MyCommerceServerProgrammingTips

Understand the two different programming models

• local (in-proc) vs agent

• Creating a new shopper

• Getting the right catalog for a user

Order Tracking Number Pointers

• Changing Order Number Behaviour in Commerce Server 2007

• Info from the news groups

• Do it yourself

• Other Google results

Catalog Gotchas

• Category and Product Name Mangling

Decryption of Credit Card Numbers and other Profile Information

Credit card numbers are stored as part of the profile information, not part of orders. Profile information, including Credit Card number is typically encrypted to protected it. The "out of the box" method of supporting this with Commerce Server 2007 is the use of RSA public/private key encryption. Keys are generated using the ProfileMangerKeyT(.exe) Tool. (See the documentation.) If you need to later retrieve this encrypted information, for example you process orders offline, you'll need to be able to retrieve this encrypted data. The key format utilized by Commerce Server's implementation is not compatible with the .NET API's, so the only way to retrieve this data is using the Commerce API. One way to do this is to retrieve the data using the Profiles Web Service. This can be done even without installing Commerce Server libraries/assemblies on the machine performing the retrieval. Just use the usual method of adding a web reference to the project to generate a web service proxy. The code looks like this:

using System;
using System.Collections.Generic;
using System.Text;

using System.Xml;

namespace CCDecryptDriver
{
    class Program
    {
        static void Main(string[] args)
        {
            CCDecryptDriver.profiles_ws.ProfilesWebService ws = new CCDecryptDriver.profiles_ws.ProfilesWebService();
            XmlElement profile = ws.GetProfile("{1f461bc4-798d-47d8-9d9e-558f09c13651}", "CreditCard");
            string ccNumber = profile.SelectSingleNode(".//cc_number").InnerText.ToString();
            System.Console.Write(ccNumber);
        }
    }
}

The trick to get this to work is to update the Profiles Web Service web.config file to include the key information (or pointers to it). This looks like this

                <profilesWebService 
                        siteName="StarterSite" 
                        authorizationPolicyPath="ProfilesAuthorizationStore.xml" 
                        disableAuthorization="false" 
                        searchResultsLimit="500" 
                        bypassProfileCache="true"
                        keyIndex="1" 
                        publicKey="registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007 Keys\StarterSite,PublicKey" 
                        privateKey1="registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007 Keys\StarterSite,PrivateKey">

---

• CategoryMicrosoftCommerceServer