Upload Complete Cart Button Control for ASP.NET Web Form
This page explains the usage and facts about the Upload-Complete-Cart button Web Form Server Control. If you intend to use Upload-Complete-Cart button within your ASP.NET MVC project, please visit this page. Instead of relying on the PayPal Shopping Cart, many merchants use third party shopping carts that integrate with PayPal. This chapter describes how developers of third party carts integrate with PayPal using ASP.NET PayPal Control for Website Payments Standard. There are two ways to integrate your third party shopping cart with PayPal and Website Payments Standard:
- Pass the details of the individual items. You can do that using 'Upload Complete Cart' button. In this approach, you can track individual cart items from IPN_Notified / PayPal_Returned event.
- Pass the aggregate amount of the total cart payment, rather than the individual item details. If you follow this approach, then a Buy Now button can serve this purpose. But following this approach, you wont be able to track the individual cart items from IPN_Notified / PayPal_Returned event.
|- The Checkout Experience|
- Getting Started
|- Set Properties Programmatically|
- Click Event and Post Back
|- Handling Instant Payment Notification (IPN)|
- Handling PayPal Return / PDT
Drag and drop an instance of the Upload Complete Cart Button control from your Visual Studio Toolbox to your web form as shown below:
The first property of this control that you need to set is your Business Email Address or Merchant ID of your Merchant Account. If you are testing in Sand Box, then, this is the account which you created as 'Test Merchant Account' as explained in the Sand Box preparation chapter. Please do not get confused with the Developer Central Login account with the Test Merchant Account. Merchant ID is an alternative to using your Email address. It is better not to expose your business email address in order to protect your Email In-box from Spams. You can set either Business Email or Merchant ID from the Smart Tag or from the Property Editor. In order to get your Merchant ID, log in to your PayPal account. If you are testing in Sand-box, then, log in to your Developer Central Account, then log in to your Merchant Test Account from https://www.sandbox.paypal.com/. Click 'Profile' Menu, then, your Merchant ID will be shown up as shown in the following screen shot.
Set the merchant ID as shown here:
Now, you may populate the Collection type property named PayPalCartItems either in Design Mode or Run Mode. It is more practical that you programmatically populate this property in Run Mode based on the present cart items selected by your customer in your third party shopping cart. Design Mode population is useful if you want to test and debug your web application. For example, please see the following screen shot, you see that PayPalCartItems collection property has rich design time support where you can populate the property with some values and Run your website, clicks the button and see how the cart items are passed to PayPal shopping cart.
Furthermore, you may choose to set the visual styles and PayPal page behaviors for the 'Upload Complete Cart' button. Just click the button "Next" shown in the wizard and you will be taken to configure the display page as shown in the following screen shot.
Please note: If your account is not upgraded to a Premier or Business account, then, you will not see any affect of these styling properties for PayPal page. For example, if you set a header image URL, you will not see that image when you are taken to PayPal website due to a click on the 'Upload Complete Cart' button. In that case, you will see your email address as the header of the page.
- If you want to pass unlimited custom data that you want to track in a Post Payment event like IPN_Notified, PayPal_Returned, then, please check the feature chapter about Additional Data Items.
Click Here to view the complete Class Diagram that you may use as a reference when you set properties from your code.
You may want to set the properties of your 'Upload Complete Cart' Button after the customer has clicked the Button for purchasing an item. For example, in your web form, you may have a text box asking your customer how may copies of the item he/she wants to buy. So, if the button is clicked, you can calculate the final price and then send the information to PayPal. In order to do that, this control has an event named "Click". It is similar to any standard ASP.NET button control's Click Event as shown in the following figure:
If you attach an event handler to this event, then the event handler method will be executed before the data is transferred to PayPal.
You can use Validation logic inside the Click Event handler of an 'Upload Complete Cart' button and based on a condition (user input) you can cancel the submission to PayPal. Please check the method CancelSubmission().
- The 'Upload Complete Cart' will POST BACK only IF the Click event is handled. If you do not handle Click event, your customer will be taken to PayPal website directly from the Client Side without any Server Round Trip.
When your customer Clicks the final 'Pay Now' button in the PayPal website, PayPal sends notification to your website asynchronously which is called Instant Payment Notification (IPN).
This control can capture that notification and fire a server side event named IPN_Notified. This control not only just fires the event, but also collects all the transaction data from IPN and offers you a rich set of strongly typed relational object model as event argument object which is not only loved by all Object Oriented Programmers, but also revealing all the headaches from the developer about verification and other complex tasks in IPN Session.
Click Here to view the complete Class Diagram of ShoppingCartIPNEventArgs object.
By the way, the above example snippet does not show the detailed way of handling FRAUD attempts in order to simplify the overview of IPN_Notified event. So, you should check the pattern for payment verification, fraud detection and automated Product delivery.
If you do not want to handle IPN_Notified event from the same page, rather if you want to handle IPN_Notified event from a dedicated page, you can do that too. Simply do not handle IPN_Notified event and set the Custom Notification URL from the Design Time Smart Tag Wizard -> Step 3 as shown here:
- If you use a Custom IPN URL to capture the IPN from a dedicated page, you can still get the benefit of firing IPN_Notified event and capture all IPN data from event argument object from that dedicated page. How ? Please check the chapter for IPNHandler Component.
If you handle IPN_Notified event, then, setting Custom Notification URL will have NO EFFECT. The control will always generate notify URL automatically to use the same page where the 'Upload Complete Cart' button is hosted so that the same 'Upload Complete Cart' button can fire IPN_Notified event.
If you do not handle IPN_Notified event and if you do not set any Custom Notification URL then, this control will not capture IPN at all. If you have specified any default IPN URL in your PayPal profile, then, PayPal will use that URL to send IPN for any transaction happens in your PayPal account in that case.
You should handle IPN_Exception event if you want to capture any Exception thrown in your IPN_Notified event handler method. By handling IPN_Exception event, you not only catch any exception that was fired beyond your IPN_Notified handler layer, but also you get rid of using TRY - CATCH block in your IPN_Notified handler which will enhances the readability of your code.
You do not need to turn IPN option ON from your PayPal account at all. This control will take care of everything for you.
Whenever your customer is transferred back to your website from PayPal website after completing or canceling a payment (pursuant to submission of your 'Upload Complete Cart' button), you can execute post payment business logic on your website by handling an event named PayPal_Returned. This control not only just fires the event, but also collects all the transaction data from PayPal if you have turned 'Payment Data Transfer' option ON from your PayPal profile. The event argument object of PayPal_Returned event offers you a rich set of strongly typed relational object model same like the event argument object of IPN_Notified event. This event will take care of notification validation so you just do not need to worry about any dirty code work, rather use the clean data returned by this event argument object.
Once you handled PayPal_Returned event of your 'Upload Complete Cart' button, your buyer will be taken back to your website after the payment is completed or canceled. You can check from your Event handler if the payment was proceeded or canceled as shown below:
If you do not handle PayPal_Returned event, then, your buyer will not be returned to your website by PayPal. So, you should handle this event if you want to bring your buyer back to your site.
If you want to redirect your customer to a different page after returning from PayPal, you can do so by setting the Custom Completed Return URL and Custom Canceled Return URL from the Step 4 tab of the 'Upload Complete Cart' button Design Time Wizard as shown here:
Notice the check box in the above screen shot. If you check this box, then, the Canceled Return URL will be auto generated so that you can handle both of the Completed and Canceled Return event from the same page. It is HIGHLY RECOMMENDED that you check this option.
If you prefer to use Custom Return URL as mentioned above, you can still fire PayPal_Returned event and collect the information about completed/canceled from your dedicated return page. How ? please check the chapter for PayPalReturnHandler Component.
- If you handle PayPal_Returned event, then, setting Custom Complete Return URL and Custom Canceled Return URL will have NO EFFECT. So, if you want to redirect the buyer to a dedicated page after PayPal return, then, make sure that you do not handle PayPal_Returned event and then, set the Custom Complete Return URL / Custom Canceled Return URL.
If you want to receive all the transaction data in PayPal_Returned event as you could in IPN_Notified event from ShoppingCartReturnedEventArgs, then, you need to turn 'Payment Data Transfer (PDT)' option On from your PayPal account. Once you turn PDT ON for your PayPal account, you will receive an Authentication Token which is called 'PDT Authentication Token'.
Once you get the PDT Authentication Token, from the design time smart tag, click Button Wizard and select the last tab "Step 4 (Payment Return / PDT)". In that tab, at the bottom of the Form, you will find the box for PDT Authentication Token. Set the PDT Authentication Token in that box as shown here:
After PDT Authentication Token is set, you can collect transaction data from the PayPal_Returned event argument object ShoppingCartReturnedEventArgs.
Click Here to view the complete Class Diagram of ShoppingCartReturnedEventArgs object.
- You do not need to enable PDT if you just need to collect Transaction ID from PayPal_Returned event. e.TransactionID is available even though if you do not set PDT Authentication token.
So, PayPal_Returned event is fired after IPN_Notified event, is that right ?Answer : Not strictly but usually. What does it mean ? Ok, as I said, IPN is submitted to your website by PayPal Notification Service. It actually queues the notification task to it's Queue and depending on the tasks the notification service already has, the time when 'IPN_Notified event fire' varies. For the PayPal live site, the notification service task queue is not usually long but the task queue for PayPal Sand box is usually very long. So, when testing in Sand box, most of the time, you will find that your customer is already back to your website (PayPal_Returned event fired) before IPN_Notified event is fired. But, when you are testing in PayPal live site, most of the time you will find that, IPN_Notified event is fired before your customer is back to your website (PayPal_Returned event fired). Please remember, PayPal_Returned event is Synchronous and IPN_Notified event is Asynchronous. One event does not depend on the completion of another event.
A piece of advice : Never process the post payment logic (i.e. logging the transaction data in your database, verifying the payment and generating License Key, sending email to the payer with shipping information etc) from PayPal_Returned event even though you can collect all transaction data from PDT. Because, if the payer closes his / her browser while living in PayPal website before coming back to your website, then, PayPal_Returned event will never fire and so you will miss that transaction. Always use IPN_Notified event for processing post payment logic. Use PayPal_Returned event to convey 'Thank you' Message or doing some additional Read-Only tasks. What is a Read Only task ? Read Only task means, "the task that can be done by reading your database without writing / updating the database". Get the Transaction-ID from the PayPal_Returned event, query your database using that Transaction-ID and find out if any information is already recorded by IPN_Notified event. If found, show the download link / shipping information etc from your database.
You should take appropriate measures to protect against Fraud Attempts.
Consider the IPN_Notified event as a pure Service Event, do not perform any task that directly interacts with User Interface Controls, Session Variables, Cookies, ViewState etc. When IPN_Notified event is fired, your customer wont see any effect of this event. For example, if you want to set Text of a Label Control 'Thank you for your Payment' in this event, your customer will never see that. Why ? Because, your customer is not directly responsible for firing this event, rather, PayPal Notification Service fires this event in a background thread. For that reason, this control Suppresses all HTML that could be rendered to the Event firer (PayPal Notification Service). Also, this control will STOP firing the Page_Load event of the hosting page. WHY ? Maybe you placed some code in your Page_Load event that directly interacts with Session Variables, Cookies etc or time consuming tasks like Executing lengthy SQL queries which is unnecessary or sometimes harmful for IPN session. So, this control will bypass Page_Load event in the IPN Session. But if you want to let this control fire the Page_Load event in the IPN session because you want to set IPN Settings programmatically from the Page_Load event, then, you have that option too. Set "PayPalIPN.EnablePageLoadEventInIPNSession = true" from the property editor and then, Page_Load event will be fired before IPN_Notified event, but you need to be very careful about using Page_Load event in this case.
If you are testing your web site from "Local Host" then IPN_Notified Event wont get fired. Because, IPN is activated by a notification service from PayPal, not directly by your customer. So, when the 'Upload Complete Cart' button submits all the information to PayPal website as a result of 'Click' on the button, PayPal captures the URL of the page where the 'Upload Complete Cart' button is hosted. When you test from your local host, the URL of the page where the 'Upload Complete Cart' button is hosted contains 'local host' or '127.0.0.1' and that URL is collected by PayPal so that it can notify as soon as the payment is made. Naturally that URL is not accessible from any other client/website/service other than anyone who is testing from your PC. So, if PayPal submits IPN to your URL with 'local host'/127.0.0.1 your website wont know about it and so this 'Upload Complete Cart' button will fail to fire IPN_Notified event. The story is not end here. Whenever, PayPal IPN service Fails to get HTTP '200 OK' status from your Website as as result of IPN posting, the service will keep trying to post to the same URL again after few hours and it will keep trying for a certain period until it gets HTTP '200 OK' result from your website. That is bad for PayPal as PayPal's resource is being wasted. So, PayPal can disable the IPN for your account which is bad for you. In order to avoid that problem, this control will detect if the test website is from 'local host' or not. If it is from local host, then, it will NOT pass any IPN information to PayPal so that, PayPal wont submit IPN to your website. By the way, if you do not handle IPN_Notified event and specify a Custom IPN URL then the logic is little different. In that case, the control will check if the Custom IPN URL is a relative URL or not. If it is a relative URL and if you are testing from local host, that means, the final URL would be an URL with 'local host'. So, in that case, the control will not generate any IPN information so that PayPal wont submit IPN. But if your Custom IPN URL is an absolute URL which does not contain 'local host' or '127.0.0.1' then, the 'Upload Complete Cart' button will pass IPN information to PayPal so that PayPal can submit IPN. In any case, if the control does not pass any IPN information to PayPal, then, PayPal will check if you have specified any default IPN URL in your PayPal profile. If so, then, PayPal will submit IPN to that default URL in these cases. But whenever you upload your test website to a production server where the hosting page of 'Upload Complete Cart' button has a REAL accessible URL, then, IPN_Notified event will be fired as usual.
Membership users, please note:
If you are using ASP.NET Membership feature in your website, then, you need to allow PayPal to see your page where you placed your IPN_Notified event handler code. That means, if you are handling IPN_Notified event right from your 'Upload Complete Cart' button, then, the page that hosts your 'Upload Complete Cart' button should be visible to all. If you are Handling IPN from a dedicated page then, your IPN handler page should be accessible to all users. Assume that you hosted your 'Upload Complete Cart' button at "Purchase.aspx" page where "Purchase.aspx" page is located in a private folder (Not visible to everyone). Then, you need to add the following section to you web.config file which is located in that private folder.
If you placed your 'Purchase.aspx' page in a public folder then you do not need to worry about setting the above config unless you explicitly blocked the 'purchase.aspx' page from public.
If you do not permit PayPal to post IPN to your page, then, you will find that IPN_Notified event is not being fired.
By this time, I hope you already realized that, IPN is a different SESSION created by PayPal to your website and this SESSION is not the same SESSION created by your customer to your website. Since any asp.net designer wanting to set up a site where users pay a membership fee to join, would very likely want to put a user in a Role on IPN_Notified event handler method. It will be a common mistake if you assume that the Customer is logged in as a member in the IPN SESSION. So, how would you pass the user-name of the Customer to the IPN_Notified event so that you can write code to add your customer in a paid member role by the customer's user name ? Yes, we have designed a very special property named "Additional Data Items". This is a Dictionary type property which can be populated either in design time or programmatically. So, you can pass your customer's user-name by Additional Data Items to the Payment Button and you can access that data right from IPN_Notified event handler method. Once you retrieve that user name of the customer from Additional Data Item, you can add him/her to your paid member role. In order to learn about Additional Data Items, please visit this page .
If you do not have Full Trust configuration in your ASP.NET Web site, then, when handling IPN_Notified event, you will always get e.IPN.Status = PayPalIPN.StatusCodes.CommunicationError from the UploadCmpltCartIPNEventArgs. Because, IPN Status value is returned after the component tries to communicate with the PayPal notification service in the background by HttpWebRequest class. HttpWebRequest class needs Full Trust configuration. In order to use PDT, you must have Full Trust configuration in your ASP.NET website, otherwise you will always get e.PDT.Status = PayPalPDT.StatusCodes.Communication_Error from PayPal_Returned event. Because, prior to firing PayPal_Returned event, the control communicates with PayPal website in the background to verify the transaction using a method from WebClient class. Web Client class methods require Full Trust configuration. If you do not have full trust configuration, you cannot use the PDT feature even manually coding by yourself or using any other technique at all.