I have a service in my C# application which uses App Center's api to push notifications. All my request come back with 401s (Unauthorised) yet, when I used the same details on postman i.e. content, header auth, owner_name and app_name it works successfully and sends the application.
This is very confusing and I am wondering if Postman handles some extra bits and pieces which I am missing out.
C# Push Notification Service
private async Task<bool> PostHttpRequest(PushNotificationModel pushNotificationModel)
{
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("X-API-Token", _appCenterApiToken);
var url = "https://api.appcenter.ms/v0.1/apps/myowner/myapp/push/notifications";
var content = JsonConvert.SerializeObject(pushNotificationModel);
var buffer = Encoding.UTF8.GetBytes(content);
var byteContent = new ByteArrayContent(buffer);
byteContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
var response = await _httpClient.PostAsync(url, byteContent);
return response.IsSuccessStatusCode;
}
I debugged this code and used the same data being passed to the client to use on Postman, hence why Model data is absent for example.
Help is much appreciated!
Put the code below in your startup form.
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
I figured out the issue using Telerik Fiddler. This helpful tool allows you to actively view HTTP traffic to and from your machine. Now the mistake was a silly one on my part but it boiled down to changing this:
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("X-API-Token", _appCenterApiToken);
to:
_httpClient.DefaultRequestHeaders.Add("X-API-Token", _appCenterApiToken);
As the first one was actually appearing in the HTTP header as Authorization : X-API-Token apiToken rather than X-API-Token : apiToken it caused the request to be bad, hence returning 401 (Unauthorised)
Related
I ran into some issues with CORS when setting up my Blazor client-side API client to make requests. I think I found the solution to that, but the solution is also throwing errors.
The main error is:
"WASM: System.Net.Http.HttpRequestException: TypeError: Failed to execute 'fetch' on 'Window': The provided value '2' is not a valid enum value of type RequestCredentials."
the code is
string link = API_RequestLoginTokenEndPoint;
Http.DefaultRequestHeaders.Add("User-Agent", "HttpClientFactory-Sample");
Http.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", "basic:testuser:testpassword");
var requestMessage = new HttpRequestMessage(new HttpMethod("GET"), link);
requestMessage.Properties[WebAssemblyHttpMessageHandler.FetchArgs] = new
{
credentials = FetchCredentialsOption.Include
};
var response = await Http.SendAsync(requestMessage);
var responseStatusCode = response.StatusCode;
var responseBody = await response.Content.ReadAsStringAsync();
output = responseBody + " " + responseStatusCode;
I also tried changing the request message to:
var requestMessage = new HttpRequestMessage(HttpMethod.Get, link);
In case this was the ENUM the error referred to. In the Startup ConfigureServices I tried to add:
WebAssemblyHttpMessageHandler.DefaultCredentials = FetchCredentialsOption.Include;
I am using Blazor preview 9. I also tried adding some CORS code to my PHP script on the API route that should accept all origins, but the last question I posted I was told to use this method to fix the CORS problem, which now gives me a new error.
Am I doing something wrong or am I missing something? The error in the browser usually points to the line with the async request:
var response = await Http.SendAsync(requestMessage);
This is a bug not yet fixed. Use this instead :
requestMessage.Properties[WebAssemblyHttpMessageHandler.FetchArgs] = new
{
credentials = "include"
};
I had a similar issue and could not resolve the pre-flight activity.
I WAS ABLE TO SOLVE THIS BY COMMENTING OUT HTTP REDIRECTION MIDDLEWARE.
context: Blazor client calls asp.net.core api in different url.
Not sure if this a good solution but I felt I needed to mention this after
spending 1 week on this frustrating issue! Hope it helps someone.
Very new to Azure, and I have an internal web API on an internal address http://internal-server:182/api/policies. I have set up a Hybrid Connection internal-service.servicebus.windows.net. This is connected and working.
My struggle is getting the C# code working to connect and retrieve the data. After a number of days, I have reviewed various articles, videos etc and all seem more advanced than what I am trying to do, which is just call the Web API and read the JSON. I have tried to simplify the code but receive the error:
401 MalformedToken: Invalid authorization header: The request is missing WRAP authorization credentials.
At present I have the followed code:
using (var client = new HttpClient())
{
var url = "http://internal-service.servicebus.windows.net";
var tp = TokenProvider.CreateSharedAccessSignatureTokenProvider("RootManageSharedAccessKey", "<key goes here>");
var token = tp.GetWebTokenAsync(url, string.Empty, true, TimeSpan.FromHours(1))
.GetAwaiter()
.GetResult();
client.BaseAddress = new Uri(url);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("ServiceBusAuthorization", token);
var response = client.GetAsync("/api/policies").Result;
string res = "";
using (HttpContent content = response.Content)
{
// ... Read the string.
Task<string> result = content.ReadAsStringAsync();
res = result.Result;
Label1.Text = res;
}
}
Any help or direction would be much appreciated? Once this code is working the Web App will be published as an Azure Web App.
Seems that your are not sending the right header.
First suggestion: intercept the call with a proxy like fiddler, to do that add a proxy config to your call to localhost port 8888, after this you can try some request and see the raw http you are sending to the server, you can also modify it until it works, once you have this modify your code until it send the same raw http.
You can find more info about this here:
Microsoft Azure CreateQueue using Simple REST Client
https://github.com/ytechie/event-hubs-sas-generator
I'm trying to test an API call on my local machine, using RestSharp, with the following code...
var client = new RestClient("https://[API URL]");
var request = new RestRequest( Method.POST);
request.AddParameter("session", this, ParameterType.RequestBody);
IRestResponse<SessionOut> response = client.Execute<SessionOut>(request);
return response.Data.session.id;
In response I get the an error telling me that the request was aborted because it "could not create SSL/TLS secure channel".
Does this mean I need to try and set up https://localhost instead of http://localhost in order to call APIs at https:// addresses?
UPDATE
I have updated my code to the following, as per #Shai_Aharoni's answer below. I am still getting the same error however.
string pathToYourClientCert = Path.Combine( AppDomain.CurrentDomain.BaseDirectory, "[my certificate file");
var client = new RestClient("[API URL]/");
client.ClientCertificates = new X509CertificateCollection();
client.ClientCertificates.Add(new X509Certificate(pathToYourClientCert));
var request = new RestRequest( Method.POST);
request.AddParameter("session", this, ParameterType.RequestBody);
IRestResponse<SessionOut> response2 = client.Execute<SessionOut>(request);
Try adding this to your code:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Related resources:
Some useful information about setting TLS 1.2 in another stackoverflow post
Well... There are a few steps that you need to complete before you can call you HTTPS endpoint.
1) Make sure that your server supports an HTTPS endpoint (i.e : that the URL https://[APIURL] is reachable.
2) Have a valid server (the api server) certificate installed on the machine that executes the HTTPS call.
3) Add the certificate to your RestSharp client. Similar to something like this:
string pathToYourClientCert = "cer/cert.cer";
client.ClientCertificates.Add(new X509Certificate(pathToYourClientCert));
Hope this helps...
Follow these steps:
https://learn.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=macos
Also add this to your code in MainActivity.cs -> OnCreate -> Before you load your app:
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
I had to do both for my API requests to work in Xamarin Forms!
Make sure your CERTIFICATE is not SELF-SIGNED!!!
I've seen a lot of question about this, and all points to me using ConfigureAwait(false), but even after doing so, it still doesn't returned any response. When I run the debugger, the code stops at the PostAsync and does not continue with my code. Am I doing something wrong here? Does it have to do with me calling an API via HTTPS?
Here's the code:
public async static Task<PaymentModel> AddAsync(Card card)
{
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:", "hidden"))));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
var cardJson = JsonConvert.SerializeObject(card);
var postRequest = new StringContent(cardJson, Encoding.UTF8, "application/json");
var request = await client.PostAsync(new Uri("https://sample-3rd-party-api/api/endpoint/here"), postRequest).ConfigureAwait(false);
var content = await request.Content.ReadAsStringAsync().ConfigureAwait(false);
}
EDIT:
In response to the comments below, the code is contained from a method AddAsync(Card card) called from a button click with a handler:
public async void OnExecute(object sender, EventArgs args)
{
//some code here
payment = await PaymentModel.AddAsync(card).ConfigureAwait(false);
}
EDIT 2:
I tried pinging the API, but it returns a request timed out, but when I tried it using Postman, it's doing fine (the API is just a Sandbox which is open for all, so it's okay to share this):
EDIT 3:
I think the problem lies with where I don't have an SSL certificate to access the API. I have a PHP server that connects to the same API and I have to set SSL_VERIFYPEER to false just so I can access it (don't worry, I added a cacert now so its on true again). Can the same issue be happening here? If so, what can I do to create a valid certificate for my xamarin forms app
You can use this
var json = JsonConvert.SerializeObject(card);
using (var client = new HttpClient())
{
var t = await client.PostAsJsonAsync("https://sample-3rd-party-api/api/endpoint/here", json);
Response R =JsonConvert.DeserializeObject<Response>((JsonConvert.DeserializeObject(t.Content.ReadAsStringAsync().Result.ToString())).ToString());
}
What's most likely happening here is your OnExecute method has a return type of void instead of Task which prevents the UI thread from being able to await it. Try either changing that return type to Task or creating a new UI thread to perform this work. I wouldn't worry about the ping timing out as long as Postman works. Many public web servers disable their ping response.
Does it have to do with me calling an API via HTTPS?
As you are remaining in the same network and calling the same API from POSTMAN and .NET HTTP Client and only getting success with POSTMAN.So this issue gets cancelled.
Next
tried pinging the API, but it returns a request timed out
This is answered on top of mine.
Can you Please try setting the timeout option for HTTPClient while initializing.
client.Timeout = TimeSpan.FromSeconds(10);
and if still Problem persists please setup Fiddler and compare both the req sent from POstman and .NET client
So I think the problem is resolved now since I'm able to receive content from the request, what I did was simply follow the docs here: https://learn.microsoft.com/en-us/xamarin/cross-platform/app-fundamentals/transport-layer-security?tabs=windows
It looks like my settings are outdated in platform level.
Update the HttpClient implementation and SSL/TLS implementation
options to enable TLS 1.2 security.
Update the HttpClient Implementation option to enable TSL 1.2
security. (NSUrlSession (iOS 7.0+)
I was having the same issue and below trick fixed the issue.
Change your var request = await client.PostAsync(...); as below
var task = client.PostAsync(new Uri("https://sample-3rd-party-api/api/endpoint/here"), postRequest);
var request = task.GetAwaiter().GetResult();
After Twitter deprecated their Twitter API 1.0, I've tried several methods in order to get the 1.1 API working for my Windows 8 application. However, what you see below is basically what I've ended up with:
public List<UserTweet.User> jsonFromTwitter;
private async void fetchTweet()
{
var jsonTwitter = new Uri("http://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=stackoverflow&result_type=recent");
HttpClient client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, jsonTwitter);
var oAuthHeader = "OAuth oauth_consumer_key=\"XXXXX\", oauth_nonce=\"XXXXX\", oauth_signature=\"XXXXX\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1318622958\", oauth_token=\"XXXXX-XXXXXX\", oauth_version=\"1.0\"";
request.Headers.Add("Authorization", oAuthHeader);
var response = await client.SendAsync(request);
var responseString = await response.Content.ReadAsStringAsync();
jsonFromTwitter = JsonConvert.DeserializeObject<List<UserTweet.User>>(await client.GetStringAsync(responseString));
//listbox.ItemsSource = jsonFromTwitter;
}
However, this won't do much good, and it switches between mainly a couple of errors. One of them can be seen below, and the other one is "Could not authenticate user" or similar, basically there's something wrong with the headers as far as I've understood.
Anyone got any ideas on how to construct a working OAuth header for this? I'm clueless at the moment.
There's a lot more you need to do for the value assigned to the Authorization header - plain text won't work. The following pages in the Twitter OAuth documentation might help you get started in the right direction.
Twitter's Docs have a section on Authentication
Authorizing a Request
Creating Signatures