如何执行 HTTP POST 并从 POST 结果重定向到外部站点？答案

【问题标题】：How to perform HTTP POST and redirect to external site from the POST result?如何执行 HTTP POST 并从 POST 结果重定向到外部站点？
【发布时间】：2015-10-21 10:45:27
【问题描述】：

所以我可以执行以下 POST 提交并重定向到支付网关站点

@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://l33tpaymentgateway.com" })
{
    <input id="RefNo" name="RefNo" type="hidden" value="ABCDE" />
    <input id="Amount" name="Amount" type="hidden" value="300" />
    <input id="UserEmail" name="UserEmail" type="hidden" value="warheat1990@warheat1990.com" />
    <input id="Signature" name="Signature" type="hidden" value="1234567890" />
    <input id="ResponseURL" name="ResponseURL" type="hidden" value="http://warheat1990.com" />

    <input type="submit" value="submit"/>
}

在用户页面上执行上述操作是一个坏主意（数据可能被篡改），我尝试在服务器端执行此操作。但我不知道如何重定向用户。

public ActionResult SubmitPayment()
{
        using (var client = new HttpClient())
        {
            client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
            var content = new FormUrlEncodedContent(new[] 
            {
                new KeyValuePair<string, string>("RefNo", "ABCDE"),
                new KeyValuePair<string, string>("Amount", "300"),
                new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                new KeyValuePair<string, string>("Signature", "1234567890"),
                new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
            });
            var result = await client.PostAsync("", content).Result;
            if(result.IsSuccessStatusCode)
            {
                //redirect user, but I have no idea how               
            }
        }
}

任何帮助将不胜感激。

编辑：文档

Step 1. Merchant sends HTTPs Post Request containing payment details to l33tpaymentgateway
OPSG payment page. Payment Details contain the following fields:
• MerchantCode
• PaymentId
• RefNo
• Amount
• Currency
• ProdDesc
• UserName
• UserEmail
• UserContact
• Remark
• Signature (refer to 3.1)
• ResponseURL
• BackendURL
Step 2. User views and confirms payment details entered in Step 1. For credit card
payment, the user will need to key-in credit card information.
Step 3. User continues to fill in Username and Password at bank website (for non
credit card payment)
Step 4. User selects the account to debit the payment. (for non credit card payment)
Step 5. User confirms the payment. If yes, go to next step. (for non credit card
payment)
Step 6. User views and prints the payment detail. (for non credit card payment)
Step 7. Response is returned to the l33tpaymentgateway OPSG website indicating a successful or
failed transaction.
Step 8. l33tpaymentgateway OPSG response back the payment status to merchant with a
signature
Step 9. For successful payment transaction, the merchant needs to compare the
signature from l33tpaymentgateway OPSG. Refer to (3.2)

文档中的 HTTP POST 示例，从安全角度来看，我认为这是一个很大的问题。

<HTML>
    <BODY>
        <FORM method="post" name="ePayment" action="https://l33tpaymentgateway.com">
            <INPUT type="hidden" name="MerchantCode" value="ID00001">
            <INPUT type="hidden" name="PaymentId" value="1">
            <INPUT type="hidden" name="RefNo" value="A00000001">
            <INPUT type="hidden" name="Amount" value="300">
            <INPUT type="hidden" name="Currency" value="USD">
            <INPUT type="hidden" name="ProdDesc" value="Photo Print">
            <INPUT type="hidden" name="UserName" value="John Tan">
            <INPUT type="hidden" name="UserEmail" value="john@hotmail.com">
            <INPUT type="hidden" name="UserContact" value="0126500100">
            <INPUT type="hidden" name="Remark" value="">
            <INPUT type="hidden" name="Lang" value="UTF-8">
            <INPUT type="hidden" name="Signature" value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
            <INPUT type="hidden" name="ResponseURL" value="http://www.test.com/payment/response.asp">
            <INPUT type="hidden" name="BackendURL" value="http://www.test.com/payment/backend_response.asp">
            <INPUT type="submit" value="Proceed with Payment" name="Submit">
        </FORM>
    </BODY>
</HTML>

签名生成：

private string ComputeHash(string Key)
{
    SHA1CryptoServiceProvider objSHA1 = new SHA1CryptoServiceProvider();

    objSHA1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Key.ToCharArray));

    byte[] buffer = objSHA1.Hash;
    string HashValue = System.Convert.ToBase64String(buffer);

    return HashValue;
}

其中Key是MerchantKey（类似于私钥）+商户代码+RefNo+金额的组合

【问题讨论】：

我不太明白您要做什么。你想重定向到哪里？您可以只使用 return new Redirect(redirectUrl);
目前的形式确实无法回答。这完全取决于“l33t 支付网关”是如何设计的。如果它返回一个用户需要与之交互的页面，您必须在用户会话中存储任何 cookie 服务器端，将返回的 HTML 数据返回给用户并处理下一个帖子。 您不想这样做，因为用户不必向您的网站提供他们的付款详细信息。如果网站以重定向响应，其中 URL 包含某种支付令牌，这很简单。
server.redirect(URL)
.net mvc redirect to external url的可能重复
你真的不需要重定向。只需使用 HttpClient 调用他们的站点并发布数据。

标签： c# asp.net-mvc asp.net-mvc-5

【解决方案1】：

在下面更新了您的代码：

public ActionResult SubmitPayment()
    {
            using (var client = new HttpClient())
            {
                client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
                var content = new FormUrlEncodedContent(new[] 
                {
                    new KeyValuePair<string, string>("RefNo", "ABCDE"),
                    new KeyValuePair<string, string>("Amount", "300"),
                    new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                    new KeyValuePair<string, string>("Signature", "1234567890"),
                    new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
                });
                var result = await client.PostAsync("", content).Result;
                if(result.IsSuccessStatusCode)
                {
                    return Redirect(result.url);            
                }
            }
    }

我不确定结果对象是什么。但是将重定向到的url放入Redirect方法的参数中。

【讨论】：

HttpClient 会自动跟随重定向，HttpResponseMessage 没有url 属性。
url 只是一个例子