Saturday 18 February 2017
Several of our web design clients use SagePay for their online payment provider and we have always used the ASP.Net integration kit supplied by SagePay to link the checkout pages to the SagePay payment server which uses encrypted data to pass the customers data to their secure servers and encrypted data on the order confirmation page to confirm the payment has been successful or not.
For the past few weeks one of our clients has had a random problem with some of their transaction confirmations not being saved on the website after the payment had been made.
The callback error wasn’t happening on all orders and so we initially thought it was a network error between SagePay and our servers but after enabling full IIS logging on the site affected we found that the confirmation page was being loaded with the encrypted data being sent back but it wasn’t decrypting correctly with an error being logged regarding a value called NOTAVAILABLE when we added additional try/catch code with logging to the SagePay code.
The client then turned off 3DSecure to process some test transactions and the error had vanished which reappeared as soon as 3DSecure was turned on again but only on some orders.
After searching online I found a post on stackoverflow with the same error and it seems that there is a known bug in the code which SagePay supply for their customers.
I added a fix as shown on the stackoverflow page to the SagePayFormIntegration.cs file in the App_Code folder which replaces the missing 3DSecureStatus option to stop the code from crashing but I wanted to provide the full fix in the SagePay.IntegrationKit.DotNet.dll which is provided in the demo code from SagePay.
SagePay do not supply the source code for the DLL on their website and so I initially spoke with one of their technical support team who put me onto a higher level of support who confirmed they know about the bug and I was told
"The kits we offer is more of a demonstration for Integration with us, however we do not offer this as an out of the box product as it is for demonstration purposes. Users are free to use and modify the kits as little or as much as required, although we will only be able to provide limited support. We are aware of this issue, and passed this to our development team. At this time we do not have a time line as to when we will supply a fix."
I was sent a zip archive containing the code for the SagePay.IntegrationKit.DotNet.dll and in the ThreeDSecureStatus.cs file I just needed to add the missing NOTAVAILABLE status to the list and recompile the DLL.
The updated code for the ThreeDSecureStatus.cs file is shown below:
public enum ThreeDSecureStatus
This was uploaded to the client’s website and this has fixed the problem.