getting error on passing values in GetAsync method - asp.net-web-api

i have already defined API which display the full information of student when email and password is provided . But when i want to use that API from another project its not able to pass the values of email and password.
[Route("CallApiGet")]
[HttpGet]
public async Task<IHttpActionResult> CallAPIGET()
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://localhost:44376/");
var GetData = new
{
Email = "abc#gmail.com",
Password = "dhdsi#hc"
};
var content = new StringContent(JsonConvert.SerializeObject(GetData), Encoding.UTF8, "application/json");
using (HttpResponseMessage response = await client.GetAsync("api/CustomerController",content))
{
var responseContent = response.Content.ReadAsStringAsync().Result;
response.EnsureSuccessStatusCode();
return Ok(responseContent);
}
}
}
I have tried passing the value of email and password in variable content but getting error.

A httpget has no body ( content ) so if you use a get then you should use query parameters.
The get URL should be more like:
ApiUrl/controller?email=xxxx&password=yyyy
Your endpoint presumably has these as parameters.
Having said that, a httpget is no secure. It's just a plain string with a password in it.
I suggest you consider changing this endpoint to a post and then you can send parameters in the body. Assuming this is Https they will then be encrypted and rather more secure.

Related

HttpClient always do Basic Authentication check after provide an authorization header?

The web api control, UserControl, has two methods, RetrieveUserID which needs Basic Authorization check
[HttpGet]
[Route("RetrieveUserID/{strUsername}")]
[Authorize]
public string RetrieveUserID(string strUsername)
{
//retrieve userID and return it
......
return strUserID;
}
Another method, FailAuthenticationReason, is used if fail to retrieve userID, it returns the detail fail info such as wrong username, wrong password, account is locked out, etc. which doesn't need to do any authentication check
[HttpGet]
[Route("FailAuthenticationReason/{strUsername}")]
public string FailAuthenticationReason(string strUsername)
{
//retrieve detail failed reason
......
return strFailedReason;
}//End of
It works well when I use a browser to check them. But when I use it in my app, after I provide the authorization header and fail to retrieve userID because of incorrect username and/or password, it also do the authorization check when it call FailAuthenticationReason
var authData = string.Format("{0}:{1}", entUsername.Text,entPassword.Text);
var authHeaderValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(authData));
App.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authHeaderValue);
var uri = new Uri(string.Format(App.strWebAPIURI + "/RetrieveUserID/{0}", entUsername.Text));
try
{
var response = await App.httpClient.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
......
}
else
{
//Fail to pass authorization
uri = new Uri(string.Format(App.strWebAPIURI + "/FailAuthenticationReason/{0}", entUsername.Text));
response = await App.httpClient.GetAsync(uri);
......
}
How can the program call FailAuthenticationReason without the authorization check?

Generate Access Token In Web Api action method using OWIN and IIS host

I'm trying to generate a token inside Web Api action method based on the code below:
private JObject GeneratePaymentTokenResponse(string email, bool rememberMe)
{
//var tokenExpiration = rememberMe ? TimeSpan.FromDays(14) : TimeSpan.FromMinutes(30);
var tokenExpiration = rememberMe ? TimeSpan.FromMinutes(30) : TimeSpan.FromMinutes(5);
ClaimsIdentity identity = new ClaimsIdentity("CustomType", ClaimTypes.Email, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.Email, email));
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration)
};
var ticket = new AuthenticationTicket(identity, props);
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
JObject tokenResponse = new JObject(
new JProperty("email", email),
new JProperty("customToken", accessToken),
new JProperty("expiresIn", tokenExpiration.TotalSeconds),
new JProperty("issuedUtc", ticket.Properties.IssuedUtc),
new JProperty("expiresUtc", ticket.Properties.ExpiresUtc)
);
return tokenResponse;
}
The OAuthBeaerOptions object is coming from the Startup class as the below:
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
// Token Consumption (Resource Server)
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
Now when I try to pass a valid access token but has been expired and call AccessTokenFormat.Unprotect as the code below
Microsoft.Owin.Security.AuthenticationTicket ticket = Startup.OAuthBearerOptions.AccessTokenFormat.Unprotect(paymentToken);
if ((ticket == null) || (!ticket.Identity.IsAuthenticated))
{
actionContext.Response = CreateForbiddenResponse(actionContext);
return Task.FromResult<object>(null);
}
I'm receiving a valid ticket and the value of ticket.Identity.IsAuthenticated is true even that token is expired.
Currently I'm using the latest version (3.0.1) of Microsoft.Owin.Security assembly
I would appreciate any clue on how to set the expiry date for this token?
I'm receiving a valid ticket and the value of ticket.Identity.IsAuthenticated is true even that token is expired.
That's totally intended: Unprotect will return a ticket with a valid ClaimsIdentity even if it is expired. Since ClaimsIdentity.IsAuthenticated only ensures the ClaimsIdentity.AuthenticationType property is not null, it's not a reliable way to ensure the ticket is not expired.
Actually, it's up to you to determine whether the ticket is still valid and return an error if necessary (which is exactly what the bearer middleware does internally when receiving an access token: https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.OAuth/OAuthBearerAuthenticationHandler.cs#L68-L73)
if (ticket.Properties.ExpiresUtc.HasValue &&
ticket.Properties.ExpiresUtc.Value < DateTimeOffset.Now)
{
return Task.FromResult<object>(null);
}

How to create HttpResponseMessage in a non-APIController

I have a service layer called GatewayService which calls another WebApi to get the product information and manipulate the Inventory in the response and return the same response to the caller.
Here is the code I have. The problem that I have is, I can't use Request.CreateResponse(...) which will give me a compilation error because GatewayService does not inherit ApiController.
Is there a way to update the response and return as HttpResponseMessage?
public class GatewayService
{
// Code Removed for bravity
public HttpResponseMessage Get(SingleProductSearcRequest request)
{
var response = productServiceWebApi.Get(request); // Returns HttpResponseMessage
var p = response.Content.ReadAsAsync<JObject>().Result;
p["Inventory"] = "Not Available";
return Request.CreateResponse(p); // COMPILER ERROR!!!
}
}
Request.CreateResponse() is just an extension method for HttpRequest. You can manually construct an HttpResponseMessage as well as give it content by doing something like:
var p = response.Content.ReadAsAsync<JObject>().Result;
HttpResponseMessage message = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
message.Content = new ObjectContent(p);
You can transfer headers and other information over as well, if necessary. Depending on the need, there's also StringContent, etc.

Post Binary array to Web API Controller

I am trying to POST form data which consists of few string variable and binary array.
Below is the Model for the form data.
public class FileModel
{
public string Path { get; set; }
public byte[] File { get; set; }
}
Below is my Web API Controller.
[Route("")]
public IHttpActionResult Post([FromBody]FileModel media)
{
// Can I use ??
byte[] requestFile = media.File;
string requestFilePath = media.Path;
//Process the above variables
return Ok();
}
I would like to know Can I use the following code to de-serialize the following code snippet to to read the values from the JSON payload including the binary data?
byte[] requestFile = media.File;
string requestFilePath = media.Path;
If Yes, Do I need to define any formatter class to get it working?
I normally use POSTMAN to test my RESTful endpoints.
Is it possible to use POSTMAN still to POST binary array? May be not need to write my own client
You'll need to use a serializer to serialize complex objects (multiple fields) as content for a Http Request.
For your code snippet to read the object from the content you can use this:
var requestContent = Request.Content.ReadAsAsync<FileModel>(GetJsonSerializer()).Result;
Here's the serializer boilerplate code.
private JsonMediaTypeFormatter GetJsonSerializer()
{
JsonSerializerSettings settings = new JsonSerializerSettings()
{
PreserveReferencesHandling = Newtonsoft.Json.PreserveReferencesHandling.All,
TypeNameHandling = Newtonsoft.Json.TypeNameHandling.All
};
return new JsonMediaTypeFormatter() { SerializerSettings = settings };
}
I'm not sure how to use POSTMAN to test this. A simple .net client would be:
var Client = new HttpClient();
Client.BaseAddress = new Uri("localhost"); //whatever your endpoint is
FileModel objectToSend = new FileModel();
var objectContent = new ObjectContent<FileModel>(objectToSend, GetJsonSerializer() );
var response = Client.PostAsync("uri", objectContent);
You are able to use POSTMAN to test binary file input. Selecting the body tab, you can then pick the radio button "binary" and then choose file.

Posting to Web Api parameters are null

I have a jquery method which looks like this:
$.post("/api/amazon/signature", { "policy": policy }, function (data) {
console.log(data);
});
the api method looks like this~:
// POST api/amazon/signature
[HttpPost]
[Route("api/amazon/signature")]
public IHttpActionResult GetSignature([FromBody]string policy)
{
var bKey = Encoding.ASCII.GetBytes(ConfigurationManager.AppSettings["AWSSecretKey"]);
var hmacSha1 = new HMACSHA1(bKey);
var bPolicy = Encoding.ASCII.GetBytes(policy);
var hash = hmacSha1.ComputeHash(bPolicy);
var encoded = Convert.ToBase64String(hash);
return Ok(encoded);
}
but when I run this code policy is always null!
If I change my method to this:
public class Signature
{
public string Policy { get; set; }
}
// POST api/amazon/signature
[HttpPost]
[Route("api/amazon/signature")]
public IHttpActionResult GetSignature([FromBody]Signature model)
{
var bKey = Encoding.ASCII.GetBytes(ConfigurationManager.AppSettings["AWSSecretKey"]);
var hmacSha1 = new HMACSHA1(bKey);
var bPolicy = Encoding.ASCII.GetBytes(model.Policy);
var hash = hmacSha1.ComputeHash(bPolicy);
var encoded = Convert.ToBase64String(hash);
return Ok(encoded);
}
and modify my jquery to this:
$.post("/api/amazon/signature", { "Policy": policy }, function (data) {
console.log(data);
});
it works fine....
Can someone tell me why?
ASP.NET Web API binds the request body in its entirety to one parameter (one parameter only and not more). By default, body is bound to a complex type. So, when you change the parameter type to Policy which is a complex type, you don't need to actually specify FromBody. Also binding works correctly now because you are sending JSON Object which looks something like this { "policy": policy }. Web API has no trouble in binding JSON object to your complex type.
When it comes to a simple type, string in your case, you must specify FromBody, since by default Web API binds from URI path and query string. In that case however, you cannot send a JSON Object. Web API is going to bind the entire body to that parameter, which is string. So, the request body must be just a string like this - "ABC123" and not a JSON object. If you send just "ABC123" (including the quotes) in the request body, your string parameter will be populated with ABC123.

Resources