如何执行HTTP POST并从POST结果重定向到外部站点

所以我可以做以下POST提交并获得重定向到支付网关网站

@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://l33tpaymentgateway.com" })
{
    <input id="RefNo" name="RefNo" type="hidden" value="ABCDE" />
    <input id="Amount" name="Amount" type="hidden" value="300" />
    <input id="UserEmail" name="UserEmail" type="hidden" value="warheat1990@warheat1990.com" />
    <input id="Signature" name="Signature" type="hidden" value="1234567890" />
    <input id="ResponseURL" name="ResponseURL" type="hidden" value="http://warheat1990.com" />
    <input type="submit" value="submit"/>
}

在用户页面上执行上述操作是一个坏主意(数据可以被篡改)，我尝试在服务器端执行此操作。但是我不知道如何重定向用户。

public ActionResult SubmitPayment()
{
        using (var client = new HttpClient())
        {
            client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
            var content = new FormUrlEncodedContent(new[] 
            {
                new KeyValuePair<string, string>("RefNo", "ABCDE"),
                new KeyValuePair<string, string>("Amount", "300"),
                new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                new KeyValuePair<string, string>("Signature", "1234567890"),
                new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
            });
            var result = await client.PostAsync("", content).Result;
            if(result.IsSuccessStatusCode)
            {
                //redirect user, but I have no idea how               
            }
        }
}

任何帮助都将不胜感激。

编辑:THE DOCUMENTATION

Step 1. Merchant sends HTTPs Post Request containing payment details to l33tpaymentgateway
OPSG payment page. Payment Details contain the following fields:
• MerchantCode
• PaymentId
• RefNo
• Amount
• Currency
• ProdDesc
• UserName
• UserEmail
• UserContact
• Remark
• Signature (refer to 3.1)
• ResponseURL
• BackendURL
Step 2. User views and confirms payment details entered in Step 1. For credit card
payment, the user will need to key-in credit card information.
Step 3. User continues to fill in Username and Password at bank website (for non
credit card payment)
Step 4. User selects the account to debit the payment. (for non credit card payment)
Step 5. User confirms the payment. If yes, go to next step. (for non credit card
payment)
Step 6. User views and prints the payment detail. (for non credit card payment)
Step 7. Response is returned to the l33tpaymentgateway OPSG website indicating a successful or
failed transaction.
Step 8. l33tpaymentgateway OPSG response back the payment status to merchant with a
signature
Step 9. For successful payment transaction, the merchant needs to compare the
signature from l33tpaymentgateway OPSG. Refer to (3.2)

从安全角度来看，我认为文档中的HTTP POST示例是一个很大的NO。

<HTML>
    <BODY>
        <FORM method="post" name="ePayment" action="https://l33tpaymentgateway.com">
            <INPUT type="hidden" name="MerchantCode" value="ID00001">
            <INPUT type="hidden" name="PaymentId" value="1">
            <INPUT type="hidden" name="RefNo" value="A00000001">
            <INPUT type="hidden" name="Amount" value="300">
            <INPUT type="hidden" name="Currency" value="USD">
            <INPUT type="hidden" name="ProdDesc" value="Photo Print">
            <INPUT type="hidden" name="UserName" value="John Tan">
            <INPUT type="hidden" name="UserEmail" value="john@hotmail.com">
            <INPUT type="hidden" name="UserContact" value="0126500100">
            <INPUT type="hidden" name="Remark" value="">
            <INPUT type="hidden" name="Lang" value="UTF-8">
            <INPUT type="hidden" name="Signature" value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
            <INPUT type="hidden" name="ResponseURL" value="http://www.test.com/payment/response.asp">
            <INPUT type="hidden" name="BackendURL" value="http://www.test.com/payment/backend_response.asp">
            <INPUT type="submit" value="Proceed with Payment" name="Submit">
        </FORM>
    </BODY>
</HTML>

签名生成:

private string ComputeHash(string Key)
{
    SHA1CryptoServiceProvider objSHA1 = new SHA1CryptoServiceProvider();
    objSHA1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Key.ToCharArray));
    byte[] buffer = objSHA1.Hash;
    string HashValue = System.Convert.ToBase64String(buffer);
    return HashValue;
}

其中密钥是MerchantKey(类似于私钥)+商家代码+ RefNo +金额的组合

public ActionResult SubmitPayment()
    {
            using (var client = new HttpClient())
            {
                client.BaseAddress = new Uri("https://l33tpaymentgateway.com");
                var content = new FormUrlEncodedContent(new[] 
                {
                    new KeyValuePair<string, string>("RefNo", "ABCDE"),
                    new KeyValuePair<string, string>("Amount", "300"),
                    new KeyValuePair<string, string>("UserEmail", "warheat1990@warheat1990.com"),
                    new KeyValuePair<string, string>("Signature", "1234567890"),
                    new KeyValuePair<string, string>("ResponseURL", "http://warheat1990.com")
                });
                var result = await client.PostAsync("", content).Result;
                if(result.IsSuccessStatusCode)
                {
                    return Redirect(result.url);            
                }
            }
    }