0

I'm working on a project that uses IP Payments to process transactions. The project involves a web form written in ASP with Code-Behind written in C#.

IPP offers an iFrame implementation, where you can put an iFrame in your page and display a small IPP page with fields for entering credit card information. The idea behind this is that the credit card info will only be handled by IPP and never by the server running the page, thus there is no requirement to ensure that card data is kept secure.

In order to display the IPP page in the iFrame though, a session needs to be initiated with IPP. The server initiates the session, and passes in a SessionID variable. Upon a successful session initiation, a Secure Session Token is returned to the server. The server then needs to "force" the client's browser to GET or POST the SessionID and the SST (Secure Session Token) to the IPP website. This is where my problem is.

I wrote a Javascript function in the ASPX page that would accept two parameters - the SessionID and SST - and send them to the IPP website. I'm now trying to call this Javascript function from my C# code upon successful initiation of the IPP session. However, I have been completely unable to do so.

I've done a lot of searching, and the one answer I keep coming across is to use either RegisterStartupScript or RegisterClientScriptBlock. The problem is, these seem to insert text directly into the page, rather than calling an existing function. Assuming I inserted my function into the page via one of those functions rather than writing it into the page myself, it still doesn't solve my problem of how to call said function.

Now it is possible that I'm going about this the wrong way, and there's a much better way to get the client's browser to GET/POST the SessionID and SST; if so, please tell me. I'm inexperienced with web programming and am thus learning as I go and making up solutions along the way that are quite likely not ideal.

Thanks in advance.

Michael Smith
  • 7
  • 5
  • How is the 'Secure Session Token' returned to the server? – adaam Mar 14 '15 at 02:30
  • One option is to make public variables and embed them directly into the JavaScript. I've never really seen a reason for `RegisterClientScriptBlock`... seems more confusing than other ways to accomplish the same thing... rendering the correct HTML to the client. – MikeSmithDev Mar 14 '15 at 02:32
  • It's returned as part of some HTML. I'm extracting the SST and putting it in a string. – Michael Smith Mar 14 '15 at 02:57

1 Answers1

1

I think this should work:

Lets say you have something like this in your HTML:

<html>
    <head>
       <script>
          function sendValuesToIPP(sessionId, sst){
              //do stuff
          }
       </script>
    </head>
</html>

If you do this in your C# code it should work

ClientScriptManager.RegisterStartupScript(
    this.Type,
    "some_key_you_want_to_identify_it",
    string.Format("sendValuesToIPP('{0}','{1}')", SessionID, SST),
    true);

Keep in mind that I'm assuming you have SessionID and SST properties server side, you can get them from wherever you want and just add them to the string that will actually call the function when registered in your ASPX.

Felipe Correa
  • 654
  • 9
  • 23
  • Is that C# code meant to be in the ASPX page? The problem I found with using RegisterStartupScript is that I can't work out how to then call the Javascript function. I'm assuming the key is what you use in the C# code to call the function, but until the RegisterStartupScript call is actually executed, that key is meaningless and I can't use it because it causes an error. – Michael Smith Mar 14 '15 at 03:17
  • The key is just some string you assign to it in case you want to remove the registered script later. It is rarely used so you can put whatever you want. What is really going to make the call to the Javascript function is the 3rd parameter. When the whole line executes in C#, it is going to inject something like which will actually run the javascript function you already have in your ASPX. Did you try it? The code should be anywhere in the .cs file of the ASPX page. – Felipe Correa Mar 14 '15 at 03:24
  • Just tried it, no joy. This is the code I used: Page.ClientScript.RegisterStartupScript(this.GetType(), "InitiateIPP", string.Format(" – Michael Smith Mar 14 '15 at 03:38
  • Change `Page.ClientScript` for `ClientScriptManager`. Make sure you have an ScriptManager in your body like shown here: http://stackoverflow.com/questions/13473808/the-scriptmanager-must-appear-before-any-controls-that-need-it. Lastly, I think you are missing the `` closing tag inside the `string.Format`. If the javascript function is called `initiateIPP` it really should work. You are close, don't disspair. – Felipe Correa Mar 14 '15 at 03:44
  • The missing was the problem. xD Thanks for spotting that! The function is called now; unfortunately the IPP stuff isn't working, but that's a different error that I have to sort out. So, the RegisterStartupScript can be used to call a script or write a script and insert it? Effectively it seems to just directly insert whatever you pass in into the page... – Michael Smith Mar 14 '15 at 03:49
  • Yeah, it does exactly that, it injects whatever script you pass in the third parameter. If you send the 4th parameter as true it will include the script tags by itself so that you don't have to worry about them in the string. Don't forget to mark this as answer if it helped you. – Felipe Correa Mar 14 '15 at 03:52