MiGS Payment Gateway integration implementation in C#

Question

I have a web application which is using payment gateway integration. Now i am facing some issues in creating Secure Hash Code using sha-256 HMAC algorithm.

I have all the details regarding connecting to migs gateway, but my problem is when i tried to connect to gateway i am getting some issues with the created Hash Code.

Constructed URL to MIGS gateway

https://migs.mastercard.com.au/vpcpay?vpc_AccessCode=XXXXXX&vpc_Amount=6000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=12345678&vpc_Merchant=TESTXXXXXX&vpc_OrderInfo=54444&vpc_ReturnURL=http%3a%2f%2flocalhost%3a2231%2fTransaction%2fSecureTransaction%3fdataKey=33445566&vpc_Version=1&vpc_SecureHash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&vpc_SecureHashType=SHA256

Once i fire this URL i am getting an error like below:

HTTP Status - 400

E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

I have verified the SecretHash and its same as provided by the merchant.

Existing implementation C#:

string hashSecret = ConfigurationManager.AppSettings["MigsSecureHashSecret"];

                            var transactionData = paymentRequest.GetParameters().OrderBy(t => t.Key, new VPCStringComparer()).ToList();
    var redirectUrl = VPC_URL + "?" + string.Join("&", transactionData.Select(item => HttpUtility.UrlEncode(item.Key) + "=" + HttpUtility.UrlEncode(item.Value)));
                            if (!string.IsNullOrEmpty(hashSecret))
                            {
    var hashedData = hashSecret + string.Join("", transactionData.Select(item => item.Value));
    redirectUrl += "&vpc_SecureHash=" + Crypto.CreateSHA256Signature(hashedData);
                            }
    return Redirect(redirectUrl);

CreateSHA256Signature function

public static string CreateSHA256Signature (string RawData)
        {
            var hasher = System.Security.Cryptography.HMACSHA256.Create();
            var HashValue = hasher.ComputeHash(Encoding.ASCII.GetBytes(RawData));
            return string.Join("", HashValue.Select(b => b.ToString("x2"))).ToUpper();
        }

I am not sure whether i have did the right method or not. Please help me in this issue.

Any help will be highly appreciated.

Answer 1

I assume you've done it by now. However, in your supplied code you're trying to create a hash from Secure Hash Secret and all values joined together. That's incorrect. You need to use Secure Hash Secret as a key supplied to HMACSHA256 object and compute a hash from a string of key1=value1&key=value2&... Working code:

var secureSecret = "123456789ABCDEF123456789ABCDEF12";
            var args = new SortedDictionary<string, string>()
            {
                {"vpc_Version", "1"},
                {"vpc_Command", "refund"},
                {"vpc_MerchTxnRef", "TestRefund"},
                {"vpc_AccessCode", "XXXXXXXX"},
                {"vpc_Merchant", "XXXXXXXX"},
                {"vpc_TransNo", "123"},
                {"vpc_Amount", "1"}
            };
            var getPart = "";
            foreach (var arg in args)
            {
                getPart += arg.Key + "=" + arg.Value + "&";
            }
            getPart = getPart.TrimEnd('&');
            var keyBytes = new byte[secureSecret.Length / 2];
            for(int i=0;i<keyBytes.Length;i++)
            {
                keyBytes[i] = byte.Parse(secureSecret.Substring(i * 2, 2), System.Globalization.NumberStyles.HexNumber);
            }
            var hmac = new HMACSHA256(keyBytes);
            var hash = hmac.ComputeHash(Encoding.ASCII.GetBytes(getPart));
            var hashString = BitConverter.ToString(hash).Replace("-", "");
            var requestUri = "https://migs.mastercard.com.au/vpcpay?"+getPart+"&vpc_SecureHash="+hashString+"&vpc_SecureHashType=SHA256";