/n software 3-D Secure V2 .NET Edition

Questions / Feedback?

ACSURL Property

Fully qualified URL of an Access Control Server.


public string ACSURL { get; }
Public ReadOnly Property ACSURL As String

Default Value



This property is filled after sending a Verify Enrollment Request (VEReq) using the VerifyEnrollment method. If the CardNumber is enrolled in the 3-D Secure program, this field will contain the fully qualified URL of an Access Control Server (ACS) with which the CardNumber may be authenticated.

Once the VerifyEnrollment indicates that the CardNumber is enrolled in the 3-D Secure program, a Payer Authentication Request (PAReq) must be sent to this ACSURL. This request must be sent through the cardholder's browser, and thus cannot be sent by the control itself. The GetAuthenticationPacket method will return the compressed Payer Authentication Request (PAReq) packet, which can then be submitted through the cardholder's browser using the Javascript below.

Response.Write("<form name='downloadForm' action='" & ACSURL & "' method='POST'>")
Response.Write("  <INPUT type='hidden' name='PaReq'   value='" & GetAuthenticationPacket & "'>")
Response.Write("  <input type='hidden' name='TermUrl' value='Termination URL that the ACS will post back to'>")
Response.Write("  <input type='hidden' name='MD'      value='Merchant Data needed to complete transaction'>")
Response.Write("<script>"  )
Response.Write("window.onload = submitForm;")
Response.Write("function submitForm() { downloadForm.submit(); }")
Response.Write("</script>"  )

The TermUrl is the location of a page that will handle the rest of the ordering process. The Visa Access Control Server will post back to the URL entered in this field with the results of the Payer Authentication Request. The MD field should contain any additional information needed by the merchant to complete the transaction. This may include information such as a TransactionId, MessageId, or any other data needed to match the response with a pending authentication. This may be raw text, XML, or any other data type. It is not recommended that sensitive data such as a CardNumber be contained in this field. If this is unavoidable, such sensitive data must be encrypted.

When the cardholder's browser posts back to the TermURL specified, use the CheckAuthenticationResponse method to parse the Payer Authentication Response (PARes) that was received.

This property is read-only and not available at design time.

Copyright (c) 2021 /n software inc. - All rights reserved.
/n software 3-D Secure V2 .NET Edition - Version 2.2 [Build 7954]