I am working on a WebApp (Razor Pages) that work also as API Gateway. The WebApp get some data from another project (part of the same solution) that is a WebAPI.
The problem is that when I do an HTTPRequest to the WebAPI, if the request is not too long, the WebAPI will process it, but when I try to send a longer request (long in characters) it will reject it and send back a 404.
The WebApp is a basic CMS. So the app will provide to the user, the creation of Web pages. I am using a restful request model so a request will look like this:
string baseURL = #"https://localhost:5001";
public async Task<string> CreatePageAsync(string pageTitle, string pageBody, int? pageOrder, string userID)
{
if (pageTitle != null && pageBody != null && pageOrder != null && userID != null)
{
string fullURL = baseURL + $"/api/pages/create/page/title/{pageTitle}/body/{pageBody}/order/{pageOrder}/user/{userID}";
var request = new HttpRequestMessage(HttpMethod.Post, fullURL);
HttpResponseMessage response = await _httpClient.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
return "error";
}
}
return "ok";
}
As you can imagine, the "pageBody" property is the one responsible for the length of the request. So, when I test the WebAPI with short words, it works just fine, but if I copy an article from the internet (Just text) and use it as the body (simulating the user's content), if it is a long one, it will return a 404.
On the other end, the WebAPI looks like this:
[HttpPost("Create/page/title/{pageTitle}/body/{pageBody}/order/{pageOrder}/user/{userID}")]
//[ValidateAntiForgeryToken]
public async Task<string> CreatePage(string pageTitle, string pageBody, int pageOrder, string userID) //[Bind("pageName,pageHead,pageBody,userID")]
{
if (ModelState.IsValid)
{
DateTime now = DateTime.Now;
WebPage newPage = new WebPage()
{
PageID = _globalServices.GuidFromString(_globalServices.GetSeed()),
PageDateCreated = now,
PageDateUpdated = now,
PageOrder = pageOrder,
PageTitle = pageTitle,
PageBody = pageBody,
UserID = userID
};
try
{
await _pagesDBContext.Pages.AddAsync(newPage);
await _pagesDBContext.SaveChangesAsync();
}
catch (Exception e)
{
string message = "ERROR: Could not save to the database.\n";
return message + e.Message;
}
return "Page saved";
}
return "ERROR: Model invalid";
}
I am sending the request as simple text. I don't know if there is a better way.
Any ideas?
I don't have enough rep to comment but it looks like the maximum characters you can send in a GET request is 2,048.
Related
Hi i'm new on programming and i'm working on some code. When i want to post a created entity my service return a null entity and go on error 400 BadRequest and i can't understand why
var action = _url + "/NewUser";
EntityUser newUser = new EntityUser();
try
{
newUser.Id = 1;
newUser.Name = "Jack";
newUser.Surname = "Black";
HttpResponseMessage responseMessage = await _client.PostAsJsonAsync<EntityUser>(action, newUser);
}
this is the other part of the code on my service where my User is null
public async Task<long> NewUser(EntityUser user)
{
return await Task.Factory.StartNew(() => new DtoUser().NewUser(user));
}
I'm sure my user isn't null when i post it so i don't understand why he doens't get it. It should create another user from the data i gave him.
This is paypals sample code for the ipn. I have been on it for a few days now and am getting no where. I am not sure what i am meant to call. In a previous question i asked some said you dont call the Receive method. So this then lead me on to think how will Paypal know where to go. (i.e what method to use.)
public class IPNController : Controller
{
[HttpPost]
public HttpStatusCodeResult Receive()
{
//Store the IPN received from PayPal
LogRequest(Request);
//Fire and forget verification task
Task.Run(() => VerifyTask(Request));
//Reply back a 200 code
return new HttpStatusCodeResult(HttpStatusCode.OK);
}
private void VerifyTask(HttpRequestBase ipnRequest)
{
var verificationResponse = string.Empty;
try
{
var verificationRequest = (HttpWebRequest)WebRequest.Create("https://www.sandbox.paypal.com/cgi-bin/webscr");
//Set values for the verification request
verificationRequest.Method = "POST";
verificationRequest.ContentType = "application/x-www-form-urlencoded";
var param = Request.BinaryRead(ipnRequest.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
//Add cmd=_notify-validate to the payload
strRequest = "cmd=_notify-validate&" + strRequest;
verificationRequest.ContentLength = strRequest.Length;
//Attach payload to the verification request
var streamOut = new StreamWriter(verificationRequest.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
//Send the request to PayPal and get the response
var streamIn = new StreamReader(verificationRequest.GetResponse().GetResponseStream());
verificationResponse = streamIn.ReadToEnd();
streamIn.Close();
}
catch ( Exception exception)
{
//Capture exception for manual investigation
}
ProcessVerificationResponse(verificationResponse);
}
private void LogRequest(HttpRequestBase request)
{
// Persist the request values into a database or temporary data store
}
private void ProcessVerificationResponse(string verificationResponse)
{
if (verificationResponse.Equals("VERIFIED"))
{
// check that Payment_status=Completed
// check that Txn_id has not been previously processed
// check that Receiver_email is your Primary PayPal email
// check that Payment_amount/Payment_currency are correct
// process payment
}
else if (verificationResponse.Equals("INVALID"))
{
//Log for manual investigation
}
else
{
//Log error
}
}
}
There is no ActionResult so how am i meant to give a URL.
I thought of this but it seems to return invalid
public ActionResult IPN() {
Receive()
}
I have asked previous questions but still cant seem to get my head around this IPN.
For anyone that sees this, this was an inexperienced me and all i had to do was
return Ok() so my action result would look like the below:
public ActionResult IPN()
{
Receive();
return Ok();
}
I'm working on a REST API Project where users log in and make calls. In order to do that, i create a cookie where i encrypt the username. My server is deployed and something really weird is going on. From time to time i just don't receive the cookies in the response. In this case I just have to make any modification in the web.config file and it starts working again... I really don't understand why... Any ideas ?
Here's my login code :
[Route("login", Order = 1)]
[HttpPost]
[HttpGet]
public async Task<HttpResponseMessage> Login([FromUri] string userId, [FromUri] string userPassword)
{
try
{
Tuple<string, string> result = userService.Authenticate(userId, userPassword);
string sessionIds = result.Item1;
string message = result.Item2;
CookieHeaderValue cookie = CreateSessionsCookie(sessionIds);
cookie.Secure = true;
// Store username for later use
CookieHeaderValue userCookie = new CookieHeaderValue(Strings.Id, Encryption.Protect(userId, Strings.Id));
userCookie.Secure = true;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.OK, JsonConvert.DeserializeObject(message));
response.Headers.AddCookies(new CookieHeaderValue[] { cookie, userCookie });
return response;
}
catch (Exception ex)
{
return HandleException(ex);
}
}
It is a bit of an anti-pattern to use a cookie for a restful web service. Just include the username in the header instead.
As to why this is timing out I suspect it has to do with your session timing out.
i'm using ASP.NET MVC5 with the latest Identity and Signalr on the server and have .NET client app. Currently i have working auth logic implemented but i don't get it how can i get auth failure in .NET desktop client?
Here is my .NET desktop client auth code:
private static async Task<bool> AuthenticateUser(string siteUrl, string email, string password)
{
try
{
var handler = new HttpClientHandler { CookieContainer = new CookieContainer() };
using (var httpClient = new HttpClient(handler))
{
var loginUrl = siteUrl + "Account/Login";
_writer.WriteLine("Sending http GET to {0}", loginUrl);
var response = await httpClient.GetAsync(loginUrl);
var content = await response.Content.ReadAsStringAsync();
_verificationToken = ParseRequestVerificationToken(content);
content = _verificationToken + "&UserName="+email+"&Password="+password+"&RememberMe=false";
_writer.WriteLine("Sending http POST to {0}", loginUrl);
response = await httpClient.PostAsync(loginUrl, new StringContent(content, Encoding.UTF8, "application/x-www-form-urlencoded"));
content = await response.Content.ReadAsStringAsync();
_verificationToken = ParseRequestVerificationToken(content);
_connection.CookieContainer = handler.CookieContainer;
return true;
}
}
catch (Exception ex)
{
Logger.Log(ex, "Auth");
return false;
}
}
where _connection is a hub connection which receives cookie needed for hub auth. The problem is that httpCLient.PostAsync() always return valid result and i don't get it how i can implement auth failure detection.
Here is server login code:
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
await SignInAsync(user, model.RememberMe);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
On failure it just adds error string on the page.
Please advice what is the better way to implement auth result.
This is strange that i got no single answer for this question. I've come to an intermediate solution:
Add unique hidden tags for login and index pages (on failure login page is displayed again, on success - index page)
<div style="display: none;" id="#SharedData.Constants.INDEX_PAGE_TAG"></div>
In .NET client check content string for the specific tag presence.
I don't think this the preformance-wise solution but at least it works...
I am trying to get the grip on the Facebook SDK and at the same time transitioning from ASP.NET forms to MVC (finally). So please bear with me ..
I have created two controller actions:
FBLogon is execetued when the user clicks on the FB login button on the form.
He is then redirected to the FB login page.
Afterwards he gets sent back to the FBAuthorize page, which is supposed to parse the returned url for the access token. I get something like:
http://localhost:5000/account/FBAuthorize#access_token=199143326771791|827213759889396d5408fee6-100001815992604|BmYchAOMqSoZ2L0TYgCrtpoKP3M&expires_in=0
The problem I see, is that as the access_token is passed behind a #, asp.net cannot parse it on the server. Am I doing something fundamentaly wrong?
Code follows:
public ActionResult FBLogon()
{
var settings = ConfigurationManager.GetSection("facebookSettings");
IFacebookApplication current = null;
if (settings != null)
{
current = settings as IFacebookApplication;
if (current.AppId == "{app id}" || current.AppSecret == "{app secret}")
{
return View();
}
}
string[] extendedPermissions = new[] { "publish_stream", "offline_access" };
var oauth = new FacebookOAuthClient { ClientId = current.AppId, RedirectUri = new Uri("http://localhost:5000/account/FBAuthorize") };
var parameters = new Dictionary<string, object>
{
{ "response_type", "token" },
{ "display", "page" }
};
if (extendedPermissions != null && extendedPermissions.Length > 0)
{
var scope = new StringBuilder();
scope.Append(string.Join(",", extendedPermissions));
parameters["scope"] = scope.ToString();
}
var loginUrl = oauth.GetLoginUrl(parameters);
return Redirect(loginUrl.ToString());
}
public ActionResult FBAuthorize()
{
FacebookOAuthResult result;
if (FacebookOAuthResult.TryParse(Request.Url, out result))
{
if (result.IsSuccess)
{
var accesstoken = result.AccessToken;
}
else
{
var errorDescription = result.ErrorDescription;
var errorReason = result.ErrorReason;
}
}
return View();
}
Ok. The facebook docs say it quite clearly:
Because the access token is passed in
an URI fragment, only client-side code
(such as JavaScript executing in the
browser or desktop code hosting a web
control) can retrieve the token. App
authentication is handled by verifying
that the redirect_uri is in the same
domain as the Site URL configured in
the Developer App
from http://developers.facebook.com/docs/authentication/ ---> Client-side Flow Section.
So I'm sending the token back to my server to complete the authentication..
Update:
The sending back to the server I do using Javascript something like this:
var appId = "<%: Facebook.FacebookContext.Current.AppId %>";
if (window.location.hash.length > 0) {
accessToken = window.location.hash.substring(1);
var url = window.location.href.replace(/#/, '?');
window.location = url;
}
On the server then I have the following action. Not very nice but it works..
public ActionResult FBAuthorize()
{
FacebookOAuthResult result = null;
string url = Request.Url.OriginalString;
/// hack to make FacebookOuthResult accept the token..
url = url.Replace("FBAuthorize?", "FBAuthorize#");
if (FacebookOAuthResult.TryParse(url, out result))
{
if (result.IsSuccess)
{
string[] extendedPermissions = new[] { "user_about_me", "offline_access" };
var fb = new FacebookClient(result.AccessToken);
dynamic resultGet = fb.Get("/me");
var name = resultGet.name;
RegisterModel rm = new Models.RegisterModel();
rm.UserName = name;
rm.Password = "something";
rm.Email = "somethig";
rm.ConfirmPassword = "23213";
//Label1.Text = name;
//Response.Write(name);
//return RedirectToAction("register", "Account", rm);
ViewData["Register"] = rm;
return RedirectToAction("Register");
}
else
{
var errorDescription = result.ErrorDescription;
var errorReason = result.ErrorReason;
}
}
return View();
}
I found this post http://facebooksdk.codeplex.com/discussions/244568 on codeplex. I think this is what you need.
Note that instead of using the client-side flow, you need to use the server-side flow.
This is what you should do
Create a login link for server-side flow. After Authorization, facebook will return an url containing a code instead of a access token.
Then you request for a token from facebook using the code. this is my example
public ActionResult FBAuthorize()
{
FacebookOAuthClient cl = new FacebookOAuthClient(FacebookContext.Current);
FacebookOAuthResult result = null;
string url = Request.Url.OriginalString;
// verify that there is a code in the url
if (FacebookOAuthResult.TryParse(url, out result))
{
if (result.IsSuccess)
{
string code = result.Code;
// this line is necessary till they fix a bug *see details below
cl.RedirectUri = new UriBuilder("http://localhost:5000/account/FBAuthorize").Uri;
var parameters = new Dictionary<string, object>();
//parameters.Add("permissions", "offline_access");
Dictionary<String, Object> dict = (Dictionary<String, Object>)cl.ExchangeCodeForAccessToken(code, new Dictionary<string, object> { { "redirect_uri", "http://localhost:5000/account/FBAuthorize" } });
Object Token = dict.Values.ElementAt(0);
TempData["accessToken"] = Token.ToString();
return RedirectToAction ("ShowUser");
}
else
{
var errorDescription = result.ErrorDescription;
}
}
else
{
// TODO: handle error
}
return View();
}
*There is bug when using IIS in localhost, see the original post for details (the redirect uri when asking for the token must be the same as the one used asking for the code)
It is highly recommended to use IIS and not visual studio web server. There are many things that wont work in visual studio web server.
I am in the same spot you are at the moment.
We never get the Request.QueryString populated becasue of the "fragment" or # in the url.
Love to know if you solved this and how.
It does not look like the FacebookOAuthResult class was written to be used in web applications of any sort.
you can change the response type in you scope paramas to be "code" then it will send back a code in the querystring in which you can swap for a token.