Prerequisite for this article: You should have the basic idea of handling IPN from this page: handling IPN .

Every payment buttons except ADD To Cart button (i.e. BuyNow Button, Donation Button, Upload Complete Cart Button etc) come with the event IPN_Notified. If you handle that event of those buttons, then you do not need to use IPNHandler Component at all.

The IPNHandler component is designed for those scenario where you want to use different pages for hosting your Payment Button (i.e. BuyNow button) and PayPal IPN logics.

In order to associate the IPNHandler component with a PayPal IPN Notified event caused by a Payment Button (i.e. BuyNow Button, Donation Button etc..) you need to follow the following steps:

 (The example is shown for a BuyNow button, but the same procedure works for all other button controls)

1. In the design mode of a BuyNow Button, open the smart tag wizard and go to the tab named "Step 3 (IPN) as shown in the following screen shot. Check the third option and provide the relative path of the dedicated PayPal IPN handler file.

2. Once you have done this, you know that, "~/Products/my_ipn_handler.aspx" is the page which will be called by PayPal Instant Payment Notification system. So, you should place an instance of the IPNHandler component in this web form.

3. Now, create an aspx page named "my_ipn_handler.aspx" and place an instance of the IPNHandler component as follows:

The "IPN_Notified" event of the IPNHandler component will be fired as soon as the page is loaded (called by PayPal IPN). You should place only one instance of this control in an aspx page. Because, if you place multiple instances, all instance's IPN_Notified event will be fired as soon as the page is loaded which is not an expected matter at all.

 This page is supposed to be called by PayPal IPN and so there is no need to place any User Interface control or html elements in this page. Even though if you place any html on this page, all html rendering will be suppressed whenever this page is loaded.

4. Now, once you have placed an instance of this component into your webform, attach an event handler method for the event "IPN_Notified". This event handler method is the method which will contain your business logics.

When the IPN_Notified event is fired, all transaction information becomes available as strongly typed objects (categorized collection of composite properties and collections) through the Event Argument Class.

IPN Notification Validation: Preventing Fraud

After your server receives Instant Payment Notification, you must confirm that you received it. This is known as notification validation, which is a means for PayPal to help you prevent spoofing or “man-in-the-middle” attacks. When you are using this control, you wont need to worry about this phase. This control sends a POST back to PayPal after it receives the IPN and verify the correctness of the data and an event argument object (e.IPN.Status) holds the result of this validation. You wont need to do anything at this phase but you must check the value of e.IPN.Status as follows:

if(e.IPN.Status == PayPalIPN.StatusCodes.Verified)
{
   // Verified.
}

Once you have checked that the validation result was Verified, you must check the price, transaction ID, PayPal receiver email address and other data sent to you by IPN to ensure that they are correct. By examining these data you can be sure that you are not being spoofed.

When you receive a VERIFIED response, perform the following checks: 

1. Check that the e.PaymentInfo.PaymentStatus is Completed. For example, the following snippet shows the usage.
   if (e.PaymentInfo.PaymentStatus == IPNPDTPaymentInfo.PaymentStatusValues.Completed) 
   {
     // Completed.
   }
2. If the payment status is Completed, check the e.TransactionID against the previous PayPal transaction you have processed to ensure it is not a duplicate.
3. After you have checked the e.PaymentInfo.PaymentStatus and e.TransactionID, make sure the e.ReceiverEmail is an email address registered in your PayPal account.
4. Check that the price, e.PaymentInfo.McGross, and currency, e.PaymentInfo.Mc_Currency, are correct for the item, e.ItemInfo.ItemName or e.ItemInfo.ItemNumber. 
5. Once you have completed the above checks, you can update your database based on the information provided.

If you find e.IPN.Status == PayPalIPN.StatusCodes.Invalid, you should investigate. In some cases, this response is caused by an IPN error, possibly from a change in the IPN format. To determine if it is an IPN error, first examine your code.

Code Example:

Communicating with the server

Please Wait..............................

But, but, if you got any solution about calling a website from the web application in medium trust level, simply let us know and we will modify our control to make it compatible with medium trust hosting and offer you a FREE developer license for this control.

SSL Not Required for IPN

Because credit card and bank information is not transmitted in Instant Payment Notification (IPN), PayPal does not require Secure Sockets Layer (SSL) to encrypt IPN transmissions. 

Still Confused ?