I’m trying to implement a payment processor. In order to validate that the response is legitimate, I have to take the query string and append a validation key, then perform an MD5 hash and match my hashed values to theirs.
The payment processor is generating their hash based on a querystring like the following:
trnId=10000041
&messageText=Duplicate+Transaction+%2D+This+transaction+has+already+been+approved
&trnAmount=11.20
&trnDate=6%2F8%2F2011+12%3A32%3A20+PM
&trnEmailAddress=john%2Edoe%40gmail%2Ecom
&avsMessage=Address+Verification+not+performed+for+this+transaction%2E
&ref1=aab02ccd%2D7d17%2D4d09%2Da30c%2Dad6324fe33f1
Now if I were to call QueryString["messageText"] I would get "Duplicate Transaction - This transaction has already been approved". I can’t use that, as I need the + and %2D
So to generate my string I do something like this:
NameValueCollection queryString = new NameValueCollection(QueryString);
queryString.Remove("hashValue");
List<string> parameters = new List<string>();
foreach(string qs in queryString.Keys)
parameters.Add(qs + "=" + HttpUtility.UrlEncode(QueryString[qs]));
string value = string.Join("&", parameters.ToArray());
My resulting string:
trnId=10000041
&messageText=Duplicate+Transaction+-+This+transaction+has+already+been+approved
&trnAmount=11.20
&trnDate=6%2f8%2f2011+1%3a05%3a09+PM
&trnEmailAddress=john.doe%40gmail.com
&avsMessage=Address+Verification+not+performed+for+this+transaction.
&ref1=aab02ccd-7d17-4d09-a30c-ad6324fe33f1
That is a little closer, but with 2 issues, the dashes and periods are not encoded, and the encoding generated lowercase instead of upper case. %2f instead of %2F.
Is there any way to fix this without doing a string.replace? A different method I could call that would provide the results I want?
Use
QueryString.ToString()to get the full query string as one big encoded string, including all&,+, etc. If that is still different from what you expect, you can go one level deeper and grabRequest.RawUrl.Split('?')[1].