 Hi all. Hope everyone is doing well. In this circumstance we are having a lot of things going in our life. Apart from that we are today eager to learn something to grow our knowledge. I am thankful to Payment Village for giving me this opportunity to deliver this wonderful session. And we are going to our session architecting modern payment gateway in .NET Core with Ashur. Why I took this topic as a concern? What exactly today we are going to discuss? Today we are going to discuss about how we are going to architect our payment gateways in .NET Core. That is today here I am using Stripe. You can use some other third party tools like Payable, whatever it is. Wherever we are using the bank credentials, wherever we are using the customer end details, we need to follow the compliance rule so that we can have the security as well as we can prevent from data breach. That is the main concern of security. That is the main concern of everyone to make the apps available to user end. Security is the main thing that makes us important to work with the banking clients. So I choose this platform as a basic platform to implement the security. At first today as a demo we are first going to see how exactly our payment gateway is designed in our .NET Core. Every framework has its own style of doing their payment activities or some other activities. So .NET Core has some special architecture. So we need to understand the architecture to implement the payment activity. So let's go to the next slide. I want to explain about myself. Who am I? So it may be fit to you to understand the titles. Very good. I am Menaka Bhaskar Pillai. I am working as an associate software engineer at Aksancha Digital. And I am a C-Shop Corner MVP with Azure and .NET certified professional with a blogger and an international speaker. You can reach out to me via my LinkedIn or Twitter as well as you can drop me mail. I will keep on checking. For any doubts and clarification you can approach me via any of this platform. So let's begin our slides of how we are going to explore our architecting the payment gateways in our .NET Core. So what we are going to discuss today, the Ajanta is the main thing that gives the detail of what we are going to see in further upcoming slides. Why payment security is important at its peak now? Whatever the key features of payment app, why we go to .NET Core for payment integration, key components in Azure for secure payments, Azure payment processing environments, Azure security capabilities. You can see two words as common, .NET Core and Azure. Because as a .NET developer, we guys are not using .NET framework, even it has the upgraded version that is similar to .NET Core. .NET Core supports each and every OS that starts from Linux to Mac to Windows. But .NET framework supports only .NET Windows. So that's the main reason we are facing many difficulty to implement the solution via .NET framework. So we are migrating to .NET Core. And another thing is .NET Core supports the open source platform so you can take the code and you can also contribute your code. So that's the only reason we are going behind the .NET Core. Implementing security with behind the scenes is very complicated compared to doing with .NET Core and Azure. As a cloud provider, Azure is growing as a faster and faster in implementing the security. It has a lot of services that we use for securing your application. For a business need or on the basics of business requirement, you can use any of the service that makes your application secure from each and every point Today we are going to discuss the start and end wherever we can implement Azure in securing your web application. Before that we need to understand the architecture of how exactly the payment application can be implemented using the .NET Core. So I created a small demo to view you how the architecture of the payment application looks alike. So we can see the demo at the middle of the topic where .NET Core comes for the payment integration. Before that we can go to our next slide. Why payment security is important at its peak? You can see payment security is the place where the customer is giving his code data and for his owner whom he wants to pay something. My code is more valuable as compared to my life. Any breach in data or any security incompetence that leads to the amount from my code that being disappeared. And second thing my entire details and personal and professional details can also be leaked. That can impact my family's circumstance also. So implementing security in payment gateway is very major and it's very trendful in today's concern. Every banking securities are being highly concerned about implementing the security. So the usage of mobile payment expected to reach by $5.03 billion by 2020. So what they are telling is we are not going for the traditional approach of paying something with via our website where it is highly productive environment where we need to log in again and get to method transaction detail. And again we are giving some detail to encrypt your details that you are the one who belong to that bank. We are easily accessing everything from our mobile including the payment application. I am I can say like Paytm also other application everything been integrated with the payments. So I am ordering something in Flipkart that takes me directly to Mejipay or another wallet. So I can add my payment. So nothing of the application nowadays they are developing is with payment without payment is very rare. So the concentration of security also booming here 225. 2025 in addition 75% of all financial transaction will be cashless by 2025. You can consider now itself it's a corona time. We are having the payment application. So we are directly paying without court. So what exactly here happening is I don't need to depend on someone or my court to pay my cash. I can pay by single click. So that is the concern that makes the security as important in today's scenario. What are the key futures of payment app? Okay, I'm developing an application that supports my payment. What are the futures I need? What are the futures I need to concern while creating or developing an application? First thing I should have the notification pop up whenever transaction appearing. I need to get notification via my mail via my SMS via other things that related to my payment. So notification is a primary concern. So I can track the amount that been debited or credited billing and invoicing. Billing and invoicing is a track about how much cash I've been deposited. How much cash I've been withdrawn. Transaction history is a history. So I can trace this amount, this much amount I've been spent, this much amount I've been withdrawn. So fingerprint security. This is the main security that need to be implemented in further upcoming apps if it has not been in before application. So fingerprint is like, it's not similar to everyone. So it give the distinct of humans. So I can access via my fingerprint. That is also main thing. Cryptocurrency is a booming technology without cryptocurrency. We cannot say like my application is secure or not secure. So bitcoins and cryptocurrency are leading in securing our application. So here comes our main topic. Why we go to .NET Core for payment integration? It provides a cloud ready environmental based configuration system. So deploying my application which I designed for payment purpose is very easy if it is a .NET Core application. Because everything are very customizable. I don't need to write lot of code to maintain my application or to develop my application. It's a very light weight because .NET Core itself a light weight. And it stimulates the high performance with modular HTTP request. .NET Core as I said before it is easy to maintain as well as update. As in first slide itself I told why people are migrating even as a .NET developer from framework to .NET Core. It is very very easy to support every OS starting from Mac, Linux and Windows. So that is for very good to develop something in .NET Core. So I don't need to do a code reuse or copy my code to support the other system. It is a scalable one so I can able to scale my application as per my trends. Easy to integrate inside and outside as well as on Google cloud platform. Along with other cloud platform that using Agenics or IIS or other supports. So let's see here itself at demo how exactly the architecture of the application via .NET Core will be looks like. So I am going to my coding session where I implemented a simple application that uses the payment third party tool. So see this is how my architecture looks like. I choose .NET Core web MVC. So I have my views, model and controller folder. Startup is the place where my code starts to work. So I need to register my middleware HTTP every action been performed here. I am using third party tool called Stripe to integrate my payment in my application. So if you are using any tool for integration either it is a Pable or Stripe or anything. Just go to the official documentation. You can get idea how to integrate with your SDK. It's a Java or .NET Core. Since I am doing .NET framework I am just converted that to my .NET Core platform. So since I am a .NET developer I just use the .NET Core for implementing the payment solutions. So what I am doing is for implementing the Stripe we need to have two things. That are the environmental thing that reminds constant. Here I am declaring my environmental variable as in appsetting.json. So it's easy for me to work on that. Sorry here it's appsetting.development.json. It holds the tooth primary things like publishing key and my secret key. This acts as a main thing while we are doing our transaction. So in order to use our keys from the appsetting to our controller or model class we need to register or we need to consume this value to our startup class so that it may be available to all of our services. So what I am doing here is I am just configuring my key here. So this is a common thing that you need to do. Like I am getting the value of secret key that is some mandatory step to be done. So what I am doing is I already have my class that holds the method of set API key. This sets the key API from the secret key. After doing that I need to register my class that going to use because tightly coupled the class so I just need to do this by using a class. So I just created a data class inside my model folder to use those keys. So those both the keys what you declared in appsetting.json need to be declared here also with the same name. So here I want to bound my values so from the appsetting.json which is declared here. So I am registering my class so I can use my class via injection dependency. So configuration.getsection. So this get section holds the value of both the published key as well as the secret key. Once it is done I need to design my controller. So how my values been obtained. So I am going to my controller class. Here my controller class has the values of charge that both the things been originating from the form of stripe that I will show while I am running the application. So it contain the stripe email as well as the stripe token. So from this I am going to create the customer. I am going to validate my customer like the email of the my email that been I am entering along with the source everything. After that I am just paying some amount by fixed amount. So while the status code is succeeded I am just viewing my transaction is succeeded. So it is very simple to implement because I just give my endpoints that is environmental variables in my appsetting.json that is development.json. And after that I am consuming my both of my keys like by using a tightly coupled class that I declared as a data class. Once after that as I am just doing the action method by consuming from my view those are my email as well as the token from my view page into my controller. See here I am just using that. After that what I am doing I am just creating the transaction by means of what I want to do. So I just give the currency value description and everything the charge options I am just creating. After that I am retaining the status code. Here you can validate whatever the thing you want. Suppose you want to send some mail you can add those things. It is additional thing for the deeper application developer. You can add those things also. But it is not that much important if you are going for a test purpose. For a demo purpose I just want to show you how it works with the third party that is right. So I am just running. It takes some time to load. Yeah. So a simple line of code with very less complication is integrated my payment third party tool with my dotnet core MVC application. So what I am doing is I am just testing I already have one card. So I am just paying this. So my controller will hit here. So you can see from the form. It takes the values of email as well as my stripe token. That's a token that being generated. Those text box been already designed by stripe. We are just consuming. So just keep in mind giving the name should be very punctual compared to what exactly in your stripe. So after that I am creating a customer service object and a charge object charge service object. My customer is creating a new customer using a create operation. Once again it's loaded. You can see my customer while I'm hovering. I have my customer ID and my object and some other detail. If you want to give something you can add just given the important things. After that my charge service. Here I will have my ID amount refunded. You can add all those things if you want for if I'm going to design a complete application not for a test. I just want to give everything. This is for the charge operations. What kind of charging you are performing. Like you are charging based on your USD or IN or depends upon your currency value. This is a charge option that you need to be considered so two things you need to consider that is a customer validation that is what we perform before creating the customer and you are consuming the value from your form and by means of that you are creating that charge value. So after that the status code. So if it is validated I just want to go to the transaction ID. This is for my display purpose. If I want to display my transaction ID I can do here or some other email triggering. Every options can be performed after it is succeeded. So I can able to view this. So my code succeeded. So it's returning to view. Transaction is succeeded. Check email to view that. Okay it's fine. This is already the running application that I have already the stored value. What if I want to do from the scratch where I've been written those kind of script what I am having in my view page. So I will show that also it's taking to load to pay with code. No I don't want to do for the existing detail. I want to do some cookie clear out or something so it will clear. Mostly for banking details we shouldn't use this type of code registering until unless it's necessary we should not have the practice of this. Just I am going to use something like for testing purpose this have some test mode take any code number from this for testing purpose. So give the year and because expiry date will be future. So give something in our future dates and give any three numbers because it's for testing. Sorry. And zip code is location code. You remember me and it will ask you a phone number. You can give your original number or something somewhere but don't give the usable number because it will trigger the type message to them. So give something that is not existing. If it is validated only it will show you green thing. So it's validated. So I can just give continue because I don't need to explore because I already explored that. So see the new code also. Transaction has succeeded. Check email to view the report. So my view page holds all my details. So view page will be like you need to add the view from customized view or from the existing view. I just use the existing views because I am showing everything in a single page today. So this is where I just need to add the script of the stripe along with the other future. These are the futures that being displayed in your form. So if you want to add a zip local code or something you can add here. Or it is an inbuilt property. So you can choose auto auto property to set in your that need to add some flavors to your form. So those things are customizable. You can add those things. That is guys. So how our payment gateway looks like using the integration with the third party tool looks while we are constructing or detecting in our dotnet core. Do you feel this is secure? I can develop like this and I can give to my customer and to start doing your payment. I just do deployment in my production and give. No, because this is not at all a secure one. It is not even having authentication or any token validation. Whether the user is existing or not existing and my values been already registered. So it's not secure. So how we are going to implement the security for the same application via Azure. If you want to implement security for the same application with Azure, we have lot and lot of services. As I said before, based on your requirement, based on your need, decide what kind of security you want, how much approach, you want to deal with your application, how much compliance your application need to be. So we are going to see some of the Azure service that is used to implement the security in your payment application and that is very much useful for architecting your application with wide level of security. So let's go to our slide. So. Key Azure component to secure your payments. This is very limited guys. You can go with Azure's complete services. There are a lot and lot and lot of security components that can you can use in nook and corners of your application development. But these are very basic services that in ready in a normal payment application should needs need to be done. So the main thing is like Azure ad application. I'm doing something with my windows authentication. It's up to my windows. I cannot say after I'm published it to my Azure app service, I deployed my application and after that I published my application. I want to deal every user in a cloud. I can use Azure ad application so that it authenticate the user along with this password so the particular person with the particular knowledge of particular thing he have can able to log in even that also provided by the cloud service. That is quite good because my application is also already in my cloud and my application authentication is also in my cloud. So this is the first way to secure your application if you are using the payment gateways after that. Azure key valid. Whenever my token is getting originated, I want somewhere to store my token so I can use my token to secure my application. I cannot simply store my tokens that been originated in my application somewhere so I can use again to use again. So we can use Azure key valid so it is a secure platform. You can keep everything it name itself and it symbol itself have the key symbol. So then Azure SQL always encrypted concept. This is the main concept and main thing that need to be concerned while we are developing from our database end because the encrypted concept is very useful while we are doing something as a backup knowledge of the transaction details or another thing we want to track for every application. So Azure SQL always encrypted concept is helps a lot. Azure DDOS production. This is a recent production that taken into the account because DDOS production plays an important role of security breaches and other security danger and hazardous to your modern web application. So these are the five main core concepts that need to be implemented while you are architecting your modern payment gateway or modern payment with any of the third party tools. So next thing is like this is I want to develop application that is completely secured from my back end to front end even from my data storage that I need to implement by means of Azure. How can I do that? That's the thing. So they have every security features that need to be implemented while you are developing your application via Azure. So if you are using a database at your back end, just try to use the Azure key valid for protecting your all the values and everything that is like a tokens or something and there is a special thing for you governing your security of an application called Azure security center. And as I told you the encrypt concept there at the SQL and Azure block storage is highly secured so you can store your block or any other file oriented data that is a transaction bills or anything in a block storage. OMS log analytics used to trace the logs, what are you doing at the security level so you can implement the security and application insight specially for monitoring your application. So any insecure communication or insecure request being getting into your application so that it will product your application. After that coming to the Azure active directory and our role based. So role based authentication is very important. It is like a role based access control. It is like what role it is going to be and how I can secure my application. It is similar along with the Azure AD also we can authenticate the user by AD service also. Once I'm coming to my friend 10 I'm using the load balancer that is the payment gateways. So along with my app service environment I can customize my application by adding my certificate SSL certificate or other certificate so that's very important and main thing is like application gateway is very important like I can implement by normal third party tool we have oscillate. If you're going with cloud you already have the application gateway so secure your application balance your load lot of request coming to one server it's so hard. So the application gateway split the loads according to the servers so it act as the direct contact to your client rather than to your API or some other so your client don't need to approach directly so all of these are product by some of the thing is Azure DNS. This is a very main concept if you are developing those things the back end, front end along with the middle tier everything I can be completely wrap up inside my DNS and in the environment so I will have my storage policies along with other security policies and compliance and certified experts so that makes my application productive if I am architecting my application we are Azure services so this is how the exact architecture of your application looks if you are implementing a normal dotnet core application through your Azure service guys think after seeing this what you are getting into that knowledge like it's very easy and it's very cost consumption is very less and other security breach also very less I will tell when further slide why my other things also like cost consumption is less as well as why I can say this is a compliance one why I can say believe this I can use this much things inside my application so this is how exactly architecting the modern payment application we are dotted core with Azure service looks like use at least some of the services that is very important to your application where you are implementing the payment application things so not all services you do need to use but there are some services you must need to use because of conducting your application even though you are not using this cloud service provider there is some other cloud service provider also need to use some of the things like authentication load balancing API gateway so that will act as the protector of your application from malware or another hazardous things from hackers or some things so data residency and boundaries today we are going to discuss this data residency why we need data residency like our data being stored somewhere so whenever my data being lost I just need to depend on my own data center where I stored all my data by using or migrating to cloud it makes me available as a copy or reflect my copy to multiple region and it's accumulating my multiple regions as a single availability zone to multiple availability zone so inside a single region I will have multiple availability zone and all the availability zones are interrelated to each other and I will have another region that both my regions also interlink to each other so for accessing my request and approving my request for performing the action I don't need to depend on something as single availability zone I can perform everything with my facility parameters so I can have building entrance inside the building and data center floor so it is very useful while we are designing our web application with lot of security features everything inside a single thing is very hard to understand and very hard to product the data we need to keep our eye open to identify where it is what it is so just make this things very clear like that is the only reason we are migrating our things to cloud they provide lot of availability because data breach and data loss is not possible in cloud as we follow is policy futures so this is one of the important slide to understand Azure SQL database security capabilities as we discuss in our further slides like in our older slides I think so we see like encryption concept by means of this we have the customer data and we have the information production threat production access management and network security think someone want to access your data need to pause all of the layer to access your data at the center that's quite that is even if he breaks the first first and it was security he need to meet the access management after the threat production after that information production to reach your customer data there so our how much our data is been productive inside our cloud by using the Azure SQL security capabilities so if you are working in a DB and it's very good to use DB security capabilities that is such as security capabilities so that makes our application to work good and secured industry leading Azure security we can say why Azure is growing tremendously if I am choosing Azure as a service provider for me what is the difference of my cloud service with other services why it is because for a banking application or some other application where I am using my e-commerce application where I am using my customer details it's not good to go with something which I have no knowledge because data privacy is very important so why I need to go to Azure because the only thing is like it's not a one and only thing the main thing is like they invest nearly one billion dollar annually so for implementing the security future not only for Azure security environment but for all the services in Azure for implementing the security so each and every services of Azure implements the security so that makes people who works in the normal application to the high end banking application secured in what they are using and this is how long 3500 security expert and it has caused a lot of company certification so seeing the investment itself we can understand the security experts and the company certificate it got that makes us to move towards the cloud service provider so if you want to work in a secured environment where you need to keep everything in a very good maintained manner well maintained manner in a secured manner you can start to implement your cloud service provider Azure to all your activity from back end, front end and even at the middle there also so we ended the session I hope I made your day like I just delivered my session this is a thank you slide I want to thank you all and everyone for listening my session for any doubts you can ask me I'm here to clarify your doubt if the doubts be not a satisfactory you want something to get more you can approach me again we are my social platform so I am available so this is our today's session guys thanks for giving me an opportunity to pay my village