Security Violation.

Dec 15, 2009 at 9:53 PM

I am trying to finish up a site but I am geting the following error.

Security Violation.

Please contact the site administrator.

I have read other Discussions and done what they had suggested. My paypal return script is as follows

        <Currency>USD</Currency>
        <ReturnURL>https://www.mywebsite.com/Cart/tabid/56/stg/5/ordID/[ORDERID]/Default.aspx?PayPalExit=RETURN</ReturnURL>
        <ReturnCancelURL>https://www.mywesite.com/Cart/tabid/56/stg/5/ordID/[ORDERID]/Default.aspx?PayPalExit=CANCEL</ReturnCancelURL>
        <ReturnNotifyURL>https://www.mywebsite.com/Cart/tabid/56/stg/4/Default.aspx</ReturnNotifyURL>
        <MerchantLanguage>en</MerchantLanguage>

I have upgraded to 02.00.06

Dec 15, 2009 at 10:45 PM

Those URLs all begin with "https"... is your website running all those pages securely? If not, try just with "http".

Rob

Dec 15, 2009 at 11:00 PM

Thanks for responding.

The site is should have everything secure, However to check I did change to http: and tested it out and got the same error.

 

Dec 15, 2009 at 11:12 PM

looking at the address line on the browser it shows:

https://www.mywwebsite.com/Cart/tabid/71/stg/5/Default.aspx?PayPalExit=CANCEL

looking at it I did change the 56 I was using to 71in my script but that didn't change anything.

I don't see the where "ordID/[ORDERID]" has effected the address.

Dec 15, 2009 at 11:13 PM

Are the pages all publicly visible.. check that they can be seen when not signed in.

Also, make sure you have the latest gateway installed from this page here. And also check through the PayPal configuration document on this page and ensure that it generally matches. Note however that the first line of the code has changed since that pdf. The readme.txt inside the provider zip has the current version. The rest of the PDF is pretty much still correct and I have a replacement version on the way as well.

Rob

Dec 15, 2009 at 11:39 PM

ok yep, the PDF has a coloured example of how to configure those URLs. Check them closely. The actual path needed is different for every website and this is made more clear in the document.

Rob

Dec 16, 2009 at 8:42 PM

Thanks again for your quick response but when I try to update the gateway using the dnn5a file I get the following error.

Install Extension

Upload Results

If you have reached this page it is because the installer needs to gather some more information, before proceeding.
Error reading the zip package - see below

StartJob Reading Installation Manifest file
Info Reading Package Manifest - Module - NB_Store_GatewayPxPay
Info Reading Component Manifest - Module
Info Module Manifest read successfully
Info Reading Component Manifest - Assembly
Failure File specified in the dnn could not be found in the zip file: - D:\Hosting\5195525\html\Install\Temp\jkspmonu\bin\NEvoweb.DNN.Modules.NB_Store.GatewayPxPay.dll
Info Reading Component Manifest - File
Info Found valid path () for readme.txt.
Info Found valid path () for PxPay.jpg.
Info Found valid path () for PxPay210.png.

please look at the failure. I think the file it is calling for is miss named and should be GatewayPayPal.dll

 

Tom

Dec 16, 2009 at 10:33 PM

Hi Tom, that's odd, the file is certainly in the PA - I've just checked... have a look in the PA you have there.

You could copy it to the bin manually and then check whether you have the other files in DesktopModules\NB_Store_GatewayPayPal

Otherwise it might be a packaging problem with the DNN5 PA, but we'll have to wait until Dave is back online to check that.

Rob

Dec 17, 2009 at 9:32 AM

Hi,

I've found the problem,. the dnn4 package was uploaded with the DNN5 manefesto.

I've fixed it now and you can download the new version from codeplex.

Dave.

Dec 19, 2009 at 10:09 PM

Dave

I was able to install the new cart using the DNN5b.zip

Thank you for your help in that.

I have set up the gateway as stated in the PayPal configuration document on this page and modified using the readme.txt.

I have restarted the app using Host/Host Settings/Restart Application.

when I try to buy something using paypal everything works fine but when it returns I still get the same error.

 

Tom

 

Dec 20, 2009 at 4:00 AM

Hi Tom,

Strange I've just read the document to check it and it all seems OK.

The security voilation message appears when the current users tries to view an order that doesn;t belong to them.

Make sure your have "ordID/[ORDERID]" is included in the URL...although I can't remmeber if this is actually neeeded for PayPal.

Are you forcing people to register when they buy or allowing non-user purchase?

Regards,

Dave.

Dec 20, 2009 at 6:07 PM

I am having only registered users.

I have included the "ordID/[ORDERID]" to the gateway script.

Tom

 

Dec 21, 2009 at 8:34 AM

Hi Tom,

OK...the first thing to do is check the audit logs, "/portals/<your portal>/logfiles" in there you'll see some log files, check if the IPN has been returned from PayPal..you should see a line starting with "IPN = " is the return is working.

This is what happens on the return to the store..itmay help point you in the right direction:

1 - Get the orderID from then URL param "ordID"

2 - set the security message as the return meesage.

3 - check orderID is number

4 - get order and check it exists.

5 - check userid matched order userid.

6 - get paypal exit code

7 - If all valid and paypalexit param is "CANCEL" set cancelled messge as return message.

8 - If all valid and paypalexit param is "RETURN" set paymentOK messge as return message.

9 - display the return message

Let me know if this helps,

Regards,

Dave.

 

Dec 22, 2009 at 3:58 AM

Dave;

I have check the log files and don't see return coming from Paypal that looks like "IPN = "

I went back up on Paypal to check the "Instant Payment Notification (IPN)"  I have it setup the way it is called out in the updated Doc.

I noticed on paypal while it is processing the order there isn't any order number, is this standard?

Also all the canceled orders lack an order number.

how can I check what is returning or what is being passed between mywebsite and paypal.

Tom

 

Dec 22, 2009 at 6:39 AM

Hi Tom,

If you not getting your IPN in the logfile, and it is setup correctly, it must be that paypal can't see/get access have you made sure that the tab with the checkout module on has public access right?

One test you can do is to manually put in the IPN return, this will fail because there is no data, but you should get something in the Logfile to say it's tried to run.

Contact me through codeplex and you can email me your url so I can have a look from here?

Regards,

Dave.

Feb 3, 2011 at 9:19 AM

 

Hi

 

I created a store and my own gateway for payment where I can do credit card payment.

After successful payment when the I get back to the store it is showing like

Security Violation.

Please contact the site administrator.

If I used getCompletedHtml url

http://192.168.2.10:8080/Cart/tabid/63/stg/5/ordID/1133/Default.aspx?ATSExit=RETURN

and I am using the same for cancel also

http://192.168.2.10:8080/Cart/tabid/63/stg/5/ordID/1133/Default.aspx?ATSExit=CANCEL

 

If I used auto response , it is not showing any conformation and not clearing the session ie the cart I selected is still there. And no report to (what got for check payment)

The url I used for auto response is

http://192.168.2.10:8080/Cart/tabid/63/stg/4/ordID/1133/Default.aspx?ATSExit=RETURN

 

I put a couple of flag in autoresponce and getcompletedhtml method in ma gateway but that is not triggering, my assumption is it is not get back to that method something went wrong just before that. But I am sure that the store is taking my gateway because I am able to catch what all information I passing via gateway in my payment screen.

 

 

Can anybody please help me to solve this issue ????

 

Thank and regards

RP Daniel

 

Feb 4, 2011 at 8:22 AM

Hi,

The security message is a default, it nortmally appears if you don;t pass back the correct orderid or is the user trying to access the order is not the same as the user that made the order.

This is all controlled by the gateway provider, so I can't really be of much help unless you send me the source that you've create and let me have a look.

Have you had a look at the documentation to create a gateway provider?

http://nbstore.codeplex.com/wikipage?title=How%20to%20Create%20a%20Payment%20Gateway%20Provider&referringTitle=Devlopers%20Guide

Regards,

Dave.

Feb 4, 2011 at 8:45 AM

Hi Dave

 

I found out what is the actual problem . well that was my mistake only 

i was using http://192.168.2.10:8080/Cart/tabid/63/stg/5/ordID/1133/Default.aspx?ATSExit=RETURN url as my Return URL but in my gateway  insted of ATSExit i used dummyreturn to get the value, that time condition fails and store shows the security violation message . The thing is i copy pasted the code and forgot to update accordingly. 

 

No i am able to do payment and i am it is giving the report also

 

Thank you very much. 

RP Daniel