Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 3 of 3

Thread: GoogleCheckout and AuthenticateCallback

  1. #1
    HomeSecStore is offline Junior Member
    Join Date
    Feb 2009
    Location
    Riverside, CA
    Posts
    17

    Default GoogleCheckout and AuthenticateCallback

    Hey all,

    I just received an email from Google saying that they couldn't send notifications to our callback URL: gcCallback.aspx. Strange, since we haven't changed anything about our GoogleCheckout configuration in a very long time.

    I tried accessing the program from a browser and, sure enough, I get asked for login credentials. I double-checked that our GoogleCheckout.AuthenticateCallback appconfig value is set to False - it is. Out of curiosity, I traced back the code to GoogleCheckout.cs to see what it does and I see this:

    Code:
    public static bool VerifyMessageAuthentication(string authStr)
            {
                if (AppLogic.AppConfigBool("GoogleCheckout.AuthenticateCallback"))
                {   //v7 If not required to Authenticate then just return saying everything is good.
                    return true;
                }...
    This code appears to be doing the opposite of what the comment is saying, right? The code is returning true (and bypassing the authentication code later in the function) if GoogleCheckout.AuthenticateCallback is true.

    To make sure I wasn't losing it, I changed the GoogleCheckout.AuthenticateCallback appconfig to True (which I've never done before) and tried to run gcCallback.aspx from a browser. No login prompt! So I can only assume that this code in VerifyMessageAuthentication is incorrect and should be changed, and our AspDotNetStorefrontGateways.dll recompiled and deployed.

    Can I get confirmation from a StoreFront architect that this is the right thing to do? Do I have an old/bad version of the VerifyMessageAuthentication function?

    Thanks!

    Kevin
    Home Security Store
    Last edited by HomeSecStore; 02-25-2010 at 09:38 AM.

  2. #2
    ASPAlfred is offline Senior Member
    Join Date
    Nov 2007
    Posts
    2,244

    Default

    That parameter (GoogleCheckout.AuthenticateCallback) should be always set to false and that you don't have anything set up to require authentication on gccallback.aspx file. It's prompting you to login when you access gccallback.aspx page because you might have set up something like that from you web.config or IIS. You should be able to browse to /gccallback.aspx (you'll get an XML error, but the page should load and that's fine) without being prompted to log in.

  3. #3
    Effortless is offline Junior Member
    Join Date
    Oct 2011
    Posts
    6

    Default

    Hi Kevin,

    We are experiencing the same thing - how did you eventually resolve this? Did you leave the appConfig set to true?

    Many thanks

    Steve