Public ASPX page on Acumatica cloud

Hi @safetynetweb 

It’s not really a recommended thing to do because it’s a security risk. 

First, you open some system data to public access that may potentially be extended by unintended actions of a malicious actor and it may potentially give them the access to some data that is not supposed to be shared. 

Second, it opens gates for various DDOS attacks on that page. 

Hi @Dmitrii Naumov 

I’m creating integration with cybersource.

Cybersource redirecting back to acumatica with reposnse as a POST request

html files won’t accept POST request, this is why I need to do it via ASPX page and it require it to be public page as when I use protected page it redirects to login inside the hosted form popup

@safetynetweb it does not negate all of the above.

As far as I understand, postback from a hosted form should be supported in some other way (e.g. it works with other payment providers). 

@Evgeny Afanasiev any advice on this?

Hi @safetynetweb,

It is possible to implement a hosted form on .aspx. Sometimes it is a plausible way to workaround the limitations of the plug-in interfaces.
Try following:
In /Frames you can place MyPaymentConnector.aspx.cs file with following content:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class MyPaymentConnector : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
		if (!Page.IsPostBack)
        {	
			if(Request.Form["Token"] != null){
				HFtoken.Value = Request.Form["Token"].ToString();
			} else {
				HFtoken.Value = "";				
			}
		}
    }
}

And

MyPaymentConnector.aspx could be something like below, and you can access HFToken value from aspx/js/html
 

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="MyPaymentConnector.aspx.cs" Inherits="MyPaymentConnector"%>

<!doctype html>
<html>
<head  runat="server">
    <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
    <title>Hosted Form</title>
    <link rel="stylesheet" href="...css">
</head>
<body>
  <div class="container">
        <div class="row">
			<form id="my-checkout-form" class="...">
             ...
                <div class="form-group">
                    <button id="btnSubmitDetails" type="submit" onclick='if(window.frames)window.frames["paymentPanel_frame"].location.reload();'>Submit</button>
                </div>
            </form>
        </div>
    <script src="...js"></script>
.... 

    <script>
...
  $('#my-checkout-form').hostedFields({            
            authorization: '<%= HFtoken.Value %>',   //Here is the value accessed in Js/Html        
            ...
        })
...
    </script>
</body>
</html>

  <form id="form1" runat="server">
    <div>  
		<asp:HiddenField ID="HFtoken"   runat="server"></asp:HiddenField> //Here is the value in APSX
    </div> 
  </form>

Please note that in case of HostedPaymentForm (when the transaction performed from new card),
following js call should be executed:

@Evgeny Afanasiev  thanks for the provided details

Will placing the page in the Frames folder will make it publicy accessible without login?

Here is my issue when I tried to do that, I built the page with the hosted form and was able to create the payment form, the form is submitting to cybersource  and after the customer redirected to cybersource to enters the card details, cybersource redirect back this page using POST method.

here I should run this command as you said

window.parent.px_callback.paymentCallback('action=transactResponse&response='+SomeValue);
 

But the issue is instead of loading the page in the iframe it redirected me to the login page, this is all inside the iframe in the same session.

Hi ​@safetynetweb were you able to find a solution? Thank you!