caller application. Communication should be secure, using SSL.

For example for payment gateway Paypal, check this for ideas: Use of the PayPal payment system in ASP.NET


Have a look on wikipedia.


Shortly the answer is impossible this way, because somehow the redirect website should identify the user, all the ways are browser related or ip ( which can cause many issues later)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜