if you're referring to this .Net lib, I actually wrote it a few years back :) I think I even recognize the above :)
Can you clarify your question? Just in case I misunderstood -
The lib should already do all the checking/verification (except the order number validation), you just need to store the order number and details during postback - if I'm not mistaken, the ashx sample has a stub for sending an email...likely commented out and marked for debug purposes only. You can just change that part to write to a sql table if you want.
- the data sent during this postback includes all the order details
- Google will only send the postback on success
If the buyer confirms the purchase and Google verifies that the buyer can indeed pay for the cake, Google sends an HTTP POST message
Then in the success callback above, which happens on the client side, you should verify that the order number exists - re: match the data returned by Google in the success callback with what you stored in db (previously/during postback). If it exists, then you've verified all the data...
If I misunderstood, just comment and I'll update the answer...hth....
BTW, the lib hasn't been updated to support subscriptions...just fyi...
Update
Here's the "stub" I was referring to in the handler (ashx):
//Sample
private void parsePayload(InAppItemObject ClaimObj, JWTHeaderObject HeaderObj)
{
//header JWTHeaderObject
string foo = string.Format("JWT Headers{0}JWT Algo: {1}{0}JWT kid: {2}{0}JWT typ: {3}{0}{0}", Environment.NewLine, HeaderObj.alg, HeaderObj.kid, HeaderObj.typ);
//payload InAppItemObject
string bar = string.Format("JWT Payload{0}JWT aud: {1}{0}JWT iss: {2}{0}JWT orderid: {3}{0}JWT sellerdata: {4}{0}JWT iat: {5}{0}" +
"JWT itemName: {6}{0}JWT itemPrice: {7:c}{0}JWT Item Description: {8}{0}JWT exp: {9}{0}JWT typ: {10}{0}{0}", Environment.NewLine, ClaimObj.aud, ClaimObj.iss, ClaimObj.response.orderId, ClaimObj.request.sellerData, ClaimObj.iat,
ClaimObj.request.name, ClaimObj.request.price, ClaimObj.request.description, ClaimObj.exp, ClaimObj.typ);
debug(foo, bar);
}
You can change the above into standard db insert - in the above ClaimObj
would have your order details. So something along the lines (sample):
using (SqlConnection conn = new SqlConnection(connStr))
{
.....
using (SqlCommand cmd = new SqlCommand(cmdText, conn))
{
.....
cmd.Parameters.AddWithValue("@OrderNumber",ClaimObj.response.orderId);
cmd.Parameters.AddWithValue("@ProductOrdered",ClaimObj.request.name);
....
The ashx
file handles the Google postback (I realize that maybe I should have named that file postback_handler_demo.ashx) which you get before the client side success callback. This allows you to store the (already server-side verified) data, prior to any client side callback.
You can then query this data for existence of the orderId
(or any other data for that matter) if/when your success handler
is triggered in the callback.