Get And Use Facebook Access Token Without HTTPS - c#

I have the following url for the first stage. getting code http://www.facebook.com/dialog/oauth?client_id=myappid&redirect_uri=myurl;state=e879888c-7090-4c09-98a5-ff361b30d55;scope=email
and
url = String.Format(#"http://graph.facebook.com/oauth/access_token?client_id={0}&redirect_uri={1}&client_secret={2}&code={3}",FacebookAppId, redirectUrl, FacebookSecret, code);
WebClient webClient = new WebClient();
var tokenVars = webClient.DownloadString(url);
var responseVars = HttpUtility.ParseQueryString(tokenVars);
string access_token = responseVars["access_token"];
string data = webClient.DownloadString(String.Format("http://graph.facebook.com/me?access_token={0}", access_token));
var jobject = JObject.Parse(data);
400 BAD REQUEST is returned.
Question: Is it possible to get facebook access token without connecting by http s ?
Question: Is it possible to use access_token without HTTPS? NOT HTTP

for a secure you must take https,
maybe if you aren't, some bad thing will show, #long process..
i just browse for your issue, and same thing

Related

LinkedIn access token api returns bad request error in c#

I am using linked oauth 2 api to fetch the access token.But I am getting a 400 (BadRequest) response from that api.I am sharing the code below
NameValueCollection parameters = new NameValueCollection();
parameters.Add("grant_type", "authorization_code");
parameters.Add("code", Code);
parameters.Add("redirect_uri", RedirectURL);
parameters.Add("client_id", ClientId);
parameters.Add("client_secret", ClientSecret);
WebClient client = new WebClient();
client.Headers[HttpRequestHeader.ContentType]="application/x-www-form-urlencoded";
var result = client.UploadValues("https://www.linkedin.com/oauth/v2/accessToken", parameters);
Could anyone help me to find what went wrong here. I am passing the correct values for all parameters, got client_id, client_secret from my application and the code I am getting from my initial authorization request.
I am not able to test this scenario in postman since the auth-token request depends on the code generated from the authorization step.
AuthorizationUrl must look like this
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=78y4rii84jcf43&state=E30980C1T666444z&redirect_uri=https://www.testWeb.com
Access Token Url will look like this,
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTTP5DZ68JHRVO2_i9vpie8KBZ3gfgffhjfhjfhjfp88hf3szNauFkUpuvqfyKhjsmO7Bcps4JXUo1EWQay1q1q1MXKsajRWoZ4q-ofmTjJfknaYTk5SO5oHUgfhgfdsgfdgdfdgfsgdgdhgdhgddipkfTIzdkGUSWZkPYS1&client_id=78y4rii465rv084&redirect_uri=https://www.testweb.com&client_secret=1t56E7bLDl2fnVWh
And your Params are missing with
QUESTION_MARK (?) after https://www.linkedin.com/oauth/v2/accessToken
your Grant type param must include grant_type=authorization_code
than & param
than client_id=YourApiKey
than & param
than redirect_uri=YourRedirectUri
than &
than client_secret=YourSecretKey

C# Windows Store App HTTPClient with Basic Authentication leads to 401 "Unauthorized"

I am trying to send a HTTP GET request to a service secured with BASIC authentication and https. If I use the RESTClient Firefox plugin to do so there is no problem. I am defining the basic-header and sending the GET to the url and I am getting the answer (data in json).
Now I am working on a Windows Store App in C# which is meant to consume the service. I enabled all required capabilities in the manifest and wrote the following method:
private async void HttpRequest()
{
string basic = "Basic ...........";
Uri testuri = new Uri(#"https://...Servlet");
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", basic);
Task<HttpResponseMessage> response = client.GetAsync(testuri);
var text = await response;
var message = text.RequestMessage;
}
I tried out many different possibilites like getting the response-string but everything lead to an 401 Status Code answer from the Server.
I looked at many similar problems and my understanding of the communication is the following: Client request -> Server response with 401 -> Client sends Authorization header -> Server response with 200 (OK)
What I don't understand is why I am getting the 401 "Unauthorized" Status Code although I am sending the Authorization header right at the beginning. It would be interesting if someone knows how this is handled in the RESTClient.
The BASIC header is definetly correct I was comparing it with the one in the RESTClient.
It would be great if someone could help me with this.
Thanks in advance and kind regards,
Max
Was having a similar problem, i added a HttpClientHandler to HttpClient.
var httpClientHandler = new HttpClientHandler();
httpClientHandler.Credentials = new System.Net.NetworkCredential("","")
var httpClient = new HttpClient(httpClientHandler);
Credentials should be encoded, before adding to the header. I tested it in WPF app, It works...
string _auth = string.Format("{0}:{1}", "username", "password");
string _enc = Convert.ToBase64String(Encoding.UTF8.GetBytes(_auth));
string _basic = string.Format("{0} {1}", "Basic", _enc);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization",_basic);

what's the proper way to encrypt login credentials in an http request?

If I need to make an HttpRequest to a site that requires login credentials, I can use code similar to the following, but as you can see the username and password are just base64 encoded, which means that if someone were to intercept the http request all they have to do is search for the value associated with the "Authorization" header and they have my login information.
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://...");
request.Headers.Add("Authorization",
string.Format("Basic {0}", Convert.ToBase64String(Encoding.Default.GetBytes(
string.Format("{0}:{1}", username, password)))));
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (Stream s = response.GetResponseStream())
{
using (StreamReader r = new StreamReader(s))
{
DoSomething(r.ReadToEnd());
}
}
}
Is the following code a better alternative or does it also make http requests with the "Basic " Authorization header?
WebClient wc = new WebClient();
wc.Credentials = new NetworkCredential(username, password);
DoSomething(wc.DownloadString("https://..."));
If neither code results in http requests that "hide" the login credentials and if there is actually a way to "hide" them, what's the proper way to do it?
If you're making a webrequest to a server using HTTPS your entire message including headers are encrypted. So there is essentially no need for you to worry about encrypting your data. If you were to open Wireshark and try and sniff the packets, you'd see they are unreadable.
The .NET Framework will take care of the SSL encryption required under the hood based on the URL you're sending requests to.
More information can be found on MSDN: http://msdn.microsoft.com/en-us/library/ds8bxk2a.aspx
Both of these will use HTTP Basic Access Authentication, but being as you appear to be using HTTPS you won't have to worry about this as the entire request will be encrypted anyway.
I would recommend using WebClient not considering that it part of encryption i just think it a lot more cleaner approach and if you really care about login credentials you can use
SecureString testString = new SecureString();
http://blogs.msdn.com/b/fpintos/archive/2009/06/12/how-to-properly-convert-securestring-to-string.aspx
;

URI Update Request

From my C# console application, I want to issue an Uri update request. Like the following:
http://username:password#dynupdate.no-ip.com/nic/update?hostname=mytest.testdomain.com&myip=1.2.3.4
I have tried the following:
string url = "http://username:password#dynupdate.no-ip.com/nic/update? hostname=mytest.testdomain.com&myip=1.2.3.4";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Timeout = 5000;
But, I am getting, Invalid URI: The format of the URI could not be determined. error.
Any idea, where I went wrong? I type the full url as shown above into a web browser and it works as expected but through the C# application, it throws an exception.
Is there any other way to implement this?
You need to create and add some credentials to the request and then access the URI without passing in the username/password.
For more information : How to: Request Data Using the WebRequest Class (Specifically the section regarding credentials)
For example;
var uri = new Uri("http://somesite.com/something");
var request = WebRequest.Create(uri) as HttpWebRequest;
request.Credentials = new NetworkCredential("myUserName","myPassword");
request.PreAuthenticate = true;
Just have look at this web page. Is this what you are referring to?
http://www.no-ip.com/integrate/request/
I think you need to use the url as
http://dynupdate.no-ip.com/nic/update
and then send the credentials as mentioned by ChrisBint. And you need to set the preference to base64 ...if there is a provision for that
+ some headers like UserAgent as mentioned in the article.
Encode the URL argument, check the below example
string url = "http://www.stackoverflow.com?question=" + HttpUtility.UrlEncode("a sentence with spaces");
WebRequest r = WebRequest.Create(url);

Issues retrieving facebook social plugin comments for page, C# HttpWebRequest class

I'm hoping I've done something knuckle-headed here and there is an easy answer. I'm simply trying to retrieve the list of comments for a page on my site. I use the social plug-in and then retrieve the comment id via the edge event. Server side I send the page id back and do a simple request using a HttpWebRequest. Worked well back in October, but now I get an 'internal error' response from FB. I can use the same url string put it into a browser and get the comments back in the browser in json.
StringBuilder url = new StringBuilder();
url.Append("https://graph.facebook.com/comments/?ids=" + comment.page);
string requestString = url.ToString();
HttpWebRequest request = WebRequest.Create(requestString) as HttpWebRequest;
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
Ideas? Thanks much in advance.
Since you're using the Facebook C# SDK (per your tag), try:
var url = "{your url}";
var api = new Facebook.FacebookClient(appId,appSec);
dynamic commentsObj = api.Get("/comments/?ids=" + url);
dynamic arrayOfComments = commentsObj[url].data

Categories