Below is the code used for creating the Alias which does not work and throw an error "unknown order/1/s/". The same code works for payment if I remove the code for Alias. Not sure what am I missing? I could log into the epdq barclaycard account and see the error which is "unknown order/1/s/". I can also create Alias manually through the epdq account, but just cant get to the orderstandard.asp page without error (when alias hidden fields and code used).
I would be glad if someone could help me.
<body>
<form id="OrderForm" action="https://payments.epdq.co.uk/ncol/prod/orderstandard.asp" method="post" runat="server">
<div>
<asp:HiddenField ID="AMOUNT" runat="server" />
<asp:HiddenField ID="CN" runat="server" />
...
<asp:HiddenField ID="ALIAS" runat="server" />
<asp:HiddenField ID="ALIASUSAGE" runat="server" />
<asp:HiddenField ID="ALIASOPERATION" runat="server" />
<asp:HiddenField ID="SHASign" runat="server" />
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Text; //for Encoding
using System.Security.Cryptography; //for SHA1
public partial class _DefaultAliasTest : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//-- Set Values (these would be pulled from DB or a previous page). -- //
bool isAlias = true;
//- Customer/Order Details - //
string strUserTitle = "Mr"; // Customer details
string strUserFirstname = "Edward";
string strUserSurname = "Shopper";
string strBillHouseNumber = "123"; // Address Details
string strAd1 = "Penny Lane";
string strAd2 = "Central Areas";
string strBillTown = "Middlehampton"; // Bill Town
string strBillCountry = "England"; // Bill Country
string strPcde = "NN4 7SG"; // Postcode
string strContactTel = "01604 567 890"; // Contact Telephone number
string strShopperEmail = "[email protected]"; // shopper Email
string strShopperLocale = "en_GB"; // shopper locale
string strCurrencyCode = "GBP"; // CurrecncyCode
string strAddressline1n2 = strBillHouseNumber + " " + strAd1 + ", " + strAd2; // Concatenated Address eg 123 Penny Lane Central Areas
string strCustomerName = strUserTitle + " " + strUserFirstname + " " + strUserSurname; // Concatenated Customer Name eg Mr Edward Shopper
string strPaymentAmount = "100"; // This is 1 pound (100p)
string strOrderDataRaw = "HDTV - AVTV3000"; // Order description
string strOrderID = "ORD1234556Y"; // Order Id - **needs to be unique**
//- integration user details - //
string strPW = "xxxxxx!?"; // Update with the details you entered into back office
string strPSPID = "epdqxxxxxxx"; // update with the details of the PSPID you were supplied with
//- payment design options - '//
string strTXTCOLOR = "#005588"; // Page Text Colour
string strTBLTXTCOLOR = "#005588"; // Table Text Colour
string strFONTTYPE = "Helvetica, Arial"; // fonttype
string strBUTTONTXTCOLOR = "#005588"; // Button Text Colour
string strBGCOLOR = "#d1ecf3"; // Page Background Colour
string strTBLBGCOLOR = "#ffffff"; // Table BG Colour
string strBUTTONBGCOLOR = "#cccccc"; // Button Colour
string strTITLE = "Testing - Secure Payment Page"; // Title
string strLOGO = "https://www.site.com/logo.png"; // logo location
string strPMLISTTYPE = "1"; // Payment Method List type
string strALIAS = System.Guid.NewGuid().ToString();
string strALIASUSAGE = "usage"; // ALIAS USAGE
string strALIASOPERATION = "BYMERCHANT"; // ALIAS Operation
//= create string to hash (digest) using values of options/details above. MUST be in field alphabetical order!
string plainDigest =
"AMOUNT=" + strPaymentAmount + strPW +
"BGCOLOR=" + strBGCOLOR + strPW +
"BUTTONBGCOLOR=" + strBUTTONBGCOLOR + strPW +
"BUTTONTXTCOLOR=" + strBUTTONTXTCOLOR + strPW +
"CN=" + strCustomerName + strPW +
"COM=" + strOrderDataRaw + strPW +
"CURRENCY=" + strCurrencyCode + strPW +
"EMAIL=" + strShopperEmail + strPW +
"FONTTYPE=" + strFONTTYPE + strPW +
"LANGUAGE=" + strShopperLocale + strPW +
"LOGO=" + strLOGO + strPW +
"ORDERID=" + strOrderID + strPW +
"OWNERADDRESS=" + strAddressline1n2 + strPW +
"OWNERCTY=" + strBillCountry + strPW +
"OWNERTELNO=" + strContactTel + strPW +
"OWNERTOWN=" + strBillTown + strPW +
"OWNERZIP=" + strPcde + strPW +
"PMLISTTYPE=" + strPMLISTTYPE + strPW +
"PSPID=" + strPSPID + strPW +
"TBLBGCOLOR=" + strTBLBGCOLOR + strPW +
"TBLTXTCOLOR=" + strTBLTXTCOLOR + strPW +
"TITLE=" + strTITLE + strPW +
"TXTCOLOR=" + strTXTCOLOR + strPW +
"";
if (isAlias)
{
plainDigest =
plainDigest +
"ALIAS=" + strALIAS + strPW +
"ALIASUSAGE=" + strALIASUSAGE + strPW +
"ALIASOPERATION=" + strALIASOPERATION + strPW +
"";
}
//Payment
//-- insert payment details into hidden fields -- //
AMOUNT.Value = strPaymentAmount; // PaymentAmmount : (100 pence)
CN.Value = strCustomerName; // Customer Name
COM.Value = strOrderDataRaw; // OrderDataRaw (order description)
CURRENCY.Value = strCurrencyCode; // CurrecncyCode
EMAIL.Value = strShopperEmail; // shopper Email
FONTTYPE.Value = strFONTTYPE; // fonttype
LANGUAGE.Value = strShopperLocale; // shopper locale
LOGO.Value = strLOGO; // logo location
ORDERID.Value = strOrderID; // *this ORDER ID*
OWNERADDRESS.Value = strAddressline1n2; // AddressLine2
OWNERCTY.Value = strBillCountry; // Bill Country
OWNERTELNO.Value = strContactTel; // Contact Telephone number
OWNERTOWN.Value = strBillTown; // Bill Town
OWNERZIP.Value = strPcde; // Postcode
PMLISTTYPE.Value = strPMLISTTYPE; // Payment Method List type
PSPID.Value = strPSPID; // *Your PSPID*
BGCOLOR.Value = strBGCOLOR; // Page Background Colour
BUTTONBGCOLOR.Value = strBUTTONBGCOLOR; // Button Colour
BUTTONTXTCOLOR.Value = strBUTTONTXTCOLOR; // Button Text Colour
TBLBGCOLOR.Value = strTBLBGCOLOR; // Table BG Colour
TBLTXTCOLOR.Value = strTBLTXTCOLOR; // Table Text Colour
TITLE.Value = strTITLE; // Title
TXTCOLOR.Value = strTXTCOLOR; // Page Text Colour
if (isAlias)
{
ALIAS.Value = strALIAS;
ALIASUSAGE.Value = strALIASUSAGE;
ALIASOPERATION.Value = strALIASOPERATION;
}
SHASign.Value = SHA1HashData(plainDigest); // Hashed String of plain digest put into sha sign using SHA1HashData function
}
}
I found the answer to my question via customer service to Barclaycard epdq. I hope this helps others. For me the answer is the point selected in bold below.
Please see below details on how to rectify the error ‘unknown order/1/s/’:
This error indicates that ePDQ has been unable to decrypt the SHASIGN HTML Form value sent with the customer when you redirect them from your website to the ePDQ Hosted Payment Page.
The typical reasons for this error are:
• The SHA-IN Passphrase value configured in the ePDQ back office does not match the value you used to encrypt the transaction data used to create the SHASIGN parameter (please also ensure you are sending transactions to the correct ePDQ environment – TEST or PRODUCTION)
• You have not arranged the parameters in alphabetical order when calculating the SHASIGN in your server-side code
• You have not correctly declared some of the parameters – all parameters and values are case sensitive (all parameter names must be upper case)
• You have set a HASH ALGORITHM value that is different to the SHA method used in your server side script (for example, you have configured SHA-256 in the ePDQ Back Office Technical Information settings, but are using a SHA-1 method in your encryption process).
• You have passed additional parameter/value pairs in the HTML Form that have not been included in the SHA-IN calculation
For more information please refer to the Basic & Advanced e-Commerce integration guides located in the ePDQ Back Office under Support –> Integration & User Manuals.