HandleFailedPayments for anonymous users

[500lbdev]

Hi there,

Is there a way to handle failed payments for anonymous users? I've set the HandleFailedPayments property to true on the receipt page. However, since the PayMyOrder.aspx page exists in the Members section, the user gets redirected to a login page which is a problem since the user is anonymous and does not have login credentials. The store I've put together with AbleCommerce uses only anonymous checkout.

Thanks!

[mazhar]

During the checkout when the payment fails for an anonymous user he can access the PayMyOrder page during the same session. I have tried and its working on my local install. What is your application version information?

[500lbdev]

Thanks for the response! I did notice in the code that the PayMyOrderPage control checks to see if the current instance of the userid matches the userid on the order. Is there any canned functionality that would allow us to easily add a link to the PayMyOrder page in the Failed Authorization notification sent to our anonymous customers? I noticed that the /Members/PayMyOrder.aspx page requires the user to be authenticated. Also, the Token.Instance.User.UserId is null for anonymous users when the user comes from an email.

Thanks!

[mazhar]

Its because the browser session is not the same. There could be one workaround but for this you have to do some customization. When anonymous user places the order generate validation code and store it in ac_CustomFields table with order id. Now when sending the anonymous user order confirmation Email send him a link of some public page where he can see the order, the link must contain the validation code of the order and the newly placed order id. When anonymous user returns back to that page by following that link, load the order by getting the order id information from link and then match the validation code of order with the validation code in URL if both are same customer is valid hence show him the order information other wise redirect him to login page.

[500lbdev]

Thanks for the quick reply. I implemented your suggestion and it worked great. If the authorization fails, I'm storing a guid in the custom field and adding that to the email template manually. This guid is then merged with the link in the Authorization Failed email template pointing back to the PayMyOrder page. I had to pull the PayMyOrder.aspx page out of the Members directory for this to work. Is there a way to change authorization privileges for specific pages in the Members directory?

[jmestep]

You can do that using the web.config file in the Members folder. For example, the wishlist page is accessible to all. The code at the start of the file disallows anonymous access, then this code overrides that for the wishlist page.
<location path="MyWishlist.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

[500lbdev]

ASP.NET programming 101. Thanks Judy. I looked in the root web.config folder for the authorization node and forgot to look in the sub directory. I can be forgetful. I appreciate the help.

[mazhar]

Thanks for the quick reply. I implemented your suggestion and it worked great. If the authorization fails, I'm storing a guid in the custom field and adding that to the email template manually. This guid is then merged with the link in the Authorization Failed email template pointing back to the PayMyOrder page. I had to pull the PayMyOrder.aspx page out of the Members directory for this to work. Is there a way to change authorization privileges for specific pages in the Members directory?

Well I think it would better to make a copy of PayMyOrder page and put that copy somewhere in public pages and redirect the customer to that page. Probably you will need to put some code to check the validation code from URL and the one placed with order to find out that customer is valid in this new page. With this approach future upgrades will be easy.