I currently have a solution which contains two projects: an ASP.NET site and a Web API project. On the site, I have a page that is meant to call the API using the POST method at address http://localhost:52855/api/v1/GetPrices asynchronously (e.g. response = await base.SendAsync(request, cancellationToken where "base" is a DelegatingHandler). Part of the data that is posted is an API key along with a signature to ensure the user is authorized. However, nothing happens; the Chrome tab just shows the loading symbol continuously.
But, if I use Fiddler and make a POST request to the same address (http://localhost:52855/api/v1/GetPrices), but without the API/signature information, I get back the correct response - a 401 Unauthorized and a "WWW-Authenticate: amx" header (where "amx" is the authentication scheme I'm using for testing. If I include the authorization header in Fiddler then I get a 500 Internal Server Error
My biggest question is how can I debug the Web API project in Visual Studio 2017 Enterprise edition? I have breakpoints set on all the methods (e.g. the Post method in my GetPricesController : ApiController as well as my HMACAuthenticationAttribute which implements the IAuthenticationFilter). I feel that if I can at least start seeing what's going on when I make the requests with Fiddler, that I may be able to figure out the web app from there.
I'm supposed to be doing a demo on this Web API project tomorrow early afternoon and I've been working for the back 11 hours on finishing this up but I'm completely stalled now and have no idea where to go from here. Any help/guidance would be so greatly appreciated. Thank you.
P.S. I was using this article http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/ to implement the API key validation.
Related
I am working with ZENDESK Rest API. All the API URLS are returning me
expected result in my development environment visual studio, But
exceptionally there is one API URL provided by Zendesk which gives me
always Unauthorize Error, while the same URL returns data in Browser.
I have mentioned the URL follows
https://YourDomain/api/v2/help_center/articles.json
Request to zendesk API is as follows:
Response from zendesk API is asl follows :
A frequent help will be much appreciated.
Thanks
If your Help Center is not active, you may receive that error. Can you confirm that the Help Center is active? Can you also share the URLs you've tried which do work? For example, can you load https://yourdomain.zendesk.com/api/v2/help_center/categories.json ?
I have a very basic Single Sign On app built on VS 2015 using MVC and Web Forms. It is supposed to be a simple proof of concept and is based on some code found here and here which are essentially the same things. I've finally gotten it all converted to use .Net 4.5 but when running it on my local server it throws a 404 with no debug information.
The 404 itself wasn't initially a surprise as I was supposed to be able to change the url to one of the secure pages (for instance /WebSecApp1) which would redirect me back to the signon page but no matter what I put as the url I get the 404.
I've also tried changing the urls in the code so that they contain the port numbers for the localhost but that doesn't work either.
It was suggested to me that the RouteConfig.cs could be the culprit but I don't see how that could be since I'm calling a single page with no parameters.
I know this is kind of lite on details but does anyone have any suggestions?
Yes this looks like a routing issue as you also thought it to be. Routing is essential for web api too .Pls see https://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-and-action-selection. Does your api request look like this
GET http://localhost:34701/api/products/1?version=1.5&details=1
You do have to mention the port in the request.
While the routing that Arathy mentioned above was partially to blame, the real problem turned out to be relatively simple. In my case simply selecting Properties->Web for each of offending pages and setting "Override application root URL" to checked fixed the whole problem.
I've discovered something peculiar that's been going on for the past 2 days.
I'm returning back custom JSON message in my Web API 2.0. E.g. when there's been an Unauthorized Response (HttpStatusCode 401)..it's only returning back the HttpStatusCode and NOT the JSON.
Simply put, anything apart from a HTTP Status Code 200 is NOT returning back the custom JSON that I've explicitly put in my ActionHandlers to return back.
This has happened recently, in the past 2 days. I've tested my code locally and I'm getting the expected output I need..the custom JSON error messages but as soon as I publish to one of my slots whether it be production or dev..only HttpStatus Codes are being returned.
Can anyone verify this for me? I need a way to sort this issue out or atleast have Azure take a look at this and tell me what to do. I suspect it's been an Azure update which I'm unaware of.
Probably some kind of customErrors logic kicks in when you are remotely testing your site. Those logics are usually disabled when browsing locally.
Check your configuration. Under IIS, there is also the httpErrors configuration which may interfere.
And have you set TrySkipIisCustomErrors to true when your code yields an error responses?
Ok, so I've figured out the issue.
Upgraded Visual Studio to 2015 to get the .NET Framework to use 4.6.
Changed all of my projects in the solution to point to 4.6, re-compiled, published and finally tested.
Errors are returning back JSON now too.
IMO, Azure could've atleast sent us an update. Anyways, posting this answer so hopefully anyone else using Web Api can easily forgo this issue.
I'm using Google Apis, instead of Google Sign In, to connect to Google on my app because I'm developping with Xamarin.
This is the library I'm using : https://github.com/xamarin/google-apis
When I'm logging in, i get this error :
Authentication Error
Unexpected character '<'. At line 1, column 0.
Maybe it's because my AccessTokenUrl is not good, but I've tried many things. I know for a fact that my ClientId, my RedirectUrl and my Secret are okay.
When logging in, Google asks correctly for the good permissions that I want, but after I accept, this is when I receive the error.
I've tried finding the request to see if there was the '<' in it but had no luck accessing it.
Is there a good way to connect to Google with Xamarin using this library or I'm just doing something bad?
Should I just do it nativaly on iOS and Android?
Thanks
I just encountered a similar problem using Xamarin.Auth to hit a custom OAuth service (i.e. not Google). In my case, the accessTokenUrl pointed to an action on a controller that was entirely protected by the [Authorize] attribute. Naturally, the user was required to login before hitting the /oauth/authorize endpoint using a web browser, but the request to /oauth/token to exchange the resulting authorization code for an access token was not inside the same web browser/session. It was trying to get back token data in JSON format but was being redirected to an HTML login screen. Once I changed the token endpoint for anonymous access, things started working (Note: A valid authorization code cannot be obtained without authenticating).
General Recommendations
The error message strongly suggests that the response coming back is HTML (or at least some form of XML). This could be an authentication redirect as it was in my scenario, or possibly some sort of error page. I would first start by setting up a proxy. I used Charles Proxy to uncover some interesting information. You will need to configure SSL on the proxy to see anything except high level information. This will show the exact requests coming out of your app to the OAuth application.
Another technique I used was simulating the requests that the OAuth2Authenticator would be making in a web browser and/or Postman. The first request would be to authorize:
https://your.domain.here/oauth/authorize?client_id=<some_client_id>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F&response_type=code&scope=<some_scope>&state=<some_state>
That endpoint should be protected, so you will likely be redirected to something like this:
https://your.domain.here/Account/Login?returnurl=%2Foauth%2Fauthorize%3Fclient_id%3D<some_client_id>%26redirect_uri%3Dhttp%253A%252F%252Fyour.domain.here%252F%26response_type%3Dcode%26scope%3D<some_scope>%26state%3D<some_state>
After authenticating, the authorize endpoint should redirect to your redirect URI with the authorization code and state included as query string parameters. You will use the code in the next step.
Lastly, using a fresh web browser (i.e. new session), you should hit the token endpoint with your new authorization code and other client information.
https://your.domain.here/oauth/token?client_id=<some_client_id>&client_secret=<some_secret>&grant_type=<your_grant_type>&code=<your_authorization_code>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F
If the response is not JSON data, it should give you an indication about what is failing with Xamarin.
Got the same error.
Solved by using https://accounts.google.com/o/oauth2/token as AccessTokenUrl
I was trying to throw a quick WCF WebAPI project together up on AppHarbor tonight and ran into some issues. The WCF API is couched inside an empty MVC3 project just like is demo'd on the WCF CodePlex site. https://github.com/jptoto/Postmark-Response-Code-Generator The API itself is quite basic, when you type an http response error code on the end of the url the response will be the proper error code. So, for example, using http://responsecodes.appharbor.com/api/response/405 in Fiddler or some other http client will return the proper error response for a 405 error. (This API is just a convenient way to test with proper error responses).
Anyway, no matter what I try I get 404 errors from AH. I can't tell if the routing isn't working on what. When I download the built code from AH and run it locally inside IIS it runs fine, no problem.
If AH just doesn't support some kind of routing that is in WebAPI Preview 6 that's fine. I just want to cover all my bases. Thanks!!
It seems that you are using the wrong URL and that your app is running here: http://responsecodes.apphb.com/api/response/406
(apphb instead of appharbor)