/n software 3-D Secure V2 .NET Edition

Questions / Feedback?

GetAuthenticationPacket Method

Returns the Payer Authentication Request packet that is to be sent to the ACS.


public string GetAuthenticationPacket();
Public Function GetAuthenticationPacket() As String


This method builds the Payer Authentication Request (PAReq) message from the data contained in the component's properties. The message is then compressed, encoded, and returned by this method. This packet should then be sent to the URL of the Access Control Server (ACS), stored in the ACSURL property.

The PAReq request must be sent through the cardholder's browser, and thus cannot be sent by the component itself. The following Javascript code demonstrates one way to send this packet through the user's browser:

Response.Write("<form name='downloadForm' action='" & ACSURL & "' method='POST'>")
Response.Write("  <INPUT type='hidden' name='PaReq'   value='" & GetAuthenticationPacket & "'>")
Response.Write("  <input type='hidden' name='TermUrl' value='Termination URL that the ACS will post back to'>")
Response.Write("  <input type='hidden' name='MD'      value='Merchant Data needed to complete transaction'>")
Response.Write("<script>"  )
Response.Write("window.onload = submitForm;")
Response.Write("function submitForm() { downloadForm.submit(); }")
Response.Write("</script>"  )

The TermUrl is the location of a page that will handle the rest of the ordering process. The Visa Access Control Server will post back to the URL entered in this field with the results of the Payer Authentication Request. The MD field should contain any additional information needed by the merchant to complete the transaction. This may include information such as a TransactionId, MessageId, or any other data needed to match the response with a pending authentication. This may be raw text, XML, or any other data type. It is not recommended that sensitive data such as a CardNumber be contained in this field. If this is unavoidable, such sensitive data must be encrypted.

The response to the PAReq, the PARes, will be posted to the TermUrl that you send to the ACS as shown in the example above. At that time you can use CheckAuthenticationResponse to verify the response signature and parse the response.

Copyright (c) 2021 /n software inc. - All rights reserved.
/n software 3-D Secure V2 .NET Edition - Version 2.2 [Build 7954]