I have a working self-hosted OWIN based 2.2 WebApi project. I wanted to put authorization into it and share the identity service with my MVC 5 website. (There a numerous opinions on if or how easy doing so may be.) My attempt to share the authorization/authentication cookie has lead me into a hole. I discovered that the WebApi code was not seeing/processing the cookie even though it was in the request header. I then decided to try a test in which I would generate the cookie in the WebApi on one call and accept it on another. That attempt lead me to the fact that CreatePerOwinContext is not working as I thought it should.
I placed the following code in a method to generate the cookie.
var ctx = Request.GetOwinContext();
var asim = ctx.Get<ApplicationSignInManager>();
asim.SignInAsync(user, false, false);
and discovered that the Get was returning null. I then investigated the code in my startup
appBuilder.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
I placed a breakpoint on ApplicationSigInManger.Create and never reached it. I placed a breakpoint at the same location in my MVC 5 code and did hit the breakpoint. Yes, I did verify that I am reaching and continuing past the call to CreatePerOwinContext. The lack of hitting the breakpoint has lead me to conclude that the call to CreatePerOwinContext is not working the same in WebApi as in MVC 5.
Both the MVC project and the WebApi project are using .Net 4.6 release code and the latest versions of their respective NuGet packages.
Related
I am using RestSharp in my Xamarin.Forms Project. Problem is RestClient.ExecuteTaskAsync is returning cached response when accessing same end point without stopping app. I have tried some suggestions like adding Random Number/TimeStamp as parameter, have tried setting header and Cache Policy like
_client.AddDefaultHeader("Cache-Control", "no-cache");
_client.CachePolicy = new
HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore);
But nothing work. Interesting point is, Cache is not creating problem for one Api Call where I am passing Credentials as Json Body. But for all other API Calls, even changing the parameters doesn't effect. It always bring cached response, until I stop app and then open app again.
I am using MVVM and Dependency Injection, So RestClient Object is passed as Dependency to constructor of class where I am using it. Currently testing in Android not tested in iOS. Please advise.
Can anyone save some of my hair? :)
I'm trying to create an asp.net WEB API interface for an older CSLA (1.x/2.x era) project. I am testing by hard coding the login on every request in various ways (once in the startup code, as an authorization request filter, inside the individual route request etc etc). All the ways I tried work exactly once perfectly and then I get the infamous:
'Default principal object cannot be set twice.'
exception in BusinessPrincipal.vb (yeah I know it's very old, but it's released software, I can't upgrade CSLA)
I know that there is an issue where you need to set HttpContext.Current.User = Thread.CurrentPrincipal; due to some internal workings of the web API and I do that already, that has not resolved the issue.
I'd like to know if anyone has implemented a web api front end and how they handled this issue or any pointers as to what could be the solution.
Worst case scenario if I could at least just login once and keep that same principal without losing it I could implement a second layer of security, that woudld be acceptable, barring anything else is there some way to just login once and not lose that principal?
That BusinessPrincipal class would be in your code base, not in CSLA itself. The Csla.Security namespace does include a BusinessPrincipalBase that is probably the base class for your BusinessPrincipal.
Classes in that namespace are here in GitHub
It is true that you can only call AppDomain.SetPrincipalPolicy one time, but you should be able to set the Thread.CurrentPrincipal and HttpContext.Current.User multiple times.
I am looking for a way to batch requests to the server. I found a post by Brad Wilson outlining how to make a batch handler using a message hanlder http://bradwilson.typepad.com/blog/2012/06/batching-handler-for-web-api.html#more but I wasn't able to get this working.
first I had compile errors because webapi did not understand "route-specific endpoint handler" like Brad's example used. there were also problems with the media type and/or formatter (can't remember which). My next attempt was to make a batch controller. so instead of a batch handler I had a batch controller. I almost has this working except when I used the MessageHandlerInvoker to call the individual commands I got exceptions about the additional handlers I have regsstered (1 for logging request/response and another to mimic user authentication).
At that point I stopped and reverted back to individual requests, not ideal, but it works.
My environment:
.net 4.0
VS 2010
mvc 4 front end (calls webapi)
webapi as a service tier
Has anyone else had any success with batched messages and webapi?
To be able to use per-route handlers you need ASP.NET Web API RTM which was only released yesterday (at the time when Brad wrote the article, it would only work with nightly MyGet feed builds or against Codeplex source).
You can get entire MVC4 RTM here or simply off Nuget.
A route I had working in VS2010/.NET 4/MVC3 seems broken in VS2012 and .NET 4.5 (although with MVC3 still).
Previously I had a route like this:-
routes.MapRoute("TMS", "{controller}/{action}/{id}.{extension}");
which was successfully matched for a uri:
/Test/Test/tile.png
which invoked the Test action on TestController:-
public ActionResult Test(string id, string extension)
With id = "tile" and extension="png".
Yet, in an identical project in VS2012, albeit with .NET 4.5, I get a 404 because the route does not match. Changing the period to a / in the route, and the uri, causes the route to match and invoke the action, but that's not good enough - i need to have that period in the route, as was working previously (because this action is designed to serve tiles as a TMS server; the URL format is an API).
Has anyone come across a problem like this?
<httpRuntime relaxedUrlToFileSystemMapping="true"/> does not help at all.
I wonder if the web server settings are different between the 2 environments you are testing: If the .png extension is not set up to be handled by MVC or the "verify that physical file exists" option is checked.
Do I even need this rule anymore?
I don't see any requests incoming for resource.axd files (as opposed to when I ran webform applications)
WebResource.axd is an HTTP Handler that is part of the .NET Framework
that does one thing and one thing only – it is tasked with getting an
embedded resource out of a DLL and returning its content. What DLL to
go to and what embedded resource to take are specified through the
querystring. For instance, a request to
www.yoursite.com/WebResource.axd?d=EqSMS…&t=63421… might return a
particular snippet of JavaScript embedded in a particular assembly.
Its still part of the framework and you can still retrieve embedded resources using the above handler. You dont want your route handler to handle such requests and that is why it is ignored. My guess is that you can get rid of it if you are completely sure that your app/libraries that you use dont use it.