I tried to send a cookie to Server. But when it does, it throws a weird exception I can not trace:
Message "The operation identifier is not valid. (Exception from HRESULT: 0x800710DD)" string
StackTrace " at Windows.Web.Http.Filters.HttpBaseProtocolFilter.SendRequestAsync(HttpRequestMessage request)\r\n at System.Net.Http.HttpHandlerToFilter.<SendAsync>d__1.MoveNext()" string
The line where the exception is thrown:
Request.BeginGetResponse( new AsyncCallback( GetResponseCallback ) , Request );
At the beginning I've never thought it was a cookie issue until I commented out this line:
WCRequest.CookieContainer = WBackgroundTransfer.Cookies;
The exception is gone if the line above is commented. So I tried another approach:
CookieContainer CC = new CookieContainer();
CC.Add( new Cookie( "aa", "bb" ) );
WCRequest.CookieContainer = CC;
The above line does not throw any exception. Then I proceed to modify my code:
CookieContainer CC = new CookieContainer();
foreach( Cookie C in WBackgroundTransfer.Cookies.GetCookies( ReqURI ) )
{
CC.Add( new Cookie( C.Name, C.Value, C.Path, C.Domain ) );
}
WCRequest.CookieContainer = CC;
And the exception is back!
Then I tried to modify the code again:
WCRequest.Headers[ HttpRequestHeader.Cookie ] = WBackgroundTransfer.Cookies.GetCookieHeader( ReqUri );
The exception still persist. The I modify the code to:
WCRequest.Headers[ HttpRequestHeader.Cookie ] = "ab=cd";
This works!
So I think some of the cookie is causing this issue. I proceed to compare the server response.
The exact cookie I am sending to server is:
PHPSESSID=j0g94fgvum0flhlop5868gjkklc5bh1v
When I send the above cookie to server, the response is:
HTTP/1.1 200 OK
Date: Fri, 06 Nov 2015 16:51:13 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd4e3badd19f3f67e86fe1431b7fe895a1446828673; expires=Sat, 05-Nov-16 16:51:13 GMT; path=/; domain=.example.com; HttpOnly
Set-Cookie: PHPSESSID=j0g94fgvum0flhlop5868gjkklc5bh1v; path=/; HttpOnly
Vary: Accept-Encoding
Server: nginx
CF-RAY: 24124d464d493439-HKG
When I send a random, irrelevant cookie, or not give any cookie to the sever:
HTTP/1.1 200 OK
Date: Fri, 06 Nov 2015 16:53:24 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d0a29df98a2984c4f5c4b2ddbc900fde01446828804; expires=Sat, 05-Nov-16 16:53:24 GMT; path=/; domain=.example.com; HttpOnly
Vary: Accept-Encoding
Server: nginx
CF-RAY: 2412507ad4c6330d-HKG
The only difference of the two request is this line:
Set-Cookie: PHPSESSID=j0g94fgvum0flhlop5868gjkklc5bh1v; path=/; HttpOnly
Which tells me to set the cookie where I sent to it.
This is very frustrating. Is this an API bug? Or am I missing something? I cannot modify the sever behaviour so I am not 100% sure this is the cause.
Any ideas?
Update: This only happens in x64 platform! I am starting to think maybe this is a heisengbug...
Update2: No, this happens on all platforms. I just didn't test it thoroughly:(
Update3: This is hopeless. I am going to try switching to socket to see if it helps
Have you checked this solution: https://stackoverflow.com/a/33863365
You can remove the extra cookies you don't need.
HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
HttpCookieManager cookieManager = filter.CookieManager;
foreach (HttpCookie cookie in cookieManager.GetCookies(uri))
{
cookieManager.DeleteCookie();
}
If anyone comes into this issue. For me it is magically resolved by clearing the generated libraries inside the project. i.e. Remove the following directories:
obj/*
bin/*
Debug/*
ARM/*
Release/*
x64/*
Update 1: I just noticed that the HttpWebRequest is Setting the Cookies internally the sending them automatically. Was it supposed to do that?
Related
I am trying to log into a site programmatically and am failing to retrieve the .AspNetCore.OpenIdConnect.Nonce cookie that seems to be returned and needed later on.
I tried making a simple request similar to the following:
CookieContainer cookies = new CookieContainer();
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = cookies;
HttpClient client = new HttpClient(handler);
var response = client.GetStringAsync(chUrl).Result;
In fiddler, I get a response with something like the following:
set-cookie: .AspNetCore.Correlation.WAefdzW2dGGU2mwufSEa7DgoV2IrRqPAh1KnztquQW=N; expires=Thu, 10 Nov 2022 05:40:54 GMT; path=/signin-oidc; secure; samesite=none; httponly
set-cookie: .AspNetCore.OpenIdConnect.Nonce.AASDhccakwhcsa8923ASca8AefdzW2dGGU2mwufSEa7DgoV2IrRqPAh1KnztquQWsdhkjcsa3=N; expires=Thu, 10 Nov 2022 05:40:54 GMT; path=/signin-oidc; secure; samesite=none; httponly
However I don't seem to see this anywhere in my cookies and it is not being sent later on when it's needed. Any pointers on where I could look to keep track of these .AspNetCore cookies? I also noticed that don't seem to have any key values tied to them.
I'm trying to implement a third party service on my project and i need to do some authentication to consume their API.
To do so i need to execute a POST request on their auth url, the problem is when i execute the request their server sends a response with a 302 and the Location header, now the weird part:
I need to get this location link and read the query string to get the information i need.
I have already tried everything i could think of, even Postman wont work with it.
This is my code:
var client = new RestClient(APIBase + "/portal/rest/oauth2/login");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/x-www-form-urlencoded", $"user={User}&password={Password}&client_id={ClientId}", ParameterType.RequestBody);
var content = client.Execute(request);
This is the response headers i managed to get using curl on the command prompt:
HTTP/1.1 302 Moved Temporarily
Date: Wed, 26 Jul 2017 17:59:32 GMT
Server: Apache-Coyote/1.1
Location: LOCATION-LINK
Content-Length: 0
HTTP/1.1 200 OK
Date: Wed, 26 Jul 2017 17:59:32 GMT
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"20095-1497998126000"
Last-Modified: Tue, 20 Jun 2017 22:35:26 GMT
Content-Type: text/html
Content-Length: 20095
Vary: Accept-Encoding
Is it possible ?
You can disable RestSharp redirects with:
client.FollowRedirects = false;
And then just check that response status code is 302 and read Location header.
For new versions of RestSharp:
var client = new RestClient(new RestClientOptions(url) { FollowRedirects = false });
I was hoping the following code would yield a non-zero value:
var webRequest = (HttpWebRequest) WebRequest.Create(loginUrl);
var webResponse = (HttpWebResponse)webRequest.GetResponse();
Console.WriteLine(webResponse.Cookies.Count);
yet no cookies seem to show up in webRespone.Cookies. I'm positive the cookies are there, as I'm sniffing the data with Fiddler. This is the response I'm getting:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: __Abc=Def; path=/; HttpOnly
PS-ResponseTime: 00:00:00.0624001
PS-Build: 2013-03-19-11-36-59
PS-Node: 02
Date: Tue, 19 Mar 2013 21:14:51 GMT
Content-Length: 57872
Does it have anything to do with the fact the cookie is HttpOnly?
Edit
It's seems I can get them through HttpWebRequest's CookieContainer which is certainly useful if I intend to proceed to a sequence of requests/responses. But why can't I access them the same through the HttpWebResponse.Cookies field, anyway?
Thanks
You're right, you'll need to hand the request an instance of CookieContainer and then reference that instance to see the cookies. Basically, HttpWebResponse does not directly expose cookies on the response that are marked as HttpOnly.
OK, now that I have investigated the code, there are no cookies to speak of when it comes to storing the cookie collection in a CookieContainer, so I would like to divert and use the headers. The only problem is I do not understand how to use them so that I may download the file form the website.
Could someone give me an example of how I would potentially use headers?
Also the code I used for the cookies is as follows, maybe there is a mistake:
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
CookieContainer newCookies = new CookieContainer();
newCookies.Add(response.Cookies);
All I get is this header Headers = {Content-Length: 6292
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 22 Jul 2012 03:12:59 GMT
Set-Cookie: ASP.NET_SessionId=dpub2i550ynjfonuv0o0n4nb; domain=website.co.nz; path=/; HttpOnly
Server: Microsoft-IIS/6.0
X-AspNet-Vers...
The code does not throw an exception. Just as a side not I am using request.Method = "GET";.
That's the result of the .ToString() method which is called when viewing the variable in the debugger. You need to access the members of CookieContainer.
I followed the instruction at http://dev.twitter.com/pages/auth#request-token, and developed a c# class to do the OAuth authorization. I used the parameters on the page, and the output signature base string and signature match that on the page. So I think the algorithm part is correct. Then I replaced the parameters with the ones in my twitter application, but I failed to acquire the request token from Twitter service. And the response data is "Failed to validate oauth signature and token".
Here's the request I send (I used http, instead of https for debug):
POST http://api.twitter.com/oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11", oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272323042", oauth_version="1.0", oauth_signagure="IP%2FEEoc4tKdiobM%2FKH5cPK69cJM%3D"
Host: api.twitter.com
Proxy-Connection: Keep-Alive
And here's the response:
HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
Connection: Proxy-Support
Content-Length: 44
Via: 1.1 APS-PRXY-09
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Date: Fri, 08 Apr 2011 05:47:20 GMT
Content-Type: text/html; charset=utf-8
Server: hi
Proxy-Support: Session-Based-Authentication
Status: 401 Unauthorized
X-Transaction: 1302241640-40339-46793
Last-Modified: Fri, 08 Apr 2011 05:47:20 GMT
X-Runtime: 0.01519
Pragma: no-cache
X-Revision: DEV
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=207.46.55.29.1302241640766556; path=/; expires=Fri, 15-Apr-11 05:47:20 GMT; domain=.twitter.com
Set-Cookie: guest_id=13022416407746962; path=/; expires=Sun, 08 May 2011 05:47:20 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEiBpjMvAToHaWQiJWMzMTViOGZiNDkzMDRi%250ANjNhMmQwYmVkZDBhNTc2NTc4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--177afd5c0f6fe30005ab9a9412e6f85ab03cbfa7; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Failed to validate oauth signature and token
This is how I generate the normalized parameters:
string.Join("&", (from d in this.BuildParameterDict()
select string.Format("{0}={1}", OAuthEncoding.Encode(d.Key), OAuthEncoding.Encode(d.Value))))
The BuildParameterDict method will sorted build a list with: parameters from query string; parameters from body; parameters sepcific to 'oauth', except the 'oauth_signature'.
Then the signature base string is generated by:
StringBuilder sb = new StringBuilder();
sb.Append(OAuthEncoding.Encode(this._request.Method));
sb.Append('&');
sb.Append(OAuthEncoding.Encode(this.GetNormalUri()));
sb.Append('&');
sb.Append(OAuthEncoding.Encode(this.GetNormalParameters()));
This is the generated base string with parameters from the above page:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
which is identical to the string on that page.
Your oauth signature is listed as "oauth_signagure" in your request.
oAuth parameters has to be sorted before sending, but signature has to be at the end of the authorization request.(9.1.1 in http://oauth.net/core/1.0/#anchor14)
You may also need to specify a realm="/oauth/request_token". It's optional, but as I remember correctly Twitter wants this one for a request token.
If you can add your code we might find what's going on, as you might not be building your request and key for signature hashing correctly.