I getting the stuck while post the Request json data with bearer token in c#.
EX - Jsondata
"{"data":{"POLICY_NO":"29991231030","POLICY_TYPE":"1","HEGICCardNo_Var":"HC1801724-01A"}}"
response:
{StatusCode: 403,
ReasonPhrase: 'Forbidden',
Version: 1.1,
Content: System.Net.Http.StreamContent,
Headers:
{
Pragma: no-cache
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Date: Sat, 02 Mar 2019 06:21:40 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 28
Content-Type: text/plain; charset=utf-8
Expires: -1
}}
While posting the Json data in web service Respective url with Bearer Token.
Then First Add the AuthenticationHeaderValue as Below C# Code :
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization/Bearer", TokenValue);
HttpResponseMessage messge = client.PostAsync(Url,ContentObj).Result;
Related
We've upgraded our application from .NET 6 to .NET 7 and now the Kerberos authentication fails. I've created a simple console application to replicate the behavior and built it for both .NET 6 and .NET 7. The .NET 6 application does a successful authentication, but .NET 7 fails with the stacktrace below.
OS: Windows Server 2019 Standard
.NET Version: 7
Application: WPF and
Console App, same behavior.
using System.Configuration;
Console.WriteLine("Beep boop bop... starting application");
HttpClientHandler handler = new()
{
UseDefaultCredentials = true,
PreAuthenticate = true,
};
handler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, cetChain, policyErrors) => {
return true;
};
HttpClient client = new(handler);
string url = ConfigurationManager.AppSettings["IdpUrl"];
Console.WriteLine($"Requesting: {url}");
HttpResponseMessage? response = await client.GetAsync(url);
Console.WriteLine($"Response status code: {response.StatusCode}");
Console.WriteLine($"Response: {response}");
Console.WriteLine("Beep boop bop... signing off");
Console.ReadLine();
The stacktrace:
System.Net.Http.HttpRequestException: Authentication validation failed with error - InvalidToken. at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
From a Kerberos point of view, this is the normal process:
Call happens to a URL
The server replies with met een 401 and WWW-Authenticate: Negotiate header
Client replies with a kerberos token
The server does the Kerberos validation and returns a 200 reply with in the body a valid JWT which is the case.
I've omitted the token(s) for privacy reasons and added some X's where other data use to be.
Fiddler results for the Kerberos authentication:
HTTP/1.1 401
Server: xxxxxxxx
Date: Mon, 06 Feb 2023 10:13:22 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 519
Connection: keep-alive
Set-Cookie: XX_JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/xx; Secure; HttpOnly; SameSite=None
Cache-Control: no-store
WWW-Authenticate: Negotiate
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
Proxy-Support: Session-Based-Authentication
HTTP/1.1 200
Server: xxxxxx
Date: Mon, 06 Feb 2023 10:13:22 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1124
Connection: keep-alive
Set-Cookie: XX_JSESSIONID=XXXXXXXXXXXXXXXXXX; Path=/xx; Secure; HttpOnly; SameSite=None
WWW-Authenticate: Negotiate (A TOKEN)
Cache-Control: max-age=0
Pragma: no-cache
Expires: Mon, 06 Feb 2023 10:13:22 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
I was expecting the same behavior in .NET and a successful Kerberos authentication.
I have an web api wand I call it method in an ajax with POST method, sending the parameter as data . It gives me a 404 not found error.
But when I pass the data in the query string , it works fine. Please help me fixing the matter and get it worked when calling the method with data in the body, not the query string.
Note : The web application and Web-api are running on different ports
Sending a concrete type object in query string also does not work and received to web api as null
config
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, contentType, data" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
Controller
public class RiskController : ApiController
{
method
[HttpGet, HttpPost]
public DashboardContainerViewModel GetDashboardContainer(string token)
{
Ajax call
var postData = { token: priv.secToken };
$.ajax({
type: 'POST',
url: 'http://localhost:48060/api/Risk/GetDashboardContainer',
dataType: 'json',
contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
data: postData,
success: function (data) {
pub.dashboardHeader(data.Name);
var defaultTab = _.find(data.Dashboards, function (tab) {
return tab.IsDefault == true;
});
And I get POST http://localhost:48060/api/Risk/GetDashboardContainer 404 (Not Found)
Fiddler request headers
POST http://localhost:48060/api/Risk/GetDashboardContainer HTTP/1.1
Host: localhost:48060
Connection: keep-alive
Content-Length: 142
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost:10452
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:10452/Authorised/DashBoard/DashBoard.aspx
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
token=ETvgg0YH4sx9w%2FiQL5560S20Ja4jGix%2FiBTOFGpQCliYZVilmtKiXPbk30d8FTYbhUWyFqz8%2FqT1pmI0oY6rzDGQ7krL6d2fDKDKwJhfCNFXZxnv%2BPCUj5ki5eizdWOM
Fiddler response headers
HTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?QzpcRGVmYXVsdENvbGxlY3Rpb25cQ0FNTVNfUHJvZHVjdHNcX1JlbGVhc2VcMTQxMExSLUFNXFdlYiBTZXJ2aWNlXENBTU1TLlNBQVMuV2ViQVBJXENBTU1TLlNBQVMuSVJNV2ViQVBJXGFwaVxSaXNrXEdldERhc2hib2FyZENvbnRhaW5lcg==?=
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, contentType, data
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Date: Fri, 29 Jun 2018 05:47:22 GMT
Content-Length: 215
{"Message":"No HTTP resource was found that matches the request URI 'http://localhost:48060/api/Risk/GetDashboardContainer'.","MessageDetail":"No action was found on the controller 'Risk' that matches the request."}
This is most lilkely due to a routing error in my opinion and experience, have you tried looking at RouteConfig.cs to make sure it sets the right routes for your API?
Something like this:
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
Your Controller method uses simple type parameter. WebApi will search for simple parameter in request URL. So if you want to POST parameter, you must tell WebApi to look at the request body.
public DashboardContainerViewModel GetDashboardContainer([FromBody] string token)
But you also need to change the format of data you are sending. Simple type data sent as application/x-www-form-urlencoded must be in format '=value' not 'token=value'
var postData = "=testData";
I'm making a simple c# program to establish if server side compression is available/enabled on various servers. This is my request code below.
using (var client = new HttpClient())
{
client.Timeout = new TimeSpan(0, 0, 5);
client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36");
client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, sdch, br");
var httpClientResponse = client.GetAsync(websiteURL).Result;
string header = httpClientResponse.Headers.GetValues("Content-Encoding").First();
}
I can see by watching the request in fiddler that compression is enabled for this request however I can't seem to extract that information from the response headers in code.
These are the full headers for request and response.
GET https://www.dobbies.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Host: www.dobbies.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server:
Set-Cookie: ASP.NET_SessionId=hx1rb34ottgfritgt3rciql4; path=/; secure; HttpOnly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
Date: Fri, 07 Apr 2017 08:06:17 GMT
Content-Length: 16836
This is what I get when I use httpClientResponse.Headers
{
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
Cache-Control: private
Date: Fri, 07 Apr 2017 08:06:17 GMT
Set-Cookie: ASP.NET_SessionId=hx1rb34ottgfritgt3rciql4; path=/; secure; HttpOnly
Server:
}
As you can see header of Content-Encoding: gzip is missing in the response.
Why would this header be missing? Along with others. Give me back my headers!
Found the problem.
The HttpResponseMessage returned by HttpClient methods has two header properties:
HttpResponseMessage.Headers is an HttpResponseHeaders with generic response headers
HttpResponseMessage.Content.Headers is an HttpContentHeaders with content-specific headers like Content-Type
I'm trying my hand at entity group transactions with a very simple request, but keep getting a "400 (one of the request inputs is out of range)" error code in the response. Here's the string-serialized HttpRequestMessage:
Method: POST, RequestUri: 'http://127.0.0.1:10002/$batch?', Version: 1.1, Content: System.Net.Http.StringContent, Headers:
{
x-ms-date: Tue, 21 Oct 2014 18:49:09 GMT
x-ms-version: 2014-02-14
Authorization: SharedKeyLite devstoreaccount1:vdQ+5/Kmw43u+DcqpWCX14n24WG8hsubtTK5pnK1xO8=
Content-Type: multipart/mixed; boundary=batch_f351702c-c8c8-48c6-af2c-91b809c651ce
Content-Length: 212
}
And the string-serialized request content:
--batch_f351702c-c8c8-48c6-af2c-91b809c651ce
Content-Type: application/http
Content-Transfer-Encoding: binary
GET http://127.0.0.1:10002/batchTable() HTTP/1.1
--batch_f351702c-c8c8-48c6-af2c-91b809c651ce--
The response from the server:
StatusCode: 400, ReasonPhrase: 'One of the request inputs is out of range.', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
x-ms-request-id: 43fea847-2226-4dcf-ad62-bdb7cc0af256
Date: Wed, 22 Oct 2014 00:00:06 GMT
Server: Microsoft-HTTPAPI/2.0
Content-Length: 325
Content-Type: application/xml
}
response content:
<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>OutOfRangeInput</m:code><m:message xml:lang="en-US">One of the request inputs is out of range.
RequestId:43fea847-2226-4dcf-ad62-bdb7cc0af256
Time:2014-10-22T00:00:06.3046099Z</m:message></m:error>
Any idea what the problem could be?
Thanks!
Edit: Messing up the authorization header doesn't cause a 403 error, in case that helps.
Edit 2: I also get no error if I try batching a single insert - but the insert also doesn't take place:
Method: POST, RequestUri: 'http://127.0.0.1:10002/devstoreaccount1/$batch?', Version: 1.1, Content: System.Net.Http.StringContent, Headers:
{
Accept: application/atom+xml
x-ms-date: Wed, 22 Oct 2014 16:38:34 GMT
x-ms-version: 2014-02-14
DataServiceVersion: 1.0
MaxDataServiceVersion: 3.0
Authorization: SharedKeyLite devstoreaccount1:Eb4JHmCsuL6aLMTGEWs+gt23zbKjAdYjO12YmeYHjf0=
Content-Type: multipart/mixed; boundary=batch_boundary
Content-Length: 1008
}
Content.ToString():
--batch_boundary
Content-Type: multipart/mixed; boundary="changeset_boundary"
Content-Length: 885
--changeset_boundary
Content-Type: application/http
Content-Transfer-Encoding: binary
POST http://127.0.0.1:10002/devstoreaccount1/batchTable? HTTP/1.1
Content-ID: 1
Content-Type: application/atom+xml;type=entry
Content-Length: 559
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom">
<title />
<updated>2014-10-22T16:38:34.6393109Z</updated>
<author>
<name />
</author>
<id />
<content type="application/xml">
<m:properties>
<d:PartitionKey m:type="Edm.String">foo</d:PartitionKey>
<d:RowKey m:type="Edm.String">foo</d:RowKey>
<d:IntVal m:type="Edm.Int32">1</d:IntVal>
</m:properties>
</content>
</entry>
--changeset_boundary--
--batch_boundary--
The issue was that the URI was http://127.0.0.1:10002/$batch instead of http://127.0.0.1:10002/devstoreaccount1/$batch. sigh
It looks like you are using an older version of Azure Storage Emulator, which does not support 2014-02-14 version. Could you please make sure your Emulator version is at least 3.2? If it is not, please upgrade to the latest version.
I use webapi when i hosted it on localhost and tried to invoke it it works fine but when i hosted it to a domain server it returns: "StatusCode: 404, ReasonPhrase: 'Not Found'"
client.BaseAddress = new Uri("http://xyz.website.com/API");
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.GetAsync("api/Store").Result;
but the result is:
{StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Connection: Keep-Alive
Date: Sun, 07 Sep 2014 14:19:28 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Content-Length: 1245
Content-Type: text/html
}}
i think there is a problem with the prefix name ('xyz') before website.com