We Keep Coding

400 Bad Request in MVC C# Web App but not Postman

I have the following method that I've been working on for hours now and am not able to PUT my updates to an external Ellucian Ethos API.
public async Task<string> UpdatePersonH11()
{
var token = await GetAccessTokenAsync("TokenApi", "value");
var guid = await GetPersonGUID(token);
Uri personsURI = new Uri(string.Format("https://URLtoAPI" + guid));
H11Model h11Data = new H11Model
{
h11 = new h11
{
extendedPersonUser2 = "2021/FA",
extendedPersonUser3 = "OUT",
extendedPersonUser4 = DateTime.Now.ToShortDateString()
}
};
using (var client = new HttpClient())
{
client.BaseAddress = personsURI;
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Add("Accept", "application/vnd.hedtech.integration.v12+json");
client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, br");
client.DefaultRequestHeaders.Add("Connection", "keep-alive");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");
var responseString = "";
var content = JsonSerializer.Serialize(h11Data);
**using (HttpResponseMessage response = await client.PutAsJsonAsync(personsURI, content))** Debugger stops here and gives me a 400 Bad Request
{
if (response.IsSuccessStatusCode)
{
responseString = await response.Content.ReadAsStringAsync();
}
else
{
log.Debug("Error in response." + response);
return "";
}
return responseString;
}
}
}
This is the json that Json is serializing for the variable content to send through PutAsJsonAsync.
{
"h11":
{
"extendedPersonUser2":"2021/FA",
"extendedPersonUser3":"OUT",
"extendedPersonUser4":"8/5/2021",
}
}
H11 Model
public class H11Model
{
[JsonProperty("h11")]
public h11 h11 { get; set; }
}
public class h11
{
[JsonProperty("extendedPersonUser2")]
public string extendedPersonUser2 { get; set; }
[JsonProperty("extendedPersonUser3")]
public string extendedPersonUser3 { get; set; }
[JsonProperty("extendedPersonUser4")]
public string extendedPersonUser4 { get; set; }
[JsonProperty("extendedPersonUser5")]
public string extendedPersonUser5 { get; set; }
[JsonProperty("extendedPersonUser6")]
public string extendedPersonUser6 { get; set; }
[JsonProperty("extendedPersonUser7")]
public string extendedPersonUser7 { get; set; }
[JsonProperty("extendedPersonUser8")]
public string extendedPersonUser8 { get; set; }
[JsonProperty("extendedPersonUser9")]
public string extendedPersonUser9 { get; set; }
[JsonProperty("extendedPersonUser10")]
public string extendedPersonUser10 { get; set; }
}
I've read that PutAsJsonAsync does not need the content serialized first, but when I comment out var content = JsonSerializer.Serialize(h11Data); I get a 406 Not Acceptable error, that leads me to believe that I do need to serialize the content first.
This is the request message I get back from the debugger:
{
Method: PUT,
RequestUri: 'API URI',
Version: 1.1,
Content: System.Net.Http.ObjectContent`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=token]],
Headers:
{
Authorization: Bearer 'token is here'
Accept: application/vnd.hedtech.integration.v12+json
Content-Type: application/json; charset=utf-8
Content-Length: 293
}
}
This is the response message:
{
StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Connection: keep-alive
pragma: no-cache
hedtech-ethos-integration-application-id: GUID
hedtech-ethos-integration-application-name: Colleague
vary: origin
access-control-expose-headers: x-max-page-size,x-media-type,x-total-count,x-content-restricted,hedtech-ethos-integration-application-id,hedtech-ethos-integration-application-name,hedtech-ethos-integration-proxy-generated
Cache-Control: no-cache
Date: Fri, 06 Aug 2021 13:41:56 GMT
Server: Microsoft-IIS/10.0
Content-Length: 447
Content-Type: text/plain; charset=utf-8
Expires: -1
}
}
If anyone can help point me in the right direction, I would really appreciate it. I haven't used APIs this way before, so this is new territory for me and I am stumped on this.
EDIT: Final code (snippet) that works:
H11Model h11Data = new H11Model
{
h11 = new h11
{
extendedPersonUser5 = "OUT", // fall term
extendedPersonUser6 = DateTime.Now.ToShortDateString()
}
};
using (var client = new HttpClient())
{
client.BaseAddress = personsURI;
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Add("Accept", "application/vnd.hedtech.integration.v12+json");
client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, br");
client.DefaultRequestHeaders.Add("Connection", "keep-alive");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");
var responseString = "";
//var content = JsonSerializer.Serialize(h11Data);
using (HttpResponseMessage response = await client.PutAsJsonAsync(personsURI, h11Data))
{
if (response.IsSuccessStatusCode)
{
try
{
responseString = await response.Content.ReadAsStringAsync();
}
catch (NotSupportedException ex) // When content type is not valid
{
log.Debug("The content type is not supported.", ex);
}
catch (JsonException ex) // Invalid JSON
{
log.Debug("Invalid JSON.", ex);
}
}
else
{
log.Debug("Error in response." + response);
return "";
}
return responseString;
}
}

If the service does not override the meaning of the HTTP codes and uses them as described in RFC then
406 Not Acceptable
The 406 (Not Acceptable) status code indicates that the target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request (Section 5.3), and the server is unwilling to supply a default representation.
Simply put, the value of Accept, Accept-Encoding, Accept-Charset or Accept-Language HTTP header is invalid or not defined as service expects.
In the described case, there are at least two such headers set through HttpClient.DefaultRequestHeaders collection. Their values need to be compared with the service documentation. And it is important to note that in the general case the Accept-Encoding header should be set via HttpClientHandler.AutomaticDecompression property instead of DefaultRequestHeaders collection, otherwise it will be ignored.
400 Bad Request
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).
For example, service expects { "h11": { "extendedPersonUser2": ... JSON object; but instead of it, service receives "{ \"h11\": { \"extendedPersonUser2\": ... and cannot deserialize it.
As it was already mentioned in comments, there is a difference between PutAsJsonAsync extension method and HttpClient.PutAsync method with StringContent. The first one sends a PUT request to the specified Uri containing the value serialized as JSON in the request body. The PutAsync method sends raw content as it is defined by content argument.
So, the code from example
string content = JsonSerializer.Serialize(h11Data);
... = await client.PutAsJsonAsync(personsURI, content);
uses PutAsJsonAsync and sends JSON string additionally serialized to JSON. As result service receives the following content "{ \"h11\": { \"extendedPersonUser2\": ....
Usually, when PutAsJsonAsync extension method is used, the additional JSON serialization is not needed. Content object can be passed directly to PutAsJsonAsync extension method.
... = await client.PutAsJsonAsync(personsURI, h11Data);
In such case the request will be sent as { "h11": { "extendedPersonUser2": ....
There are multiple PutAsJsonAsync extension method overloads that also accept JsonSerializerOptions to customize JSON serialization. And it's important to note that PutAsJsonAsync internally use HttpClient.PutAsync method with StringContent to send the request.

Service Stack - Trying to create a POST function and read the JSON data

I'm just trying to create a simple POST function that let's me POST a JSON. I've tried to copy examples but I'm not sure what I'm doing differently. Any help would be appreciated, I feel like it's something simple that I'm missing.
What I'm trying to post:
POST Address: http://localhost:49653/save/file
Headers:
Content-Type: application/json
Raw Body:
{
uuid: "someUuid",
fileName: "test",
dateTime: "dateee",
json: "some json"
}
namespace SomeNamespace.Model
{
[Route("/save/file", "POST")]
public class SaveFileRequest
{
public Stream RequestStream { get; set; }
}
public class SaveFileResponse
{
public bool Success { get; set; }
}
}
namespace SomeNamespace.ServiceInterface
{
[EnableCors(allowedMethods:"POST")]
public class SaveFileService : Service
{
public object Any(SaveFileRequest request)
{
var response = new SaveFileResponse { Success = false };
string savedataJson;
using (var reader = new StreamReader(Request.InputStream))
{
savedataJson = reader.ReadToEnd();
}
try
{
Console.WriteLine(savedataJson); // When I debug, the contents are ""
}
catch(Exception ex) {...}
}
}
}
}

Your SaveFileRequest Request DTO needs to implement IRequiresRequestStream.
Here are the docs for reading directly from the request stream:
Reading directly from the Request Stream
Instead of registering a custom binder you can skip the serialization of the request DTO, you can add the IRequiresRequestStream interface to directly retrieve the stream without populating the request DTO.
//Request DTO
public class RawBytes : IRequiresRequestStream
{
/// <summary>
/// The raw Http Request Input Stream
/// </summary>
Stream RequestStream { get; set; }
}
Which tells ServiceStack to skip trying to deserialize the request so you can read in the raw HTTP Request body yourself, e.g:
public object Post(RawBytes request)
{
byte[] bytes = request.RequestStream.ReadFully();
string text = bytes.FromUtf8Bytes(); //if text was sent
}

ASP.Net Web API Http routing and non JSON responses

I want to mimic behaviour of existing web service. Here is a very simplified example showing what I want to achieve.
I use ASP.Net Web API routing: it's quite simple to configure routes with it.
Requirements, part 1: query:
GET whatever.../Person/1
shall return JSON:
Content-Type: application/json; charset=utf-8
{"id":1,"name":"Mike"}
That's piece of cake:
public class Person
{
public int ID { get; set; }
public string Name { get; set; }
}
// In ApiController
[HttpGet]
[Route("Person/{id}")]
public Person GetPerson(int id)
{
return new Person
{
ID = id,
Name = "Mike"
};
}
Requirements, part 2: query:
GET whatever.../Person/1?callback=functionName
shall return javascript:
Content-Type: text/plain; charset=utf-8
functionName({"id":1,"name":"Mike"});
Any ideas how to achieve this (part 2)?

The ApiController would need to be modified to satisfy the desired behavior
Simple example based on provided code
//GET whatever.../Person/1
//GET whatever.../Person/1?callback=functionName
[HttpGet]
[Route("Person/{id:int}")]
public IHttpActionResult GetPerson(int id, string callback = null) {
var person = new Person {
ID = id,
Name = "Mike"
};
if (callback == null) {
return Ok(person); // {"id":1,"name":"Mike"}
}
var response = new HttpResponseMessage(HttpStatusCode.OK);
var json = JsonConvert.SerializeObject(person);
//functionName({"id":1,"name":"Mike"});
var javascript = string.Format("{0}({1});", callback, json);
response.Content = new StringContent(javascript, Encoding.UTF8, "text/plain");
return ResponseMessage(response);
}
Of course you would need to do proper validation on the call back as this currently open up the API for script injection.

aspnet webapi 2 response payload not displayed for HttpStatusCode.Unauthorized

I have an ActionFilterAttribute that overrides the OnActionExecuting. If the user isn't authenticated I want to return and 401 Unauthorized status and a JSON object of type Response with a custom message and other properties
public class Response
{
public Boolean Error { get; set; }
public IList<string> Messages { get; set; }
public object Data { get; set; }
}
That's what I did:
public override void OnActionExecuting(HttpActionContext actionContext)
{
//some code here
var response = new Response();
response.AddMessage(true, Util.Localization.Authentication.Validation_UserNotAuthenticated);
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new ObjectContent(typeof(Response), response, new JsonMediaTypeFormatter())
};
}
When the client makes a request, that's the Response Header (from google chrome developer tools - network):
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 18 Dec 2014 13:19:12 GMT
Content-Length: 83
Well, the JSON with the Response object isn't displayed to the client.
If I only change theHttpStatusCode to OK, the JSON is displayed:
actionContext.Response = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent(typeof(Response), response, new JsonMediaTypeFormatter())
};
Also, if I keep theHttpStatusCode as Unauthorized, but change the Type to string, the text is displayed normally to the client:
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new ObjectContent(typeof(string), "test string", new JsonMediaTypeFormatter())
};
How can I send a custom JSON object when I get a Unauthorized Http status?
Thnaks

I assume you are using the built-in AuthorizeAttribute on your controller to secure your api. I think the reason it's not working is because the AuthorizationFilters (like AuthorizeAttribute) happen earlier in the WebApi pipeline than ActionFilters. See here for details:
https://damienbod.wordpress.com/2014/01/04/web-api-2-using-actionfilterattribute-overrideactionfiltersattribute-and-ioc-injection/
So your code never executes because the AuthorizeAttribute already failed and returned its default response (401 message with no body).
The easiest way to do what you want is to inherit a custom authorization attribute, ex MyAuthorizeAttribute, inheriting from AuthorizeAttribute and changing the way it handles errors. Then just decorate your controllers with [MyAuthorize] instead of [Authorize].
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
var jsonFormatter = new JsonMediaTypeFormatter();
var response = new Response();
response.AddMessage(true, Util.Localization.Authentication.Validation_UserNotAuthenticated);
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "Unauthorized",
Content = new ObjectContent(typeof(Response), response, new JsonMediaTypeFormatter())
};
}
}

HttpResponseMessage content is not getting serialized for BadRequest responses

I have ASP.NET application, with some MVC and WebAPI controllers in there. MVC 5.1 and WebAPI 2.1. There is no tricky configuration at all, the only thing is getting configured is removed XML formatter:
public static class WebApi
{
public static void Configure(HttpConfiguration config)
{
var formatters = config.Formatters;
formatters.Remove(formatters.XmlFormatter);
}
}
There is simple DTO to put data returned from controller action together:
public class TokenResponse
{
public string token { get; set; }
public string token_type { get; set; }
public int expires_in { get; set; }
public string error { get; set; }
}
And the following code:
[NoHttpResponseCaching]
public class TokenController : ApiController
{
public async Task<HttpResponseMessage> PostAsync(HttpRequestMessage request, TokenRequest tokenRequest)
{
try
{
// do some stuff
var response = new TokenResponse { ... };
return request.CreateResponse(HttpStatusCode.OK, response);
}
catch (TokenRequestValidationException ex)
{
_logger.WriteError(ex);
var response = new TokenResponse { error = ex.ErrorToDisplay };
return request.CreateResponse(HttpStatusCode.BadRequest, response);
}
}
}
The problem is that if everything fine, I have my TokenResponse serialized to JSON, as expected, but if there is exception occurring, execution flow is coming into catch block and response body is equal to "Bad Request", this is the RAW dump of response from Fiddler:
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 18 Jun 2014 08:25:53 GMT
Content-Length: 11
Bad Request
Tried to return anonymous object having some random named properties instead of using TokenResponse, getting same response:
return request.CreateResponse(HttpStatusCode.BadRequest, new {klhjaoiubf = "kjhaflkjh"});
And I'm stuck at this point trying to understand why I'm not getting my object serialized in response body and how to change it. Anyone, any ideas, why my object is getting ignored when response code is BadRequest?