Hi

I am trying for the first time to make a site that takes payments and stuff.

What I want to do is this.

User pays a subscription fee. The user gets to a special members only page and can keep going to the area until the subscription runs out.

Now I am not sure how to do this lol.

I have some ideas.

First I would like something that is pre-made that handles the transactions. I really don't want to write a system to handle credit cards and paypal stuff because I just don't have the knowlege or time to make this and make sure it is secure and works proper.

Now provided I have this I have some bits and pieces on how this would work.

I am thinking of using aps.net membership. So when the user would buy a subscription they would be taken to a register page(with asp.net register control) where they would register a user name and make a password.

Once all this is done I would add them to the membership role that would allow them into the membership pages. I would store in a database the dat they subscribed and the date it will end. Everytime they login then it will do a check against these dates to see if they can enter or not.

When the subscription ends it would remove them from the membership role into another role that denies them from entering the page.

So thats how I sort of think how it will work if there are better ways please let me know.

Thanks

There are Payment Gateway components out there that you can integrate into your site that abstracts you from having to integrate with XYZ payment gateway. .netCharge is one such component: http://www.dotnetcharge.com/features.htm I have never used this component, nor any others for that matter, since I tend to roll my own. Obviously .netCharge is a commercial product and, as such, there is a fee involved in using it (I am not so sure how much luck you will have with trying to find a free component).

Next, I think you are on the right track with your business logic: user registers a login, pays XYZ amount, the account has an expiration date, etc. What I would probably add in the middle there is that a week or so before the expiration expires I would send out an email to the user informing them as such and provide them with a link where they can renew their membership as opposed to waiting till the come to the site one day and, lo and behold, their account has expired!

hth.
-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================

Hi I found 2 not sure if they are like the ones you posted. For me paying money is not an option. This is just for learning and the project probably will not make that much money if any.

http://dashcommerce.org/
http://www.nopcommerce.com/

Not sure how they work yet and if they have there own sort of controls(like login and stuff).

How hard is it to roll out your own sort of checkout system? How do you test it?

Thanks

Building a website that has a Membership component is not to hard really since, as you pointed out, the .NET Membership controls make it pretty much a snap. As far as rolling your own "Checkout" solution I would say it is somewhere around a 6 on a scale from 1 - 10, however, this can change considerably depending on the provider you are working with.

In the case of PayPal for example, they provide you with an SDK that you can work from to implement and test that everything is working correctly.

hth.
-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================

Hmm it sounds tempting to maybe use the paypal SDK. I am guessing they handle the storing of the credit cards and sending data securely back and forth?

So really I would have to store there username and subscription date/expiry date.

The nice thing I guess with using a SDK and writting yourself is that I will have more control over it since maybe these other packages use there own login controls or something.

To answers some of your other questions from your previous post. Yes I agree an email notification would be a great idea of course this is down the road. My orignal plan was to have a counter in the membership area saying when their subscription will expiry but now I will probably do both.

Another thing I was thinking about is can you block access to a certain webpage unless it was redirected from an certain link?

I was thinking what if I have it they pay for subscription then they are redirected to create account page to make there account.

What would stop someone from just skipping the payment and typing in the direct url to the create account page?

So I will look into the paypal SDK and see how it looks and hopefully if I go down that route I won't screw things up and have weird bugs

The fast and dirty way to prevent people from accessing "ProtectedPageA" is to create a seperate directory within your website and drop a web.config file into that directory that would dictate who does and does not have access to said pages and directories in that folder. (Do a google search on Forms Authentication, it should net you the results you are looking for)

Allowing users access to a page just because they came from Z page is a bad practice since it is trivial to spoof a Referrer.

Next, keep in mind that you will still need to install and use an SSL certificate on your checkout page. While the communication from your website to PayPal will be over SSL you still need to encrypt the data as it goes from your form into the PayPal system.

hth.
-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================

Then how would I get the same result but good practice?

So I have to use this SSL? Just looking at my hosting that is 20/year and I really don't want to spend that money at this time.

Do some research on Forms Authentication to get the same result in good practice. It will net you the results you want.

As far as SSL goes, you dont *have* to use it. However, it is somewhat pointless to have a checkout system if you are going to pass a CC number and info over in clear text, no one would use it.

hth.
-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================

I am not sure what I should be looking for in Forms Authentication. Theres alot of stuff about it but nothing I can see to help me out with my problem of where to go after they completed the order and are now ready to make an account.

You will want to look in to how to deny users access to directories. This should help you:

http://www.google.com/search?hl=en&r...ion+deny+users

-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================