Program m e Se a r ch C# Toda y Liv in g Book

  I ndex Full Tex t j m n k l i n j k m l

  Advanced H OM E SI TE M AP SEARCH REFEREN CE FORU M FEED BACK AD V ERTI SE SU

  Th e C# Toda y Ar t icle Previous art icle - Next ar D e ce m be r 1 7 , 2 0 0 1 Decem ber 14, 2001 Decem b

Bu ildin g a n On lin e Sh oppin g Ca r t Usin g C# Pa r t 2

  by Juan Mart ínez CATEGORY: Applicat ion Developm ent ARTI CLE TYPE: Tut orial

  Reader Com m ent s

ABSTRACT

  Art icle I n t his art icle, Juan Mart inez cont inues his work in building an online shopping cart applicat ion. I n part Usefu one, he discussed t he basic fram ew ork of t he applicat ion, now t he t im e has com e t o increase t he feat ures of t he shopping cart and have a com plet e syst em for online use. These enhancem ent s w ill I nnov dem onst rat e how easy it is t o add new funct ionalit y t o t he fram ew ork, by adding a cust om er rat ing cont rol for t he available it em s. He w ill also build an adm inist rat ion console, which will enable us t o

  I nform m anage t he online st ore t hrough t he web, and will discuss t he secur it y issues on t he w eb, and how t o im plem ent SSL in you ser ver for encr ypt ion. Finally he w ill briefly discuss t he various paym ent services 9 r espo available on t he w eb.

  

Art icle Discussion Rat e t his ar t icle Relat ed Links I ndex Ent ries

ARTI CLE Edit or 's N ot e : Th is a r t icle ' s code h a s be e n u pda t e d t o w or k w it h t h e fin a l r e le a se of t h e .N e t fr a m e w or k

  I n t his art icle, we shall cont inue our w ork in building t he online shopping cart applicat ion t hat w e began in part one ( ht t p: / / w w w .cshar pt oday.com / cont ent / ar t icles/ 20011821.asp ) . We have alr eady discussed t he basis fram ew ork of t he applicat ion; w e built a cat egory list , it em showcase, shopping cart , and checkout syst em .

  Now t he t im e has com e t o incr ease t he feat ures of t he shopping cart and have a com plet e syst em for online use. We w ill build upon our developm ent from part one and enrich t he websit e wit h new feat ures in t he sam e way w e did before, first defining our basic requirem ent s, set t ing up t he necessary m odificat ions, and finally convert ing it t o code.

  These enhancem ent s w ill dem onst r at e how easy it is t o add new funct ionalit y t o t he fram ew or k described in t he previous art icle, by adding a cust om er rat ing cont rol for t he available it em s. We w ill also build an adm inist rat ion

console, w hich w ill enable us t o m anage t he online st ore t hrough t he w eb. We w ill also discuss t he secur it y issues

on t he w eb, and how t o im plem ent SSL in your server for encrypt ion. Finally w e w ill briefly discuss t he various paym ent services available on t he w eb.

  The applicat ion w ill be designed t o w ork w it h an SQL Server dat abase for st or age. Applicat ion logic w ill be done w it hin t he Web Form and present ed t o t he user t hrough t he w eb brow ser. Core logic w ill reside in a separat e C# com ponent using t he code behind t echnique. I t will also be .NET fr am ew or k Bet a 2 com pliant .

  I t is assum ed t hat you have basic know ledge of t he C# language, w eb developm ent know ledge, and dat abase design basics.

  Re m e m be r in g t h e sh oppin g ca r t a r ch it e ct u r e

  Before w e st art t o put t oget her our new com ponent s, w e need t o rem em ber t he archit ect ure of our exist ing

shopping cart . We w ill review t he shopping cart m odel and st at e w here our m odificat ions w ill be. We w ill also look

back at our exist ing dat abase, w hich w e w ill t hen m odify t o support t he new feat ures.

  Th e sh oppin g ca r t m ode l The shopping cart m odel is a sim plified flow of inform at ion t hat happens in all online shopping car t im plem ent at ions, and is t he basis for our online car t .

  We t hen have four basic m odules in our applicat ion: z I t em Cat alog - Here w e display t he opt ions t o our client s in an or ganized w ay. z I t em Det ails - Here w e show t he client as m uch info as w e can t o show off our product . z Shopping Cart - Here w e m anage t he user's select ed it em s.

z Checkout Syst em - Her e w e save t he it em s select ed and t he client 's infor m at ion t o close t he t ransact ion.

  

We w ill build addit ional feat ures inside t he " it em det ails" m odule by coding new user cont rols and sim ply include

t hem in t he Web Form . The adm inist rat ion console w ill cont rol t he inform at ion in t he dat abase. I t w ill not have any influence on t he shopping cart m odel, as it w ill act as a back end.

  Th e da t a ba se m ode l Now w e w ill t ake a look at our dat abase schem a.

  The t ables ar e gr ouped as follow s: z Green - The cat alog part of our applicat ion. z Blue - I t em det ails. z Orange - Shopping cart basket . z Yellow - The checkout syst em .

  The new feat ures of our applicat ion w ill have t o int eract w it h t his exist ing dat abase schem a. The det ails w ill be discussed aft erw ards.

  Th e j ob a h e a d

Now t hat w e have review ed t he w ork done previously, w e need t o define our new requirem ent s, and t hen do t he

appropriat e changes t o be able t o support t hem .

  D e fin in g ou r n e w r e qu ir e m e n t s

As in every soft w are developm ent cycle, w e need t o define our requirem ent s first , so t hat w e can design soft w ar e

capable of giving sat isfact ion t o our cust om ers.

  Our online shopping cart applicat ion should add t he follow ing feat ures: z I nclude a cust om er rat ing com ponent . z

  An adm inist r at ion console t o m odify t he exist ing infor m at ion for t he cat alog sect ion / subsect ion, it em s and have a list of orders. z The adm inist rat ion console should allow regist ered users only t hrough a login screen. z The console should also provide a way t o m anage t hese users. z The sit e should im plem ent SSL encrypt ion in t he back end for securit y. z The shopping cart should also accept online t ransact ions t hrough t he web.

Th e cu st om e r r a t in g fe a t u r e

  

This w ill be a new feat ure t o int egr at e int o t he exist ing w ebsit e. The goal of t his part of t he art icle is t o show how

easy it is t o develop new funct ionalit y int o exist ing websit es using t he ASP. Net fram ew ork. This new feat ure requires us t o develop a new user cont rol t o im plem ent t he funct ionalit y. This will be uc_item_rating.ascx, used to display the existing comments and add new ones.

  D a t a ba se m odifica t ion s The dat abase needs t o be m odified t o accom m odat e t he new feat ure. We j ust need t o add a new t able and a relat ionship t o t he it em t able.

N e w con t r ols

  

Our Web Applicat ion is m ade up of user cont rols. We do t his t o im plem ent funct ionalit y in a m odular fashion. I t is

now t im e t o ext end our im plem ent at ion. We w ill add a new user cont rol t o hold t he new funct ionalit y. This cont r ol

will present t he list of user reviews, and provide a form t o add new com m ent s. I t will be added w it h t he follow ing

code: Regist ered in t he page:

  <%@ Register TagPrefix="SC" TagName="ItemRating" Src="uc_item_rate.ascx" %>

  And included in t he page body:

  <SC:ItemRating runat="server" />

  Code be h in d cla sse s The code t o achieve t he desired behavior resides in t he UcI t em Rat ing class. The follow ing code populat es t he rat ing list and calculat es t he average rat ing for t he select ed it em :

  int myItemId = 0; if (Request.QueryString["itemId"] != null) { myItemId = Int32.Parse(Request.QueryString["itemId"]); } //Bind the rating list string SQLQuery = "SELECT itemRatingAuthor, itemRatingComment, itemRatingRate FROM itemR WHERE itemId = " + myItemId.ToString() + " ORDER BY itemRatingId ASC"; String connString = ConfigurationSettings.AppSettings["connString"]; SqlConnection myConnection = new SqlConnection(connString); SqlDataAdapter myCommand = new SqlDataAdapter(SQLQuery, myConnection); DataSet ds = new DataSet(); myCommand.Fill(ds, "itemRating"); MyRatingList.DataSource = new DataView(ds.Tables[0]); MyRatingList.DataBind(); //Calculate the average rating for the item string strSelect = "SELECT itemRatingRate AS rate FROM itemRating"; myConnection = new SqlConnection(connString); SqlCommand myCommand2 = new SqlCommand(strSelect, myConnection); myConnection.Open(); SqlDataReader dr = myCommand2.ExecuteReader(); int total = 0; double count = 0; while (dr.Read()) { total += dr.GetInt32(0); count++; } double rate = 0; rate = total / count; myConnection.Close(); lblRating.Text = "Average Rating: " + rate.ToString(); The follow ing code adds a new user rat ing t o t he list . string author = ""; string comment = ""; int rate = 0; author = txtAuthor.Text; comment = txtComment.Text; if (Radio1.Checked) { rate = 3; } else if (Radio2.Checked) { rate = 2; } else if (Radio3.Checked) { rate = 1; } int myItemId = 0; if (Request.QueryString["itemId"] != null) { myItemId = Int32.Parse(Request.QueryString["itemId"]); } String connString = ConfigurationSettings.AppSettings["connString"]; //Retreive new Id from main order table string strSelect = "SELECT COUNT(itemRatingId) AS myId FROM itemRating"; SqlConnection myConnection = new SqlConnection(connString); SqlCommand myCommand = new SqlCommand(strSelect, myConnection); myConnection.Open(); SqlDataReader dr = myCommand.ExecuteReader(); int newRateId = 0; if (dr.Read()) { newRateId = dr.GetInt32(0) + 1; } myConnection.Close(); //Add new order to the main order table string strInsert = "INSERT INTO itemRating(itemRatingId, itemId,

itemRatingAuthor, itemRatingComment, itemRatingRate) "

• "VALUES (" + newRateId.ToString() + ", "
• "" + myItemId.ToString() + ","
• "'" + author + "',"
• "'" + comment + "',"
• "" + rate.ToString() + ")"; myConnection = new SqlConnection(connString); myCommand = new SqlCommand(strInsert, myConnection); myConnection.Open(); int queryResult = myCommand.ExecuteNonQuery(); myConnection.Close(); txtAuthor.Text = ""; txtComment.Text = ""; Radio1.Checked = false; Radio2.Checked = true; Radio3.Checked = false; BindRatingList();

  Fin a l scr e e n s Finally our it em screen should look like t his:

Th e a dm in ist r a t ion con sole

  

The adm inist rat ion console consist s of t he pages needed t o keep t he sit e up t o dat e. Adm inist rat ion pages should

be developed for each t able in t he dat abase t hat is t o be adm inist ered t hrough t he web. We will present t he developm ent of such a page for t he it em t able.

  Th e u se r con t r ols We w ill develop several cont rols for t his page. These cont rols cont ain specific funct ionalit y and are t he building blocks of our Web Form . The cont r ols ar e t he follow ing: z uc_admin_menu.ascx - Displays a list of cat egories.

z uc_admin_item.ascx - Displays t he list of it em s for t he select ed cat egory and provides a form t o add new

it em s t o t hat cat egory. This w ill be used when we need t o display t he list of it em s and add new it em s.

z uc_admin_item_edit.ascx - Pr ovides a form t o m odify t he infor m at ion for t he select ed it em . This w ill be

used w hen w e w ant t o see t he it em 's det ails and m odify t hem .

  Th e code be h in d cla sse s

We have a couple of user cont rols t hat handle t he inform at ion for t he it em s in t he st ore. The first displays t he list

of subsect ions and t he list of it em s in t he select ed subsect ion. I t allow s us t o add a new it em t o t he st or e. The

second user cont rol displays a form w it h t he select ed it em inform at ion t hat allows us t o edit t he inform at ion of t he

it em . I t also enables us t o delet e t he it em .

  Th e it e m list

  DataList

  

This code populat es our list of it em s. First w e define our in t he user cont rol. This piece of code lies in

t he Web Form , and represent s how t he dat a w ill be displayed. I t defines t he look and feel of t he list . Anot her part of our code is in charge of adding cont ent t o it .

  <asp:DataList id="MyProductList" runat="server" BorderColor="black" BorderWidth="1" GridLines="Both" CellPadding="3" Font-Name="Verdana" Font-Size="8pt" Width="600px" HeaderStyle-BackColor="#aaaadd" SelectedItemStyle-BackColor="Gainsboro" RepeatDirection = "Horizontal" RepeatColumns = "1" DataKeyField="itemId" > <ItemTemplate> <table> <tr> <td width=600 colspan=2><a href='admin_item_mod.aspx?subSectionId=<%# DataBinde

  "catalogSubSectionId") %>&itemId=<%# DataBinder.Eval(Container.DataIte %>'><span class="itemText">Edit / Delete</span></a></td>

  </tr> <tr> <td width=300><span class="itemTitle">Item Id:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemId") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item name:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemName") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item short descripcion:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemShortDescription") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item long descripcion:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemLongDescription") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item small image:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemSmallImage") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item large image:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemLargeImage") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item price:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemPrice") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Item Stock:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemStock") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Promote in Category Home:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemPromoteCategory") %></span></td> </tr> <tr> <td width=300><span class="itemTitle">Promote in Site Home:</span></td> <td width=300><span class="itemText"><%# DataBinder.Eval(Container.DataItem,

  "itemPromoteSite") %></span></td> </tr> </table> </ItemTemplate> </asp:DataList>

  DataList

  

Then w e read from t he dat abase and bind t he r esult s t o our in t he user cont rol. This funct ion execut es

t he st at em ent against t he dat abase and binds t he result s t o t he list :

  protected void BindProductList(string subSectionId) { string SQLQuery = "SELECT * FROM item WHERE catalogSubSectionId=" + subSectionId

• " ORDER BY catalogSubSectionId, itemName"; String connString = ConfigurationSettings.AppSettings["connString"]; SqlConnection myConnection = new SqlConnection(connString); SqlDataAdapter myCommand = new SqlDataAdapter(SQLQuery, myConnection); DataSet ds = new DataSet(); myCommand.Fill(ds, "item"); MyProductList.DataSource = new DataView(ds.Tables[0]);

  MyProductList.DataBind(); }

  Th e a dd bu t t on This code calls t he funct ion t o add t he new it em t o t he st ore in t he current ly select ed subsect ion.

  <asp:button text="Add Item" OnClick="AddItem_Click" runat=server/>

  

This code reads t he inform at ion from t he form and saves it t o t he dat abase. This funct ionalit y is fairly sim ple. We

  Insert

  check for t he values in t he Web Form and use it t o build an st at em ent ; we t hen execut e it t o save t he new record.

  protected void AddItem_Click(object Source, EventArgs e) { if (Request.QueryString["subSectionId"] != null) { string itemName = txtItemName.Text; string shortDesc = txtShort.Text; string longDesc = txtLong.Text; string smallImg = txtSmall.Text; string largeImg = txtLarge.Text; string price = txtPrice.Text; string stock = txtStock.Text; string myPromoteCategory = ""; string myPromoteSite = ""; if (promoteCategory.Checked) { myPromoteCategory = "1"; } else { myPromoteCategory = "0"; } if (promoteSite.Checked) { myPromoteSite = "1"; } else { myPromoteSite = "0"; } //Retreive new Id from main item table String connString = ConfigurationSettings.AppSettings["connString"]; SqlConnection myConnection = new SqlConnection(connString); string strSelect = "SELECT MAX(itemId) AS myId FROM item"; SqlCommand myCommand = new SqlCommand(strSelect, myConnection); myConnection.Open(); SqlDataReader dr = myCommand.ExecuteReader(); int newId = 0; if (dr.Read()) { newId = dr.GetInt32(0) + 1; } myConnection.Close(); //Add new item string strInsert = "INSERT INTO item(itemId, catalogSubSectionId, itemName, itemSh itemLongDescription, itemSmallImage, itemLargeImage, itemPrice, itemStock, ite itemPromoteSite) "

• "VALUES(" + newId + ", " + Request.QueryString["subSectionId"] + ", '"
• itemName + "', '" + shortDesc + "', '" + longDesc + "', '" + smallIm
• "', '" + largeImg + "', " + price + ", " + stock + ", "
• myPromoteCategory + ", " + myPromoteSite + ")"; myConnection = new SqlConnection(connString); myCommand = new SqlCommand(strInsert, myConnection); myConnection.Open(); int queryResult = myCommand.ExecuteNonQuery(); myConnection.Close(); txtItemName.Text = ""; txtShort.Text = ""; txtLong.Text = ""; txtSmall.Text = ""; txtLarge.Text = ""; txtPrice.Text = ""; txtStock.Text = ""; promoteCategory.Checked = false; promoteSite.Checked = false; BindProductList(Request.QueryString["subSectionId"]); } }

  Th e Edit bu t t on

This but t on calls t he edit funct ion and saves t he new dat a for t he it em . This is sim ilar t o t he add but t on, in t hat we

get t he inform at ion from t he Web Form and creat e t he appropriat e st at em ent .

  This displays t he but t on in t he Web Form :

  <asp:button text="Edit Item" OnClick="EditItem_Click" runat=server/>

  This st or es t he infor m at ion t o t he dat abase:

  protected void EditItem_Click(object Source, EventArgs e) { if (Request.QueryString["subSectionId"] != null && Request.QueryString["itemId"] != nu { string itemName = txtItemName.Text; string shortDesc = txtShort.Text; string longDesc = txtLong.Text; string smallImg = txtSmall.Text; string largeImg = txtLarge.Text; string price = txtPrice.Text; string stock = txtStock.Text; string myPromoteCategory = ""; string myPromoteSite = ""; if (promoteCategory.Checked) { myPromoteCategory = "1";

  } else { myPromoteCategory = "0"; } if (promoteSite.Checked) { myPromoteSite = "1"; } else { myPromoteSite = "0"; } String connString = ConfigurationSettings.AppSettings["connString"]; SqlConnection myConnection = new SqlConnection(connString); string strUpdate = "UPDATE item "

• "SET catalogSubSectionId=" + Request.QueryString["subSectionId"]
• ", itemName='" + itemName + "', itemShortDescription='" + shortDesc
• "', itemLongDescription='" + longDesc + "', itemSmallImage='"
• smallImg + "', itemLargeImage='" + largeImg + "', itemPrice=" + pric
• ", itemStock=" + stock + ", itemPromoteCategory=" + myPromoteCategor
• ", itemPromoteSite=" + myPromoteSite + "&q
• "WHERE itemId=" + Request.QueryString["itemId"]; SqlCommand myCommand = new SqlCommand(strUpdate, myConnection); myConnection.Open(); int queryResult = myCommand.ExecuteNonQuery(); myConnection.Close(); Response.Redirect("admin_item.aspx?subSectionId=" + Request.QueryString["subSectio Response.End(); } }

  Th e D e le t e Bu t t on

  itemId

  Finally t he delet e but t on delet es t he it em from t he dat abase. We look for t he select ed and use it t o const ruct our Delete st at em ent . This displays t he but t on:

  <asp:button text="Delete Item" OnClick="DeleteItem_Click" runat=server/> Delete

  And t his code calls t he SQL st at em ent :

  protected void DeleteItem_Click(object Source, EventArgs e) { if (Request.QueryString["subSectionId"] != null && Request.QueryString["itemId"] != null) { String connString = ConfigurationSettings.AppSettings["connString"]; SqlConnection myConnection = new SqlConnection(connString); string strDelete = "DELETE FROM item WHERE itemId=" +

  Request.QueryString["itemId"]; SqlCommand myCommand = new SqlCommand(strDelete, myConnection); myConnection.Open(); int queryResult = myCommand.ExecuteNonQuery(); myConnection.Close(); Response.Redirect ("admin_item.aspx?subSectionId=" +

  Request.QueryString["subSectionId"]); Response.End(); } }

  Th e fin a l scr e e n s

This is how our adm inist rat ion page looks. We achieve t his final screen by including our user cont rols int o t he Web

Form . This process is like bolt ing new equipm ent ont o t he sit e. This m odular design enables us t o r euse pieces of

code and m akes t he building process m uch m ore m odular. This screen ( below) shows t he Web Form m aking use of t he uc_admin_item.ascx and t he

  uc_admin_item.ascx user cont rols t o display t he list of m enus and t he list of it em s in t he cat egor y, as w ell as t he add new form .

  The it em list and Add feat ure:

This Web For m ut ilizes t he uc_admin_item.ascx and t he uc_admin_item_edit.ascx user cont r ol t o display

t he m enu and t he edit form . Not ice t hat t his page represent s different funct ionalit y, but we have reused t he m enu

cont rol.

  The Edit / Delet e page:

Se t t in g u p se cu r it y for y ou r se r v e r

  A very im port ant aspect t hat m ust be solved befor e you expect t o ask for users' privat e infor m at ion is secur ing your server's connect ion t o t he I nt ernet . As inform at ion t ravels from t he user's com put er t o your server t hrough t he I nt ernet w ires, it is exposed t o m alicious users t hat could " sniff" int o t he dat a and ret rieve som e vit al inform at ion like credit card num bers. We need t hen t o secure t he inform at ion as it t r avels t hr ough t he I nt er net . To achieve t his, w e use dat a encrypt ion. The way t his works is t hat t he inform at ion is encrypt ed w it h an encr ypt ion key inst alled on your

ser ver. This ensur es t hat dat a t ravels from t he client t o your server encrypt ed, so t hat if som eone sniffs int o your

infor m at ion, it w ill be useless. I nfor m at ion t ravels t hrough ht t ps which is t he ht t p pr ot ocol w it h encr ypt ion, so our

URL will look like t his: ht t ps: / / yourserver / yourw ebform .aspx . I t is im port ant t o not e t hat t his is needed only w hile im port ant inform at ion is t r ansm it t ed bet w een t he client and t he host . For m ore inform at ion on encrypt ion, please see Richard Conw ay's art icle on Crypt ography - part 1 ( ht t p: / / w w w .cshar pt oday.com / cont ent / ar t icles/ 20010823.asp ) and part 2 ( ht t p: / / w w w .cshar pt oday.com / cont ent / ar t icles/ 20010830.asp ) .

This diagram show s t he effect s of having an encrypt ed channel t o t ransm it dat a. The sniffer is unable t o ret rieve

useful inform at ion from t he w ires bet ween t he server and your client s.

  Now t hat w e know how encrypt ion w orks, w e need t o incorporat e t his encrypt ion for our sit e. We get t his

encrypt ion key from a t hird part y vendor, for exam ple Verisign ( ht t p: / / w ww.verisign.com ) . I nst allat ion of t he key

is ver y st r aight forw ard, and Ver isign provides com plet e w alkt hroughs at ht t p: / / w ww.verisign.com / product s/ sit e/ index.ht m l . Once t he key is up and running in your ser ver , you w ill only need t o redirect your Web Form s t o use ht t ps w here vit al inform at ion is t r ansm it t ed.

  The basic st eps t o secure your server are: z Creat e an encrypt ion key for your server. z Request t he act ivat ion of your encrypt ion key from Verisign. z I nst all t he key int o your server and configure I I S t o m ake use of it . z

  Rout e you im port ant inform at ion t hrough ht t ps by m aking your post / get form s go t hrough ht t ps: / / yourser ver.com / t est .aspx , inst ead of j ust ht t p: / / yourserver.com / t est .aspx .

Det ails on t he first t hree st eps are available in t he Ver isign sit e at t he URL pr ovided above. This includes a det ailed

st ep by st ep guide t o inst alling a SSL key t o your server.

Re ce iv in g pa y m e n t fr om cu st om e r s

  

So w e have a nice online st or e, w e have a secur e connect ion t o pr ot ect our cust om ers, but w e ar e st ill m issing t he

part t hat lead us t o build an online st ore in t he first place! We need t o receive paym ent for t he product s w e are selling.

  

There are m any w ays t o do t his. I n t he early days, w e w ould j ust receive t he raw dat a for t he order and process it

m anually. This involved shipping and handling t he product , and perform ing a charge t o t he cr edit car d, usually w it h a regular credit card m erchant , by forcing a t ransact ion w it h t he num ber pr ovided by t he client .

  Wit h t oday's t echnology, w e have m or e possibilit ies. We w ill discuss a couple of approaches t hat are available from t hird part ies on t he Web. These services can be grouped as follow s: z Services t hat receive inform at ion from you sit e for processing z

  Services t hat provide special API s t o handle t he t ransact ions wit hin your syst em .

  Se r v ice s t h a t r e ce iv e in for m a t ion fr om y ou r sit e for pr oce ssin g

These kinds of services provide you wit h access t o a predefined infrast ruct ure w it hin t heir servers. This w orks in a

w ay in w hich you send a form w it h specific fields t o t heir servers, and t hey t ake cont rol of t he w hole t ransact ion

for you.

Paypal ( ht t p: / / w ww.paypal.com ) is a t hird part y vendor t hat offers t his service. I t does so by host ing an account

w it h t hem , and post ing inform at ion t o t he appropriat e request handlers of t heirs. There you will be present ed wit h

a st andard int erface ( for w hich you can alt er t he st yle) for handling t he pay t ransact ion. I f t he t ransact ion went out successfully, t here will be a new it em in your or der s list for you t o ship.

  

This is a very sim ple solut ion for t he developer , since you are free of im plem ent ing t he checkout syst em for your

applicat ion. This is done ent irely on Paypal's servers, w hich m anage t he shipping calculat ion, credit card charge,

securit y and order adm inist rat ion. A t our of t he ser vice can be found at t he follow ing URL ( ht t p: / / w ww.paypal.com / cgi- bin/ w ebscr?cm d= p/ xcl/ rec/ sc- out side ) where det ails of t he buying process are present ed.

  Det ails and price for t his kind of service vary from vendor t o vendor but t he concept is t o fr ee you fr om t he paym ent t rouble, and concent rat e in building a bet t er sit e t o at t r act m or e cust om ers. Her e ar e t he pr os and cons for t his approach: Pros: z Easy t o im plem ent z

  Sim ple, easy t o follow process Cons: z St andard user int erface z None or lim it ed cust om izat ion on t he paym ent process z

  Usually share servers wit h ot hers which leads t o a lim it ed num ber of t ransact ions and perform ance lim it at ions Se r v ice s t h a t pr ov ide spe cia l API s t o h a n dle t h e t r a n sa ct ion s w it h in y ou r sy st e m .

These kinds of services t ake a different approach t o providing you wit h t he t ools t o build your paym ent solut ion. They do exact ly t hat ; provide you wit h t he t ools you need t o develop your ow n solut ion. Cybercash ( ht t p: / / w ww.cybercash.com ) is an exam ple of one of t hese services providers. I t gives you a set of

API s and docum ent at ion, which you can use t o develop your checkout syst em . This put s t he responsibilit y on t he

developm ent t eam , but also gives t hem t he possibilit y t o creat e t he solut ion t hat best fit s t he needs of t he client .

For com plet e docum ent at ion on how t o develop a solut ion w it h Cybercash, go t o t his URL ( ht t ps: / / w w w .verisign.com / cgi- bin/ go.cgi?a= b183338890612000 ) .

  Her e ar e t he pr os and cons for t his approach: Pros: z

  Com plex API gives you t he pow er t o develop your ow n solut ion z Gives you direct int eract ion wit h t he syst em which gives you m uch m or e det ails on t he t r ansact ion. z Can have m ore cont rol over t he inst alled plat form and can scale t o larger sit es

  Cons: z

  You need t o develop t he w hole checkout syst em w hich can be expensiv e and t im e consum ing z Need for ser ver capable of support ing t he API and securit y.

  W r a ppin g u p

We have looked at t he t w o basic approaches t hat are offered on t he w eb for paym ent solut ions. One set s you up

w it h a pr edefined solut ion, w hich you use out of t he box. The ot her provides you w it h an API for you t o creat e your ow n solut ion.

Paypal is basically a packaged product t hat w orks out of t he box and pr ovides sat isfact ion t o m ost of our needs in

a fast non- expensive w ay ( alt hough t here are som e sm all fees involved) . On t he ot her hand, services like

Cybercash, w hich provide com plex API s for developm ent , gives us t he freedom of developing a m ore cust om ized

solut ion.

  The Cybercash t ype of services provides t he com plet e set of t ools needed t o creat e our applicat ion. This is best suit ed for pr oj ect s w here com plex order m anagem ent is required and need t o be developed specifically for t he occasion.

  There are m any m ore providers of t his t ype of service out t here. We can see t hat t hey can range from a sim ple solut ion t o m ore robust st at e of t he art API s, so t he decision as t o which service t o choose lies wit hin t he developer's specific needs. You need t o balance t he pros and cons of t he vendor and evaluat e w hich is bet t er.

I n st a llin g t h e n e w v e r sion

  

Once w e have finished t he second part of our developm ent , we need t o deploy t he changes. We have t w o choices

here, an upgrade or a new inst all. The upgrade pat h will be needed if you int end t o im plem ent t he changes on t op of t he code from part 1 of t his art icle. This w ill have t o be a t ot ally new inst allat ion of t he sit e. Files ar e included for bot h pat hs in t he dow nloadable zip file.

  Upgr a de The st eps needed t o do t he upgrade are t he following: z Run t he upgrade.sql script t o build t he new it em review t able, and add an adm inist rat or user w it h t he usernam e " adm in" and t he passw ord " adm in" .

z Copy t he uc_item_rating.ascx user cont rol t o t he root folder of your applicat ion t o be w it h t he rest of t he

cont rols and Web Form s. z Copy t he adm inist rat ion folder int o your root folder so t he files exist in . http://yourserver/yourapp/admin

  N e w in st a ll The st eps needed t o do a new inst all are as follow s: z Creat e a ne w da t a ba se in SQL Server z Once w e have cr eat ed t he dat abase, w e need t o run t he dat abase creat ion scr ipt

  newinstall.sql

  , which will creat e t he dat abase schem a and populat e it wit h som e sam ple dat a. z

H ow ou r on lin e st or e r a t e s

Con clu sion s

  I NSERT st a z m odifying z online st or z Paypal z receiving p product s from z securit y z shopping c z SSL

  C# z code behind t echnique z creat ing z crypt ography z cust om er rat ing feat ure z Cybercash z dat abase design z dat abase t able z dat abase t able, creat ing z encrypt ion z enhancem e z

  z adm inist rat ion console z archit ect ure z

  Advanced

  Full Tex t n m l k j

  Se a r ch t h e C# Toda y Liv in g Book I ndex n m l k j i

  z Cybercash: ht t p: / / w ww.cybercash.com z Paypal: ht t p: / / w ww.paypal.com z Verisign: ht t p: / / w ww.versign.com

  Go t o Next Art icle

  See ot her art icles in t he Applicat ion Develo z See ot her Tut orial art icles z Reader Com m ent s on t his ar t icle z Go t o Previous Art icle z

  En t e r Te ch n ica l D iscu ssion on t his Ar t ic z Technical Support on t his art icle - support @ z

  D ow n loa d t h e su ppor t m a t e r ia l for t his z

  Ye s, V e r y Br ie f Re a de r Com m e n t s? You r N a m e : ( Opt ion a l) USEFU L LI N KS Re la t e d Ta sk s: z

  Ye s, V e r y I n for m a t ive ? N o n m l k j n m l k j n m l k j n m l k j n m l k j

  Ye s, V e r y I n n ova t ive ? N o n m l k j n m l k j n m l k j n m l k j n m l k j

  RATE TH I S ARTI CLE Ple a se r a t e t h is a r t icle ( 1 - 5 ) . W a s t h is a r t icle ... Use fu l? N o n m l k j n m l k j n m l k j n m l k j n m l k j

  Our applicat ion is now capable of handling real w orld use and w ill provide a valuable fram ew ork for furt her developm ent .

  This concludes a t w o- part art icle t hat show ed how t o creat e an online shopping cart from scrat ch. We have developed a cat alog / sect ion sit e t o display our product s. This w as furt her enhanced w it h an it em r at ing user cont rol in part t w o, and an adm inist r at ion console w as also developed t o m anage t he inform at ion of t he online st ore. We t hen discussed som e securit y and paym ent issues and analyzed t he resources needed t o solve t hem .

  Never t heless, t here is st ill m uch room for im provem ent . One of t he coolest feat ures nowadays are cust om er m anagem ent syst em s. These incorporat e ideas present ed

before like relat ed it em s, user account s, m ailing list s and adds upon t hem . I t is up t o you t o build t he appr opriat e

cust om feat ures t o fit your needs. As for t echnology, w e should also im plem ent som e best pract ices, like building upon com ponent s t o achieve code reuse, and also t he use of st ored procedures. All t his left out for sim plicit y.

  We should now have our online st ore up and running w it h enough feat ures t o be product ion w ort hy. We have

added funct ionalit y t o t he it em s m odule t o display it em r eview s, and also a w or k ing cont ent m anagem ent syst em

t o m anage t he inform at ion in our online st ore. We have also discussed som e t hird part y services t o handle real- t im e online t ransact ions and I nt ernet securit y.

  codebehind.dll int o your wwwroot/bin dir ect or y ( no regist r at ion requir ed! ) .

  Copy t he

  Creat e a ne w sit e in your I I S adm inist rat ion program z Copy t he web.config file t o t he wwwroot folde . z Copy t he W e b For m s and Use r con t r ols t o t he

wwwroot

folder . z

I n de x En t r ie s in t h is Ar t icle

Re la t e d Sou r ce s

  z dat abase t able, m odifying z Dat aList cont rol z DELETE st at em ent z UPDATE st z user cont r o z VeriSign z w eb form s

  H OM E | SI TE M AP |

  I N D EX | SEARCH | REFEREN CE | FEED BACK | AD V ERTI S Ecom m erce Perform ance Securit y Sit e Design

  XML SO Dat a Access/ ADO.NET Applicat ion Developm ent

  Web Services Graphics/ Gam es Mobile Ot her Technologies C# Today is brought t o you by Wrox Press ( w w w .w rox.com ) . Please see our t erm s and condit ions and privacy C# Today is opt im ised for Microsoft I nt ernet Explorer 5 brow sers. Please report any w ebsit e problem s t o w ebm ast er@csharpt oday.com . Copyright © 2002 Wrox Press. All Right s