WebRequest C# 403 Error - c#

Okay so here's what I'm doing.
I'm making a request to a server to pull down a file.
I do this by making a WebRequest to the website the getting the response just as you usually would, although i get a 403 error saying i don't have permissions.
Problem is when i plug the URL into Google Chrome I get redirected and the file i requested comes down. I've tried the URL on other browsers and get the 403 error.
What is Google Chrome doing that allows it to bypass the 403 error? I've tried using the Google Chrome User Agent, but that doesn't help me.
Help


Possibly the web server recognizes the Chrome user agent and allows the file to be downloaded by it, but not by other user agents. Set up your WebRequest to use the same user agent strings and settings as Google Chrome - by default it might be using the IE settings.
Edit: Here's instruction from MSDN about how to set the WebRequest user agent string.
To find out the user agent of any browser, enter this into its address bar:
javascript:prompt('my user agent string is', navigator.userAgent);


The 403 status code indicates the resource you're attempting to reach is Forbidden. As in, don't ask because you're not getting it. This differs from the 401 code in that an Authorization challenge is presented before the server will confirm delivery of the resource.
While this could be programmatic configuration, this might also be explained by access restrictions on the resource as configured through the web server.
Can you verify that the downloaded resource in Google Chrome is the expected resource you're attempting to reach?


Thanks for the help. None of your answers helped me directly, but thanks for trying.
My Program was trying to pull a file off a server. I had figured out how to get around the authentication issues and finding the file on the server while using Chrome. It turns out that their web service is more advanced using user sessions.
Basically I didn't have access to the webservice commands, so all i could do is use the basic http urls to get a predefined response. The files url that i used to get the file of the server was not unique, it was dynamic depending on the webbrowser / the session. I was using the HTTPRequest object to get the HTML file so i could parse it. With the html file i parsed it to find out the dynamic ID of the file (I thought it was unique). Then I'd attach that to the end of a URL. In Chrome I would be redirected and presented with the download prompt. Problem was that I needed the webbrowser object when i wanted to pull down the file. Knowing this i used the webbrowser object to get the file ID, then used the same webbrowser object (Technically same sessions according the webserver) to pull down the file.
It's rather complicated. Basically my program is a little hack that provides functionality that the server is try block.
Hope this assisted you guys in any of your future projects.

Related

How to Indicate Name of Application in HTTP Request using Embedded Browser

Our application uses the Chromium Embedded Framework. We need a way to communicate to our servers within our requests that they are communicating with a Chrome browser embedded in our application. Changing the user agent isn't really an option because some sites do not play well with browsers which are not recognized. I suppose we could get around this by appending the application name to the end of the default Chromium user agent header. Our server could then check to see if the user agent header contains the name of our application. I'm unsure though if some sites will still have an issue recognizing our application with this method. I'm also unsure if there is better way to indicate this, maybe through the use of cookie or setting a custom field on the request header?

YouTube Data V3 API not recognizing localhost url for redirect uri, why?

I am trying to test out the YouTube Data API V3 to Upload a Video to YouTube in C# using the example code supplied.
I am using the OAuth2 method. I have generated a Client ID / Secret successfully.
The issue I am having is that created a standard C# MVC ASP.NET project, and every time I run it it might say for example http://localhost:5151/.
We are on a private network so I usually have to use something like ngrok to receive anything from the outside world being sent directly to my server / machine.
Anyways, where was I? So every time I run my application it says in my url box http://localhost:5151/ but when I attempt to run the code in the sample I provided above, it fails to validate me as a user because they claim that the redirect uri's I have set up in the Google API dashboard are not the same as the url being used.
So for example, in my Google API Dashboard redirect uri list I have http://localhost:5151/. But the google misdirect uri error that comes back claims that I am running on http://localhost:6163/ .
So I think wait, that must be just a fluke. So I run my application again and now in the url it again says what I would assume it should: http://localhost:5151/, but I again get the same google error_mismatch_redirect_uri error but this time with a different port: http://localhost:6621/ !!
I'm not sure what settings are on our servers but it looks like in the background my application is starting up on some random port every time and thus google thinks the redirect uri's dont match! What can I do to fix this? Am I missing something trivial here?
UPDATE:
Tried using http://localhost:8080 per their documentation. Still didn't work.

Wow, after hours of searching I found the answer here: https://stackoverflow.com/a/28794316/7010468. Apparently you have to put http://localhost/authorize/ in your list of redirect-uris...

403 forbidden for some youtube urls

Currently I am developing an app which fetches audio url from a youtube video id.
It is working perfectly for some url and not working at all for some urls.
Even I copied in a browser to play a audio url,One url worked other didnot.
For your information I am using Mytoolkit.Multimedia to fetch audio urls.
For example-
This url works-
https://r13---sn-h557sn7y.googlevideo.com/videoplayback?ipbits=0&mn=sn-h557sn7y&mm=31&pl=24&mime=audio/mp4&id=o-ACVoF4mkT7VFETu-c1pUD-2y3fiDbqhg_AWvjzMh6rLd&gir=yes&mt=1486618643&ms=au&requiressl=yes&ip=103.6.159.152&upn=ck_2dMVCbO0&signature=C65C13CAE27021FA797E07C3C957F2106FA43F0C.542B383152E7D32AD7F5C3C386D7D7E4CCB7C846&lmt=1458210574977365&key=yt6&itag=140&keepalive=yes&sparams=clen,dur,ei,gir,id,initcwndbps,ip,ipbits,itag,keepalive,lmt,mime,mm,mn,ms,mv,pl,requiressl,source,upn,expire&source=youtube&clen=4324664&initcwndbps=551250&ei=SgCcWKXHDM3ioAOdy6PgCA&mv=m&dur=272.230&expire=1486640298
This url does not work-
https://r9---sn-h557sn7r.googlevideo.com/videoplayback?mn=sn-h557sn7r&mm=31&key=yt6&ip=103.6.159.152&sparams=clen,dur,ei,gcr,gir,id,initcwndbps,ip,ipbits,itag,keepalive,lmt,mime,mm,mn,ms,mv,pl,requiressl,source,upn,expire&pl=24&source=youtube&dur=258.089&keepalive=yes&mv=m&gcr=in&ms=au&ei=gQCcWJyTEcS3oAPR3IjoCA&id=o-ACkoY4Axz1oHH7Ncr4llzAWZn8JoIFAtS7HTbve90Xgd&mt=1486618702&gir=yes&upn=PF_MHOBEk38&ipbits=0&mime=audio/mp4&requiressl=yes&clen=4099627&expire=1486640353&itag=140&lmt=1438240696726539&initcwndbps=551250&signature=1CDC7B591477B660AEF655DC5687F750F57C8CFF44.FB05DE5F885A99FFD0DE7B5D75AB2589C40FFF77
Also I noticed,it is not working for those whose parameter ends with signature,
I guess that does not matter.I have re-arranged parameters ,Still same error(http error 403).
Please note-Even links not working google chrome.
Is there any other ways ,where I extract audio from youtube video id.
Thanks

You may find in YouTube Data API - Errors the possible reasons why you encounter Error 403.
Based from the given link, error 403 - forbidden is basically due to a not properly authorized request. Please check and make sure that you set proper authorization or make sure that the permissions associated with the requests are sufficient.

I final built a custom library to fetch data,Problem was not with youtube links,it was with libraries I was using.

How to: Encrypt URL in WebBrowser Controls

I have a program that opens a web browser control and just displays a web page from our server. They can't navigate around or anything.
The users are not allowed to know the credentials required to login, so after some googling on how to log into a server I found this:
http://user_name:password#URL
This is 'hard coded' into the web browsers code. -It works fine.
HOWEVER: Some smart ass managed to grab the credentials by using WireShark which tracks all the packets sent from your machine.
Is there a way I can encrypt this so the users cannot find out?
I've tried other things like using POST but with the way the page was setup, it was proving extremely difficult to get working. -(Its an SSRS Report Manager webpage)
I forgot to include a link to this question: How to encrypt/decrypt the url in C#
^I cannot use this answer as I myself am not allowed to change any of the server setup!
Sorry if this is an awful question, I've tried searching around for the past few days but can't find anything that works.

Perhaps you could work around your issue with a layer of indirection - for example, you could create a simple MVC website that doesn't require any authentication (or indeed, requires some authentication that you fully control) and it is this site that actually makes the request to the SSRS page.
That way you can have full control over how you send authentication, and you need never worry about someone ever getting access to the actual SSRS system. Now if your solution requires the webpage to be interactive then I'm not sure this will work for you, but if it's just a static report, it might be the way to go.
i.e. your flow from the app would be
User logs into your app (or use Windows credentials, etc)
User clicks to request the SSRS page
Your app makes an HTTP request to your MVC application
Your MVC application makes the "real" HTTP request to SSRS (eg via HttpClient, etc) and dumps the result back to the caller (for example,it could write the SSRS response via #HTML.Raw in an MVC View) The credentials for SSRS will therefore never be sent by your app, so you don't need to worry about that problem any more...
Just a thought.
Incidentally, you could take a look here for the various options that SSRS allows for authentication; you may find some method that suits (for e.g Custom authentication) - I know you mentioned you can't change anything on the server so I'm just including it for posterity.

Remote logging into a website and fetching HTML source with WPFs WebBrowser class

I was trying to write a application which logs the user on a specific website after he inputs his account information and then present an specific site in the window which is only accessible after login.
I'm trying to do this with the WebBrowser Class from System.Windows.Controls.WebBrowser
However, even after searching other examples I can't seem to get past the login.
I used HttpFox to analyze the GET and POST data and found out that Cookies Sent are: _utma/b/c/z, clientid, csrftoken and sessionid and received sessionid.
Ok now I know that the _utma cookies are something about google analytics so I think I can ignore them? The csrftoken seems to have the same value always.
Can anyone give me some hints how to make the POST request in c# with the webbrowser class?
Help is very much appreciated, thanks! :)
update1: I already know the general methods I have to use but I'm having problems with the actual implementation. What should I include in the post request and how to get and save the sessionId,... things like that. I couldn't find any working example where someone is logging into some 3rd party website with the help of the WebBrowser class.

You could use WebClient.UploadData method to post data and to receive response from your script

Categories