Can you use custom HTTP request methods with http.client? - c#

Is there a way to use HTTP request methods that are not implemented by System.Net.Http.HttpMethod?
I try to update files with a REST interface. The way it is implemented, I GET a list of files and their hashes. Then I check if any of these files have changed on my side and if so, I POST each file to the API, otherwise I skip it.
When I'm done, the endpoint expects an UPDATE request to know that I'm done sending files. But there is no UPDATE method in HttpMethod.
Is there a way to alter REQUEST_METHOD manually in a HttpRequestMessage or do they need to recode the endpoint?
Looking up System.Net.Http.HttpMethod only gives the following options: GET, PUT, POST, DELETE, HEAD, OPTIONS, TRACE, PATCH and CONNECT. There is no obvious way to add a custom method.

In the case where you need an HttpMethod that does not exist in the static properties of the class, you can just use the constructor which allows you to pass any string method:
var customHttpMethod = new HttpMethod("UPDATE");

Related

Prevent URL encoding at QueryString.Add()

I am making a Restful api using OData, and for some reasons I want to force the expand filtering inside the middleware.
So if the clients sends in
http://localhost:52973/odata/customers
The Middleware should automatically change it into
http://localhost:52973/odata/customers?$expand=Contact,Address
In order to do this I've made a simple if statement inside my middleware
if (ctx.Request.Path.Value.Contains("customers") && !ctx.Request.QueryString.Value.Contains("?$expand"))
{
string uri = #"?$expand=";
ctx.Request.QueryString = ctx.Request.QueryString.Add(uri, "Contact,Address");
}
Unfortunately, it keeps generating the following: {?%3F%5C$expand%5C%3D=Contact,Address}
I've tried adding backslashes inside the uri string, but that didn't solve it.
I would assume that it is url-encoding ("escaping") the '$' character to make it safer, so I would not approach this problem from that angle. I would modify your consumers of this request to url-decode the request, which may be automatically done. See QueryString.ToUriComponent, and also the QueryString.ToString() method too.

How to clean up existing response in webapi?

There is a authentication library that I have to use that helpfully does things like
Response.Redirect(url, false);
inside of it's method calls. I can't change this libraries code and it's fine for MVC style apps but in angular SPA -> WebApi apps this is just awful.
I really need a 401 otherwise I get into trouble with CORS when my angular scripts, using $http, try to call out to the auth server on another domain in response to the 302, that's if it even could as the Response.Redirect also sends down the object moved html and the angle brackets cause an error to be thrown.
Since I have to make the call to the auth library first the Response.Redirect is already in the response pipeline and so I need to clean it up to remove the body content and convert the 302 into a 401. I thought I could just:
return new HttpWebResponse(StatusCode.UnAuthorized){
Content = new StringContent("data");
}
but this just gets appended to the response and doesn't replace it plus I also need the Location: header which I can't seem to access via WebApi methods.
So instead I've had to do this in my ApiController:
var ctxw = this.Request.Properties["MS_HtpContext"] as HttpContextWrapper;
var ctx = ctxw.ApplicationInstance.Context;
var url = ctx.Response.RedirectLocation;
ctx.Response.ClearContent();
return new HttpWebResponse(StatusCode.UnAuthorized){
Content = new StringContent(url);
}
But this seems terrible and counter to webapi "feel". Plus I'm tied to the controller in doing this. I can't get the wrapper in a MessageHandler for example.
What I'd like to do is monitor the response for a given route in a message handler or in an AuthorizationFilterAttribute, if its a 302, I want to read it's headers, take what I want, wipe it and replace it with my own "fresh" response as a 401. How can I do this?
You might want to write your own ActionFilter and override its OnActionExecuted method where you can access HttpActionExecutedContext. From there, you can check response code, for example, and overwrite response with whatever you want.
Ref: https://msdn.microsoft.com/en-us/library/system.web.http.filters.actionfilterattribute.onactionexecuted%28v=vs.118%29.aspx#M:System.Web.Http.Filters.ActionFilterAttribute.OnActionExecuted%28System.Web.Http.Filters.HttpActionExecutedContext%29

HttpClient DeleteAsync with Multiple records

I'm using the sendgrid api here:
https://sendgrid.com/docs/API_Reference/Web_API_v3/Marketing_Campaigns/contactdb.html#Delete-a-Recipient-DELETE
and it shows passing an array of strings to the DELETE call. When I look at the signature of System.Net.Http.HttpClient, DELETE does not allow for content to be passed in.
Is there a standard around DELETE that does not allow for multiple content passed at the same time?
API definition:
The HTTP/1.1 RFC states that a DELETE request's payload has no defined semantics.
It's not illegal to include a payload, but this means that if a payload is included, it should be ignored.
Many HTTP clients, such as the one provided by the .NET framework, don't provide an interface to include a payload when it has no defined semantics for the method.
Unfortunately, many REST APIs do require a payload with these methods. You can accomplish this by manually creating a HttpRequestMessage object, setting the Method and Content properties, and passing it to the HTTP client's SendAsync method.
Create an extension method
public static class HttpClientExtensions
{
public static Task<HttpResponseMessage> Delete(this HttpClient client, HttpContent content)
{
var request = new HttpRequestMessage { Method = "DELETE", Content = content);
return client.SendAsync(request);
}
}
However I cannot recommend it, as it breaks basic assumptions of HTTP, which allows efficient HTTP Proxies to work.
The "correct method" around this problem is to use HTTP 2.0 (or HTTP 1.1 Pipelining, which is deprecated due to it being mostly broken, but you could try it out) to create multiple DELETE requests. In theory that solution does not require any code change.

.NET 4.6 HttpResponse.PushPromise methods to manage http/2 PUSH_PROMISE header

I am a bit confused about PUSH PROMISE http/2 header handling in .NET4.6.
When I look HttpResponse.PushPromise there are two overloads:
One that accepts path to resource public void PushPromise(string path) - am assuming resource is then read and binary sent across to client.
Second public void PushPromise(string path, string method, NameValueCollection headers) that accepts sting method and NameValueCollection headers which I am failing to understand.
Why would I want to pass method (assuming HttpMethod like GET, POST, etc) and collection of headers inside PUSH PROMISE header?
From reading the HTTP/2 spec (Section 8.2), here is what I gather:
Passing the method
PUSH_PROMISE frames are required to be cacheable and safe. You have the option of using GET and HEAD, as those are the only two http methods that are defined as both safe and cacheable.
Passing headers
Since PUSH_PROMISE frames are required to be cacheable, this could be used to add specific Cache-Control directives to the promise. Section 8.2.2 of the spec states that a client has the option to download the promised stream and can refuse it, which I imagine a client would do if it found that it had an up-to-date version of the resource in its cache.
Controlling caching is the most obvious reason I can see for why you might pass headers, but there may be other reasons as well. If you're writing a custom client, you may use certain X-Headers to provide other hints (that aren't related to caching) to the client so it can decide whether or not it wants to accept the promised stream.
You'll want to pass headers for anything that will cause your response to vary (i.e. anything in your Vary response header). The biggest one I've found is compression.
Read those headers from the original client request and include them with your push promise, e.g.:
var headers = new NameValueCollection { { "accept-encoding", this.Request.Headers["accept-encoding"] } };
this.Response.PushPromise("~/Scripts/jquery.js", "GET", headers);`

Need help understanding this HTTP GET request

I am trying the construct a HTTP GET web request that satisfies the following criteria
GET /v1/session
Host: developer.messenger.yahooapis.com
Authorization: < Standard OAuth credentials >
From what I know about get requests is that they are something like this :
https://someaddress.com/&parameterA=valA&parameterB=valB
where parameterA and parameterB are the parameters that are required.
Now I want to construct a similar address for the above mentioned criteria. How can I do that. I believe the address would be https://developer.messenger.yahooapis.com however I am not sure what the other requirements are for such a get request. I would appreciate it if someone could disect and specify the requirements of the above(Topmost) Get Request so that I may be able to construct a valid GET request URI.
https://developer.messenger.yahooapis.com
so your request url should be like
https://developer.messenger.yahooapis.com?parameterA=valA&parameterB=valB
you get your data in your $_GET array, just add print_r($_GET)
For a request, you need a URL like
https://developer.messenger.yahooapis.com
BUT that is only the hostname.
you need to specify a resource that you want to GET like /v1/session, so your URL is
https://developer.messenger.yahooapis.com/v1/session
If you want to pass some parameters you have to signal that the pointing part of the URL is finished. You do this with an ?. Now to add the parameters, you basically add name-value pairs, like var1=value. For multiple params use a & to seperate them. Slapping all together you get a
https://developer.messenger.yahooapis.com/v1/session?var1=value&var2=value
as URL. Now hand it to your HttpGet-method.
HttpGet will now build a request and later send it to https://developer.messenger.yahooapis.com the host/server who will return the resource to your client. To tell the host that you have the rights to access that resource, the request must contain the neccessary login informations, thats what oAuth is for. Those credentials have to be added in the request header before executing the get-request.

Categories