New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IsSignatureValid always false #11
Comments
Hi, this was a change made by SagePay in the latest version of their protocol. They've changed how their signature is generated, and have provided no documentation on this, so there's no way to verify the signature anymore. SagePay's own integration kits no longer perform signature checking, so I'd suggest removing the check completely. |
Okay, thanks for the very quick reply ! |
Digging around a bit I've found this: It seems that the MD5 now takes into account |
Just to confirm that worked. and the constructor and then SagePayResponse.cs - 4 new properties Followed by updating GenerateSignature |
Having done this I can't help but thing it's a bit redundant! I can't see that it actually provides any additional security. In fact the only thing it seems to do is check that the data you've received is correct. However given that HTTP is a quality guaranteed protocol... I'm not sure of it's purpose... |
I agree - it's a bit redundant. Still, I'll make the fix. |
Hi,
I'm testing this framework with a Sagepay test account but apparently the signature is always invalid:
if (!sagePayResponse.IsSignatureValid(sagePayPayment.SecurityKey, SagePayMvc.Configuration.Current.VendorName))
When debugging, the Hash that is generated is different from the one received from the server.
Any ideas on I might be missing?
Thanks!
The text was updated successfully, but these errors were encountered: