PayPal Integration with ASP.NET / C#

Question

First, let me say that I have been at this for far too long, and the parts where I am stuck with, I believe should be the simplest of tasks to accomplish. Yet, I am unable to do them. I am really confused.

I am integrating PayPal into my website. I've developed many websites before, but this is my first time at doing payments.

I have the following code (unmodified - which I copied and pasted [don't panic! I did this for a reason]):

// ASP .NET C#

using System;
using System.IO;
using System.Text;
using System.Net;
using System.Web;

public partial class csIPNexample : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        //Post back to either sandbox or live
        string strSandbox = "https://www.sandbox.paypal.com/cgi-bin/webscr";
        string strLive = "https://www.paypal.com/cgi-bin/webscr";
        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(strSandbox);

        //Set values for the request back
        req.Method = "POST";
        req.ContentType = "application/x-www-form-urlencoded";
        byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
        string strRequest = Encoding.ASCII.GetString(param);
        strRequest += "&cmd=_notify-validate";
        req.ContentLength = strRequest.Length;

        //for proxy
        //WebProxy proxy = new WebProxy(new Uri("http://url:port#"));
        //req.Proxy = proxy;

        //Send the request to PayPal and get the response
        StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
        streamOut.Write(strRequest);
        streamOut.Close();
        StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
        string strResponse = streamIn.ReadToEnd();
        streamIn.Close();

        if (strResponse == "VERIFIED")
        {
            //check the payment_status is Completed
            //check that txn_id has not been previously processed
            //check that receiver_email is your Primary PayPal email
            //check that payment_amount/payment_currency are correct
            //process payment
        }
        else if (strResponse == "INVALID")
        {
            //log for manual investigation
        }
        else
        {
            //log response/ipn data for manual investigation
        }
    }
}

Now, I know what this code means, and I know what it does. The only part I am having difficulty with, is this part:

if (strResponse == "VERIFIED")
{
    //check the payment_status is Completed
    //check that txn_id has not been previously processed
    //check that receiver_email is your Primary PayPal email
    //check that payment_amount/payment_currency are correct
    //process payment
}
else if (strResponse == "INVALID")
{
    //log for manual investigation
}
else
{
    //log response/ipn data for manual investigation
}

Which, you're probably laughing about right now. That's ok:

//check the payment_status is Completed

I think that line should be done like this:

@{
    if(Request.QueryString["payment_status"] == "Completed")
    {
        // Payment status is completed.
    }
}

And, I think I should do pretty much the same thing (getting the Request["etc"] variables and comparing their values) for the rest of the commented lines, and also matching the data with data inside the DB which relates to the user.

Can somebody please help me out? I really have looked everywhere, and it seems like all of the code samples online that I could find, never show you the code for this part.

Your help will be really appreciated.

Thank you

Answer 1

Your line will be like this, its replay with a post! the content is the VERIFIED, but the values are on post, not on url.

if (strResponse == "VERIFIED")
{
    // Now All informations are on
    HttpContext.Current.Request.Form;
    // for example you get the invoice like this
    HttpContext.Current.Request.Form["invoice"] 
    // or the payment_status like
    HttpContext.Current.Request.Form["payment_status"] 
}
else
{
  //log for manual investigation
}

Now after the Response is Verified and the Payment_status is Completed, you have extra options on txn_type, and you can check if the email are correct, if the amount are correct etc. So your code as you ask it will be like:

@{
    if(HttpContext.Current.Request.Form["payment_status"] == "Completed")
    {
        // Payment status is completed.
    }
}

You can check if payment_status == "Completed" that means the order is completed but you also need to check if the amount is correct, the email is correct, and the other reasons are correct (like pending, echeck, hold)