Web API call giving "InvalidAuthorizationHeader" - asp.net-web-api

I am trying to connect to an OData API using Advanced REST Client.
The Login is successful and I receive a SecurityToken which I use in the following GET request:
accept: application/json
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36
Content-Type: application/json
authorization: Basic <security-token>
Even though I am using the security token I received from the Login, I am receiving a message that says "The HTTP authorization header is not formatted correctly." and I also receive an "Authorization required" prompt in Advanced REST Client (ARC).
Can anyone tell me what is wrong with the Authorization header or how I can format it correctly?

Something wrong with your token.
please show your login result.
In addition, My be It is because of authorization type that you use 'basic'.
Use 'Bearer' with authorization token:
authorization: Bearer ....

Related

Validating g-captcha-response parameter

I have this form where there is an implemented Google Captcha. I don't understand why I can submit multiple POST request using the same g-recaptcha-response and without it. Is it intended to work that way?
POST /dev-test/form.php HTTP/1.1
Host:.com
Content-Length: 606
Cache-Control: max-age=0
Sec-Ch-Ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
Sec-Ch-Ua-Mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: https://sample.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://sample.com/dev-test/form.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
client_id=077&first_name=captcha-bypass-2nd-attempt&last_name=bypass-captcha-2nd-attempt&consent=true&g-recaptcha-response=
You can send as many request as you want to Google... The same way you can send unlimited mail parcel to an address, there's no mechanism to stop you from sending HTTP request to an address.
Once google receives your request, their servers will process your request and give it a score. It's your responsibility as a developer to go and get that score from google to check if a legitimate user is trying to access the site.
You will need to do that verification on the server side code of your application.
You can learn more on how google wants you to check the score at: https://developers.google.com/recaptcha/docs/verify

How to parse formData request in laravel

I have fetch api call from Vue js code which sends form-data to laravel backend
I am posting request. Please suggest how to parse this using laravel request?
POST /acapp/public/api/createmember HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,mr-IN;q=0.8,mr;q=0.7,ur-PK;q=0.6,ur;q=0.5,hi-IN;q=0.4,hi;q=0.3
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 142
Content-Type: application/json
Host: localhost
Mimetype: multipart/form-data
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Postman-Token: cd1ca586-560b-fdf7-3fd6-afe2f457d676
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
------WebKitFormBoundaryoMWbAbNZyySY3vCB
Content-Disposition: form-data; name="dob"
45345345
------WebKitFormBoundaryoMWbAbNZyySY3vCB--
You don't need to parse the request. The HTTP-Request Stack of Laravel will do it automatically and call your action you defined for that url.
https://laravel.com/docs/5.7/requests
Here is a good example how to get informations from your request. So you don't have to think about that. In the documentation you can find a part how to write VUE components.
https://laravel.com/docs/5.7/frontend
i think that could help you.

Laravel api passport Unauthorized 401

I have created a multi auth system for Laravel and I can log in and protecting the routes (with web and admin) defined in web.php is working fine. Now I also want to do the same for the api calls in api.php. For this purpose, I have installed Passport, changed my auth.php file to passport for api, attached the token in Kernel.php and in my axios request I attach xsrf and XMLHttpRequest. But when I execute my api call I get all the time 401 Unauthorized. I have taken a look in my headers and see a laravel_token and X-XSRF-TOKEN, so I am puzzled why it is not working.. Does anybody have any idea? Thanks!
Header looks like:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: undefined
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI....
DNT: 1
Host: 127.0.0.1:8000
Referer: http://127.0.0.1:8000/availability/calendar
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Mobile Safari/537.36
X-CSRF-TOKEN: 4SUDy8IJigeEBftGjTVgat7cqPSGnncA0zuSiEeI
X-Requested-With: XMLHttpRequest
X-XSRF-TOKEN: dsfjkdsfsdj.....
In my api.php:
Route::post('/userStuff', 'MyController#userstuff')
->middleware('auth:api');
And my axios request:
axios.get("/api/userStuff").then(({data}) => {
console.log(data);
});

Google Cast Widevine PSSH

I'm using official custom receiver from Github and I'm trying to play MPEG-DASH Widevine protected video stream. Receiver is running on Nexus Player 5.1.1. I'm correctly setting customData and licence server url. The problem is that player (DRM component) is not correctly generating needed data for POST request to the licence server. This data should be generated with data from PSSH box and include information about DRM client and more. Below is the almost empty POST request (omitted some CORS specific headers) with request body containing only two bytes (08 04)
POST XYZ HTTP/1.1
Host: XYZ
Connection: keep-alive
Content-Length: 2
Origin: ABC
User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; Nexus Player Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.75 Safari/537.36 CrKey/1.13.31432
content-type: text/xml;charset=utf-8
Accept: */*
Referer: http://ABC/ftp-custom/CastMediaPlayerStreamingDRM/mpl.html
Accept-Encoding: gzip, deflate
Accept-Language: en-GB
CAST-DEVICE-CAPABILITIES: {"display_supported":true}
..
The correct request body (on Windows / Chrome) should look like this (ommited "non-human readable" content within request body)
POST XYZ HTTP/1.1
Host: XYZ
Connection: keep-alive
Content-Length: 1763
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Origin: http://shaka-player-demo.appspot.com
Accept: */*
Referer: http://shaka-player-demo.appspot.com/
Accept-Encoding: gzip, deflate
Accept-Language: cs,en;q=0.8
ChromeCDM-Windows-x86
architecture_name x86-32
company_name Google
model_name ChromeCDM
platform_name Windows2
Thank you for any how to make this working correctly.

Exchange 2003 OWA galfind only returning HTML response

I've got a routine that queries galfind and for most situations it returns the expected XML response after issuing a basic GET. I'm trying it out now on an older (Exchange 2003) server and the galfind GET will only return the HTML search form. The query response data returns correctly along with the form content but it'd be nice to get it in XML format. So two related questions:
Does OWA in Exchange 2003 support XML responses for galfind?
If so, how does one either modify the HTTP request or configure the server to retrieve the XML formatted response from a galfind query?
Here's an example GET request I've been playing with:
GET
http://mail.mydomain.com/exchange/administrator#mydomain.com/?cmd=galfind&dn=C
HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/xml
Authorization: Basic
Host: mail.mydomain.com
Adding "MSIE 6.0" to the User-Agent seems to allow you to toggle over to an XML formatted response, e.g.
GET
http://mail.mydomain.com/exchange/administrator#mydomain.com/?cmd=galfind&dn=C
HTTP/1.1 User-Agent: Mozilla/5.0 (MSIE 6.0; Windows NT 6.1; WOW64; rv:8.0.1)
Gecko/20100101 Firefox/8.0.1
Accept: text/xml
Authorization: Basic
Host: mail.mydomain.com

Resources