Develop Reference

POST http request C# - Request Payload

I'm trying to POST HTTP request on C# .NET app, i need some help
because i have no idea if that is possible using the request data from google chrome developer tools.
General :
Request URL: https://my.domain.ae/data/verify/Proc
Request Method: POST
Status Code: 200
Remote Address: ip:443
Request Payload :
------WebKitFormBoundaryWVKBQMeG4O3GcfXR
Content-Disposition: form-data; name="Id"
016
------WebKitFormBoundaryWVKBQMeG4O3GcfXR
Content-Disposition: form-data; name="Lvl"
10
------WebKitFormBoundaryWVKBQMeG4O3GcfXR
Content-Disposition: form-data; name="Name"
Test
------WebKitFormBoundaryWVKBQMeG4O3GcfXR
Content-Disposition: form-data; name="Score"
23
------WebKitFormBoundaryWVKBQMeG4O3GcfXR
Content-Disposition: form-data; name="Coins"
100
------WebKitFormBoundaryWVKBQMeG4O3GcfXR--
Request Headers :
:authority: my.domain.ae
:method: POST
:path: /data/verify/Proc
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
content-length: 617
content-type: multipart/form-data; boundary=----WebKitFormBoundaryWVKBQMeG4O3GcfXR
cookie: user_language=ar; ****
origin: https://my.domain.ae
referer: https://my.domain.ae/index
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
x-requested-with: XMLHttpRequest

Generation of POST HttpWebRequest using a string with the headers and the body in c#

I have a string which contains this post request:
POST /url=ws.walla.co.il/form/?itemid=2773368 HTTP/1.1
Host: localhost
Connection: keep-alive
Content-Length: 797
Cache-Control: max-age=0
Origin: https://localhost
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynWW393YLgBegLQYK
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer: https://localhost/?url=news.walla.co.il/item/2773368
Accept-Encoding: gzip, deflate, br
Accept-Language: he-IL,he;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: aeuid=247897859747575876; aeses=1; aelast=1466862543110; aestate=ab; aeb=true; _cb_ls=1; _cb=BTpqzMbWn1VDmMlcY; _chartbeat2=.1466862544444.1466862544444.1; _dy_ses_load_seq=11113%3A1469789072660; _dy_c_exps=; _dycst=dk.w.c.ws.frv2.ah.; _dy_geo=IL.AS.IL_05.IL_05_Tel%20Aviv; _dy_df_geo=Israel..Tel%20Aviv; _dy_toffset=-1; _dy_soct=12898.15511.1469789072; _dyus_8765945=34%7C360%7C0%7C3%7C8%7C0.0.1466859495876.1469789073827.2929577.0%7C210%7C31%7C6%7C116%7C4%7C0%7C0%7C0%7C0%7C0%7C0%7C4%7C0%7C0%7C0%7C0%7C7%7C4%7C7%7C0%7C0%7C0%7C0; _ga=GA1.1.1267733164.1466862541
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="fname"
myName
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="phone"
042895673
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="email"
tomi#gmail.com
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="subject"
topic
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="content"
text
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="multiplefile[]"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundarynWW393YLgBegLQYK
Content-Disposition: form-data; name="terms"
on
------WebKitFormBoundarynWW393YLgBegLQYK--
how can I generate a POST HttpWebRequest and send it to the url in the first line? Attention the the parameters in the body of the post request.
Thanks!

Yammer API alternates responses 302 and 404

I'm programmatically trusting my yammer app through .NET. While debugging the POST request to trust an app, the responses can seemingly arbitrarily render either a 302 or a 404 as the response tries to redirect to a SharePoint MySite host.
If I during the same debug session loop my requests, I get the same type of response. I have to restart debugging to have a chance at a different response. I have tried setting minute long sleeps to ensure that time has nothing to do with which type of response I get. Same rule seem to apply: One debug session, one response type.
My question is now: What do I need to do to avoid these 404's?
Here's the fiddler responses:
THE 302 RESPONSE:
POST https://www.yammer.com/MYNETWORK/oauth2/decision?client_id=MYAPPCODE&redirect_uri=http%3a%2f%2fmy.devmachine.contoso.com&response_type=code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: www.yammer.com
Cookie: yamtrak_id=[GUID]; _workfeed_session_id=[ID] Content-Length: 90
Expect: 100-continue
utf8=%E2%9C%93&authenticity_token=[TOKEN]=&allow=Allow
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 29 Sep 2014 13:21:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Status: 302 Found
Location: http://my.devmachine.contoso.com?code=[CODE] X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: yamtrak_id=[ID]; path=/; expires=Tue, 29-Sep-2015 13:21:51 GMT; secure; HttpOnly
Set-Cookie: auth_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
Set-Cookie: auth_token_sso=; domain=yammer.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
X-Date: 1411996911966
X-Runtime: 0.073263
7e
<html><body>You are being redirected.</body></html>
0
THE 404 RESPONSE:
POST https://www.yammer.com/MYNETWORK/oauth2/decision?client_id=MYAPPCODE&redirect_uri=http%3a%2f%2fmy.devmachine.contoso.com&response_type=code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: www.yammer.com
Cookie: yamtrak_id=[GUID]; _workfeed_session_id=[ID]
Content-Length: 90
Expect: 100-continue
utf8=%E2%9C%93&authenticity_token=[TOKEN]=&allow=Allow
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 29 Sep 2014 13:26:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 404 Not Found
Cache-Control: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible: IE=Edge,chrome=1
X-Date: 1411997163223
X-Runtime: 0.068703
a45
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8,chrome=1" />
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>The page you were looking for doesn't exist (404)</title>
<link href="/stylesheets/yamkit/yam.css" media="screen, projection" rel="stylesheet" type="text/css" />
<style type="text/css">
body {
...
<div id="parallax-static">
<div id="parallax-static-text">
<h1>Oops!</h2>
<h2>The page you were looking for could not be found.</h2>
Let's go back to your happy place.
</div>
</div>
...
</body>
</html>
0
I'm aware of the other yammer threads in this forum, and I'm using the new login_csrf_token cookie to authenticate, so that shouldn't be the issue.
Thanks for Reading! I'm grateful for any suggestion on how to solve this.
EDIT: I've tried setting another site (google) as my redirect url, but the alternating behaviour persists.

Found it: Turns out that sometimes the authenticity token contains plus characters (+) which needs to be URL encoded. The tokens can also contain front slashes (/) but they don't trip up the succeeding call to /session or /oauth2/decision, only plus does.

Enable CORS in Azure Mobile Services - OPTIONS not authorized

I am creating .Net web services using Azure Mobile Services. The services themselves work fine, but I want to enable CORS.
My Global.asax contains:
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod != "OPTIONS") return;
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET,POST");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers",
"Authorization, Origin, Content-Type, Accept, X-Requested-With,x-zumo-application,x-zumo-installation-id");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
My WebAPIConfig.cs contains:
public static void Register()
{
ConfigOptions options = new ConfigOptions();
HttpConfiguration config = ServiceConfig.Initialize(new ConfigBuilder(options));
var cors = new EnableCorsAttribute("*", "*", "*","*");
config.EnableCors(cors);
config.Routes.MapHttpRoute("DefaultApiWithAction", "Api/{controller}/{action}");
}
My request/response:
OPTIONS http://********.azure-mobile.net/API/MyLogin?username=username&password=password&email=testtest%40example.com&_=140191793307 HTTP/1.1
Host: ********.azure-mobile.net
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: null
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-zumo-application,x-zumo-installation-id
Connection: keep-alive
Cache-Control: max-age=0
HTTP/1.1 401 Unauthorized
Content-Length: 81
Content-Type: application/xml; charset=utf-8
Server: Microsoft-IIS/8.0
WWW-Authenticate: Basic realm="Service"
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=50b9234b61ec5f663e817ec57c430ca7b921bbcd842719dfc2bdc27374adea87;Path=/;Domain=********.azure-mobile.net
Date: Wed, 04 Jun 2014 21:38:56 GMT
<Error><Message>Authorization has been denied for this request.</Message></Error>

There is a workaround for enabling CORS in Mobile Services here:
https://gist.github.com/HenrikFrystykNielsen/6c934be6c6c8fa9e4bc8
You don't need the Application_BeginRequest part -- requests/responses don't go through that code path -- they go through the OWIN pipeline. Good thing is that you only need the gist above to get going.
Hope this helps!
Henrik

Cannot Return Custom HTTP Error Details Remotely

This is a strange one. I'm running MVC 3 and have a custom action result that wraps exceptions and returns a message along with the standard HTTP error.
public class ExceptionResult : ActionResult
{
private readonly Exception _exception;
public ExceptionResult(Exception exception)
{
_exception = exception;
}
public override void ExecuteResult(ControllerContext context)
{
var response = context.HttpContext.Response;
response.ClearHeaders();
response.Cache.SetNoStore();
response.ContentType = ContentType.Json;
var baseEx = _exception as BaseException ?? new ServerException(_exception);
var result = baseEx.GetResult();
var json = result.ToJSON();
response.Write(json);
response.StatusCode = (int)result.Status.Code;
}
}
When I run this locally I get exactly what I expect:
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Thu, 01 Dec 2011 19:00:03 GMT
Content-Length: 81
{"error":"invalid_request","error_description":"Parameter grant_type is missing"}
But when I try to connect from a different machine I get the standard IIS error message instead:
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Thu, 01 Dec 2011 19:02:33 GMT
Content-Length: 11
Bad Request
UPDATE
There must be some http module somewhere in the IIS pipeline that is swallowing the response and rewriting the content. I wrote a module to log the request and response and it's returning exactly what I expect however what actually makes it to the browser is wrong.
2011-12-02 15:39:00,518 - ======== Request ========
2011-12-02 15:39:00,518 - GET /oauth/2/token HTTP/1.1
2011-12-02 15:39:00,519 - Cache-Control: max-age=0
2011-12-02 15:39:00,519 - Connection: keep-alive
2011-12-02 15:39:00,519 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
2011-12-02 15:39:00,519 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
2011-12-02 15:39:00,519 - Accept-Encoding: gzip,deflate,sdch
2011-12-02 15:39:00,519 - Accept-Language: en-US,en;q=0.8
2011-12-02 15:39:00,519 - Host: micah-pc:8095
2011-12-02 15:39:00,519 - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
2011-12-02 15:39:00,519 - =========================
2011-12-02 15:39:00,519 - OAuth exception occurred.
BoomTown.OAuth.OAuthException: Parameter grant_type is missing
at BoomTown.OAuth.Request.TokenRequest.GetRequestValidator() in C:\code\BoomTown\Api\BoomTown.OAuth\Request\TokenRequest.cs:line 19
at BoomTown.OAuth.Request.OAuthRequestBase.Validate() in C:\code\BoomTown\Api\BoomTown.OAuth\Request\OAuthRequestBase.cs:line 33
at BoomTown.OAuth.Request.OAuthRequestBase..ctor(HttpRequestBase request, IOAuthServiceLocator serviceLocator) in C:\code\BoomTown\Api\BoomTown.OAuth\Request\OAuthRequestBase.cs:line 28
at BoomTown.OAuth.Request.TokenRequest..ctor(HttpRequestBase request, IOAuthServiceLocator serviceLocator) in C:\code\BoomTown\Api\BoomTown.OAuth\Request\TokenRequest.cs:line 13
at BoomTown.Api.Web.Controllers.OAuth.V2.OAuthController.Token() in C:\code\BoomTown\Api\BoomTown.Api.Web\Controllers\OAuth\V2\OAuthController.cs:line 26
2011-12-02 15:39:00,520 - ======= Response =======
2011-12-02 15:39:00,520 - HTTP/1.1 400 Bad Request
2011-12-02 15:39:00,520 - Cache-Control: no-store
2011-12-02 15:39:00,520 - X-AspNet-Version: 4.0.30319
2011-12-02 15:39:00,520 - Content-Type: application/json; charset=utf-8
2011-12-02 15:39:00,520 - {"error":"invalid_request","error_description":"Parameter grant_type is missing"}
SOLUTION
Thanks to a little sleuthing I was able to figure it out. I setup IIS tracing which confirmed my suspicions that it was related to the customerrormodule which was intercepting my requests and overwriting my error messages. I kept monkeying with the
<system.web>
<customErrors />
<system.web>
settings but to no avail. I was on the right track, but since it's IIS 7 that I'm running I needed to change the correct web.config section like this:
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
Now all my custom JSON messages come through perfectly. Big thanks to Jason Finneyfrock for the tag team on this one.

In your web.config, do you have httpErrors defined to only be DetailedLocalOnly? I'm not sure whether or not the content would be removed in this situation.
http://www.iis.net/ConfigReference/system.webServer/httpErrors

I came across this, not sure if it will help:
context.HttpContext.Response.TrySkipIisCustomErrors = true;