orderdetail.aspx access denied

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
8/16/2010 7:03:45 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

orderdetail.aspx access denied

Hi, Joe

I sell services using webstore. at development environment,  I set paypaldirect at test mode.It worked well.

But when I tried to set to real mode, when I paid for an order, and click the paypal page to return to my

site, orderdetail.apsx was not displayed, warning message displayed on the page: You are not login or you have no access right to this page.

Please help to find out what 's the problem ?!

 

thanks

hanson  

8/16/2010 8:35:02 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: orderdetail.aspx access denied

What version of mojoPortal are you using?

Note that if you use FulfilmentType None it does allow the user to checkout without signing in or registering, though it does tell the user it is better to sign in first.

If you proceed to through checkout without authenticating then the order detail page will show limited information since the request is not authenticated. But if you then register or login and try to view the same order detail it will not let you unless the user guid matches the user guid on the order which is doesn't since the order is not attached to a user. So the order detail for an unauthenticated user is only visible to unauthenticated users and shows no identifying information.

If you authenticate first then the user guid will match and it will show the order with more detail than for an anonymous user.

One could argue that we should do the same thing for an authenticated user and show just the minimal order info if it does not match the order and no user is attached to the order. This way if the user later registers or authenticates he can still see the order with minimal information. I will make this change.

You said you are using PayPal direct but I think you mean PayPal standard, as far as I know using PayPal direct the user never leaves your web site.

Hope it helps,

Joe

8/16/2010 8:51:20 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: orderdetail.aspx access denied

Actually, after digging further into the code, what it is doing if the user is not authenticated is it creates a site user with the customer email address (or attaches to an existing user if there is one with the same email) but marks it as not visible in member list if it creates one. Admin user can still find him using member list search. If the user later tries to register it will say he already exists, but he can then use password recovery on the login page to get his password which was randomly created, and then he can get to his purchase history.

So if he is an existing user he can view his order with more detail by logging in.

If he was a user created during order processing there is still a natural way he will be able to later login and see his order

or he can remain unauthenticated and see the order with no personal information.

But no authenticated user can see another user's order. This should remain as is.

Really it is better for everyone if the user authenticates before purchasing. It is enforced for download products that a user must authenticate to complete the order, but for orders with fullfilment type none it does allow checkout without authentication but then we have to be more protective of what data we can show, ie only product data, no customer data on order detail.

Best,

Joe

8/16/2010 9:36:19 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

Re: orderdetail.aspx access denied

Thanks joe:

my version is mojoPortal 2.3.4.5 6/18/2010 .

I think the problem is when I paid an order , then return from paypal page, in WebStorePayPalPdtHandler, something not work corrently. maybe an order is not fullfilled.

It is impossible to debug, so I could not find why It works very well in my development evironment, but not work when it is publish to my web site.

By the way , simulated users is authenticated, I set the buy page can only be viewed by authenticated user.

Yes , I config my application Paypal standard.

If there any suggestiong ?

thanks very much.

hanson

8/16/2010 9:43:23 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

Re: orderdetail.aspx access denied:

Here is my config:

<!-- set to false for production use -->
<add key="Site1-PaymentGatewayUseTestMode" value="true"/>
<!-- options: Authorize.NET, PlugNPay, PayPalDirect, PayPalStandard, GoogleCheckout-->
<add key="Site1-PrimaryPaymentGateway" value="PayPalDirect"/>
<add key="Site1-PayPalUsePayPalStandard" value="true"/>

<add key="Site2-PaymentGatewayUseTestMode" value="true"/>
<add key="Site2-PrimaryPaymentGateway" value="PayPalDirect"/>
<add key="Site2-PayPalUsePayPalStandard" value="true"/>
<!-- sandbox -->
<add key="Site1-AuthorizeNetSandboxAPILogin" value=""/>
<add key="Site1-PayPalSandboxAPISignature" value=""/>
<add key="Site1-PayPalStandardSandboxEmail" value=passss90401@sss/>
<add key="Site1-PayPalStandardSandboxPDTId" value="_fWnsdsdfsdfsdzki4O"/>
<!-- end sandbox -->
<!-- Production -->
<add key="Site1-PayPalStandardProductionEmail" value="xxxxx"/>
<add key="Site1-PayPalStandardProductionPDTId" value="xxxxx"/>
<!-- end production -->

8/16/2010 9:49:31 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

Re: orderdetail.aspx access denied

Sorry, last post is development config.

<add key="Site1-PaymentGatewayUseTestMode" value="false"/>
<!-- options: Authorize.NET, PlugNPay, PayPalDirect, PayPalStandard, GoogleCheckout-->
<add key="Site1-PrimaryPaymentGateway" value="PayPalDirect"/>
<add key="Site1-PayPalUsePayPalStandard" value="true"/>

8/16/2010 9:57:49 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: orderdetail.aspx access denied

I don't think there can be a bug since I use PayPal on this site and it works. Most likely you have something configured incorrectly for these:

<add key="Site1-PayPalStandardProductionEmail" value="xxxxx"/>
<add key="Site1-PayPalStandardProductionPDTId" value="xxxxx"/>

and/or you don't have things configured correctly for return urls in the PayPal web pages for your production account

http://www.mojoportal.com/ecommerce-configuration.aspx

also you should set

<add key="Site1-PrimaryPaymentGateway" value="PayPalStandard"/>

though I don't think that is causing the problem.

Hope it helps,

Joe

8/16/2010 10:05:33 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

Re: orderdetail.aspx access denied

thanks joe:

<add key="Site1-PayPalStandardProductionEmail" value="xxxxx"/>
<add key="Site1-PayPalStandardProductionPDTId" value="xxxxx"/>

I just replace the corrent value with "XXXXX", it am sure it is corrent, because In my development computer,

I did test the real mode, and it did work.

I will change to paypalstandard, and try again.

If it possible that the IIS configure is different ?  I am also sure there is no bug in mojoportal, it must be the enviroment's difference.

Then I will try to add code to write more log to find the exact position which it did wrong.

 

thank you very much

hanson

8/16/2010 10:16:11 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: orderdetail.aspx access denied

Did you correctly specify the return url for IPNHandler and PDTHandler in your production PayPal account? as specified in the document I linked? and did you enable IPN and PDT?

You said you tested production PayPal on your dev environment and it worked, did you later change it to configure correctly fr production web site or does it still have IPN and PDT configured for dev urls?

I don't think IIS settings have anything to do with it.

Are you using user.config or Web.config for your settings?

If you have the settings in there more than once the ones lower in the file win. ie if you have the settings listed more than once in user.config, if incorrect settings are at the bottom they win.

Hope it helps,

Joe

8/16/2010 10:25:10 AM
chanxianzhong
Gravatar
Total Posts 11
View Posts

Re: orderdetail.aspx access denied

Hi, joe:

Yes I did set the return url for IPNHandler and PDTHandler in your production PayPal account. I have check list, It will never be missed.

and I never used user.config.

I was confused why the order is not created .

 

thanks

8/16/2010 10:30:54 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: orderdetail.aspx access denied

are you seeing any related errors in the logs? Administration > System Log

If you make changes at paypal they may not take effect immediately, it could take a few minutes or more for your changes to be applied.

You must sign in to post in the forums. This thread is closed to new posts.