Welcome to MSDN Blogs Sign in | Join | Help

Data Tools and Software Testing

Old model-based testers never die; they just transition to a higher state.

Syndication

News

    These postings are provided "AS IS" with no warranties, and confer no rights.
    Use of included script and code samples are subject to the terms specified here.

CS 2007: Where is my CreditCardNumber?

In case you have been playing around with Payments in Commerce Server 2007, you might have noticed and wondered about this property on the CreditCardPayment class: CreditCardNumber. No matter what you set it to, a save and reload of the Basket / PurchaseOrder always results in the value being lost. What is going on?

 

Well, the short answer is that for security reasons, this property (as well as the Pin properties on the various Payment classes) was removed from being persisted in the database. For PurchaseOrders this is done by removing the mapping for this property and for Baskets this is done by not having this property in the GetObjectData method for the class (which is called when this class instance is being serialized for inserting into the marshaled_data column).

 

So if you do need this property to be persisted you will have to do the following:

  • In the case of PurchaseOrders extend the mapping and create one from this strongly typed property to an explicit column in the CreditCardPayments table.
  • In the case of Baskets, extend the Basket and add this property to the GetObjetData() method of the extended Basket.

Alternately you could also just store this property value in a weakly-typed indexer property or even in the CreditCardIdentifier property. No matter where you keep the value though, it is imperative that you encrypt this highly sensitive data when persisting to the database.

 

One important point to keep in mind is that when saving PurchaseOrders, any strongly typed property not mapped to an explicit column is dropped and will not be persisted to the database. You can have such a property for in memory site usage, but in most cases if you have a strongly typed property you will want to make sure that it is mapped to a column else the data will be lost on a Save.

Published Thursday, July 20, 2006 4:55 PM by nihitk

Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: CS 2007: Where is my CreditCardNumber? @ Friday, July 21, 2006 2:14 AM

what is this?its find the credit card number

anizhedathitta

# Commerce Server 2007: Some Great New Posts! @ Thursday, August 17, 2006 10:18 PM

Now that the Commerce Server development team has shipped their flagship product, they've started to publish some great new posts about using Commerce Server 2007. If you don't already subscribe to these blogs, you really should!

Jeff Lynch [MVP]

# re: CS 2007: Where is my CreditCardNumber? @ Friday, April 13, 2007 3:54 PM

When you say "In the case of PurchaseOrders extend the mapping and create one from this strongly typed property to an explicit column in the CreditCardPayments table." do you mean to go to OrderObjectMappings.xml and add new "CreditCardNumber" element for <Class Name="CreditCardPayments"> and <Table Name="CreditCardPayments">? Is there anything else I am missing?

Duwayne

# re: CS 2007: Where is my CreditCardNumber? @ Friday, April 13, 2007 4:25 PM

Hi Duwayne,

Yes - that is all that you should need to do. The column will need to be created in the table as well - but I am assuming you will do that by generating the SQL files using OrderMapping.exe (or you should just add the column yourself as well).

Of course - you should enrypt this data and make sure you have thought through the security implications of storing this information since it is highly confidential (and that is the reason this is not provided out of the box).

Thanks,

Nihit

Thanks,

Nihit

nihitk

# re: CS 2007: Where is my CreditCardNumber? @ Friday, April 13, 2007 6:03 PM

Nihit,

Thanks for the quick reply. So far this is what I have done:

In OrderObjectMappings.xml

- add <Column Name="CreditCardNumber" DataType="nvarchar" Precision="40" IsNullable="true" /> in <Table Name="CreditCardPayments">

- add <Property Name="CreditCardNumber"/> in <Class Name="CreditCardPayment">

- add <PropertyMap Property="CreditCardNumber" Column="CreditCardNumber" /> in <ClassTableMap Class="CreditCardPayment" Table="CreditCardPayments">

- add new column in CreditCardPayment matching the definition above.

- iisreset

I got an exception when calling SaveAsOrder(). I didnt do the second part for Baskets.

Error in event log

-------------------------------------------------

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 4/13/2007 2:39:58 PM

Event time (UTC): 4/13/2007 9:39:58 PM

Event ID: 9dc3986a941748c386c40cd97cd6d5a3

Event sequence: 12

Event occurrence: 2

Event detail code: 0

Application information:

   Application domain: /LM/w3svc/1/Root/DHC-1-128209738988906250

   Trust level: Full

   Application Virtual Path: /DHC

   Application Path: c:\inetpub\wwwroot\DHC\

   Machine name: SVCTAG-G2GJ571

Process information:

   Process ID: 1948

   Process name: w3wp.exe

   Account name: SVCTAG-G2GJ571\ssRunTimeUser

Exception information:

   Exception type: TransactionException

   Exception message: The operation is not valid for the state of the transaction.

Request information:

   Request URL: http://localhost/DHC/Checkout/Checkout.aspx

   Request path: /DHC/Checkout/Checkout.aspx

   User host address: 127.0.0.1

   User: dsy@dhccare.com

   Is authenticated: True

   Authentication Type: Forms

   Thread account name: SVCTAG-G2GJ571\ssRunTimeUser

Thread information:

   Thread ID: 5

   Thread account name: SVCTAG-G2GJ571\ssRunTimeUser

   Is impersonating: False

   Stack trace:    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

  at Microsoft.CommerceServer.Internal.Orders.MtsHelper.ExecuteSqlCommandDataSet(String connStr, String commandText, CommandType commandType, ArrayList sqlParameterHelpers, Int32 timeout)

  at Microsoft.CommerceServer.Runtime.Orders.OrderGroup.Save(Int32 maxInstances, String baseClassName, String tableInsertSprocName, PropertyColumnMapping[] stronglyTypedMappings, PropertyColumnMapping[] weaklyTypedMappings, DetailedSqlColumnInformation indexerColumnInfo)

  at Microsoft.CommerceServer.Runtime.Orders.Basket.Save()

  at Microsoft.CommerceServer.Runtime.Orders.Basket.SaveAsOrder(ITransaction trans)

  at Microsoft.CommerceServer.Runtime.Orders.Basket.SaveAsOrder()

  at Checkout_Checkout.ExecuteTransactedCheckout() in c:\Inetpub\wwwroot\DHC\Checkout\Checkout.aspx.cs:line 294

  at Checkout_Checkout.bNext_Click(Object sender, EventArgs e) in c:\Inetpub\wwwroot\DHC\Checkout\Checkout.aspx.cs:line 590

  at System.Web.UI.WebControls.Button.OnClick(EventArgs e)

  at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)

  at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)

  at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)

  at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)

  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

dmsy

# re: CS 2007: Where is my CreditCardNumber? @ Monday, September 22, 2008 3:35 PM

I get the same error, does anybody have a solution for this?

Tony

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
Page view tracker