Callback failing

Have you tried installing the GlobalSign root certificate? See at the link below: https://community.onespan.com/products/onespan-sign/sdks Let me know.

So I installed the cert, now I am getting no feedback, I did not get the email telling me the callback failed and it seems my code did not run either? I am still missing something. I am retrieving the docment when signing is complete. Again I have this same code working from dev environemnt with out SSL so I confident I am close =). I am not sure exactly how the Call back key is used, have set that in the web ui along with my return url. When the call back is fired I retrieve the packager id and a user id that I included in the package when it was created. Next I request the file and save it on our server Do I need to also add the Call back key in my request?

[AllowAnonymous]
        public ActionResult SaveSignedFile()
        {
            string eSignUrl = ConfigurationManager.AppSettings["eSignUrl"];
            string eSignApiKey = ConfigurationManager.AppSettings["eSignApiKey"];
            string DocumentId = string.Empty;
            string DocumentName = string.Empty;
            string appDataFolder = HttpContext.Server.MapPath("~/App_Data/");

            try { 

                // Get the received request's headers
                var requestheaders = HttpContext.Request.Headers;

                // Get the received request's body
                var requestBody = string.Empty;
                using (var reader = new System.IO.StreamReader(HttpContext.Request.InputStream))
                {
                    requestBody = reader.ReadToEnd();
                }

                JObject jsonBody = JObject.Parse(requestBody);
       
                string packageId = jsonBody["packageId"].ToString();

                if (!string.IsNullOrEmpty(packageId))
                {
                    EslClient eslClient = new EslClient(eSignApiKey, eSignUrl);
                    PackageId pkgId = new PackageId(packageId);  // DO I NEED to add the Callback Key here?

                    DocumentPackage documentPackage = eslClient.GetPackage(pkgId);
                    Guid userGuid = new Guid(documentPackage.Attributes.Contents["UserGuid"].ToString());

                    foreach (Document mydoc in documentPackage.Documents)
                    {
                        DocumentId = mydoc.Id;
                        DocumentName = mydoc.Name;

                        if (!DocumentName.Contains("Electronic Disclosures"))
                        {
                            byte[] myDocument = eslClient.DownloadDocument(pkgId, DocumentId);

                            //TO DO: Do something with the document
                            System.IO.File.WriteAllBytes(appDataFolder + DocumentName + ".pdf", myDocument);

                            ADFile thisFile = new ADFile();
                            thisFile.ADFileId = 0;
                            thisFile.UserGuid = userGuid;
                            thisFile.ADFileName = DocumentName + ".pdf";
                            thisFile.UploadedDate = DateTime.Now;
                            thisFile.ExpiresDate = DateTime.Now.AddYears(2);
                            adFileRepository.SaveADFile(thisFile);

                            //TODO Update the Package based on the UserGuid
                            ADForm myForm = adformRepository.ADForms
                                            .Where(f => f.UserGuid == userGuid)
                                            .FirstOrDefault();

                            if (myForm != null)
                            {
                                myForm.ADFormStatus = "FileUploaded";
                                myForm.LastUpdate = DateTime.Now;
                                adformRepository.SaveADForm(myForm);
                            }
                        }
                    }
                }

                return new HttpStatusCodeResult(200);

Thanks, Todd

Did you only set up the callback key for this one? Or were you using it before? What the callback key does is pass a value through the authorization header of the http call so that you can check that it's a valid call coming from eSignLive. If it contained no key or the wrong key, you'd know it wasn't from us. It will come through the auth header like: "Basic YOUR_KEY". As for not getting the bad communication emails anymore, are you able to see the call hitting your server in your logging or anything? You might also make sure you white list the eSignLive IP addresses, in case your firewall is blocking the communication. https://community.onespan.com/documentation/onespan-sign/guides/quick-start-guides/developer/environment-urls-ip-addresses#aanchor88

Thanks for the explanation of the of the Callback key and how it is used, the documentation is mostly good but there are some gaps. The text on the sandbox Event Notification page has a note "To enable secure callbacks enter a secure callback key or leave blank to disable" this sounded to me like that was going to be used as the salt for hashing. I did not use that in my local environment I was just testing with out SSL and everything was working, but based on your explaination it sounds like for now it has no impact on my existing code. In IIS I have a v3 SSL Cert applied to my binding, I have installed the gsdomainvalsha2g2r1.crt to the server to the default location do I need to do anything else to get that work? I am still a bit lost on how that new cert is being applied. I will try to watch incoming traffic but it is a lengthy test submitting the form waiting for the emails, signing then watching, then rolling back and submitting another form, is there a way to manually execute that callback so I can cycle through a few times and debug? Once I solve this I give the green light for testing and we can start moving to a production version Todd

Did you try removing the callback key? I doubt this is it, but it's worth a shot. To easily test, you could just use POSTMAN to send requests to your listener. To easily test from eSignLive, you should be able to just go register for the package create notification and create a simple class you can run that will create a new package in your sandbox. This will cause a notification from eSignLive that you can test to be sure you're getting.

Ok, I fixed one issue, I had installed the intermediate certificate to the wrong location, now that the file is in the correct location I am getting the "Failed to communicate with the callback server." again.

Well, I guess that's a positive step forward. Have you looked at white listing the IP addresses for eSignLive for communication?

I will double check with the Network admin but he said we are not blocking any incoming traffic. I am trying to use Postman to simulate the request but I don't think I have the json object correct in the tool. I can post a to my page with out any errors but the code on the beta server is not executing. I am putting the json from the error email in the body of the post request. I will keep trying, this is quite frustrating. Todd

Sorry for the inconvenience. What is your URL that you're trying to get to, if you can post it here? If not, are you able to get to the URL from an external device? Some device that is not on your company network? Or do you get a page not found error?

So I made some more progress, again all code was working using ngrok and pointing to my development environment with out SSL. I am able to post to my beta app using POSTMAN and I actually get back the file but it seems the UserGuid I am passing with package is going missing so my db is not getting updated. So I think I have two problems, one may actually be a firewall or other encryption/decryption issue, but I am going to have to prove it before the network guy will spend some time looking at it or setting up something so track the incoming callback =( Here is what I am using to simulate the callback in POSTMAN Post: https://myadbeta.trilogyir.com/ADFile/SaveSignedFile Body (raw) Type JSON/application/json { "@class":"com.silanis.esl.packages.event.ESLProcessEvent", "name":"PACKAGE_COMPLETE","sessionUser":"d7c6ae30-c696-43bd-9429-0f36d3d72b9c", "packageId":"b517253c-ef4e-4fb0-b43c-4950e485c8fa", "message":null, "documentId":null } When I run the above I do get a file back. But I can't confirm the UserGuid is being returned this is added to my package when I create it. Is there a place in the Sandbox UI I can see all the Properties of the package? I looked the evidence summary but it did not show my UserGuid Attribute. Create attribute:

  thisPackage.WithAttributes(new DocumentPackageAttributesBuilder()
                       .WithAttribute("UserGuid", userGuid));

And I am retrieving that UserGuid from the package Like this:

 DocumentPackage documentPackage = eslClient.GetPackage(pkgId);
                    Guid userGuid = new Guid(documentPackage.Attributes.Contents["UserGuid"].ToString());

I also checked Event Viewer and IIS logs on the server and nothing is jumping out at me showing the Callback being blocked.

Ok, I am getting back the correct UserGuid from the package I tacked it on to the file name so that confirms the variable is being returned. So now just down to figure out why the Callback is failing from the sandbox.

This is working from Postman, you're saying? If so, you're running your call locally, so it wouldn't be blocked from external. If I attempt to browse to your link above, I get that the page is not found. This would appear to mean that your page is not accessible from outside your network. So, it's back to sounding like a possible firewall issue.

Oh man, if that is the case the network guy is going to owe us a few hours. Thanks for your help today, if anything learning about the POSTMAN tool was time well spent. Todd

Hopefully that's it! Let me know what you find out!

The call back is working now, it turns out that there were a couple ip addresses crossed up on our firewall = ( That being said, is the intermediate certificate required? Because of the order of trouble shooting I never got a chance to test the callback with out it.

I don't know if it is for the callback as I've never tested it with https, but you do need it when making calls to the eSignLive API. If you try it out without the intermediate certificate and it still works, let me know.