I am developing a ONVIF driver using .NET 4 (Windows Forms, not WCF).
I started importing WSDL files as a service in visual studio.
So I am able to send command to a device in this way:
HttpTransportBindingElement httpTransportBindingElement = new HttpTransportBindingElement();
[...]
TextMessageEncodingBindingElement messegeElement = new TextMessageEncodingBindingElement();
[...]
CustomBinding binding = new CustomBinding(messegeElement, httpTransportBindingElement);
[...]
EndpointAddress serviceAddress = new EndpointAddress(url);
DeviceClient deviceClient = new DeviceClient(binding, serviceAddress);
Device channel = deviceClient.ChannelFactory.CreateChannel();
DeviceServiceCapabilities dsc = channel.GetServiceCapabilities();
But I am not able to manage HTTP digest authentication. I spent days searching on google examples and solutions, but the only ways seems to be hand write XML code. There is not any clean solution like:
deviceClient.ChannelFactory.Credentials.HttpDigest.ClientCredential.UserName = USERNAME;
deviceClient.ChannelFactory.Credentials.HttpDigest.ClientCredential.Password = digestPassword;
(that doesn't work)?
First of all you should install Microsoft.Web.Services3 package. (View> Other windows> Package manager console). Then you must add digest behavior to your endpoint. The first part of the code is PasswordDigestBehavior class and after that it is used for connecting to an ONVIF device service.
public class PasswordDigestBehavior : IEndpointBehavior
{
public String Username { get; set; }
public String Password { get; set; }
public PasswordDigestBehavior(String username, String password)
{
this.Username = username;
this.Password = password;
}
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
// do nothing
}
public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
//clientRuntime.MessageInspectors.Add(new PasswordDigestMessageInspector(this.Username, this.Password));
clientRuntime.MessageInspectors.Add(new PasswordDigestMessageInspector(this.Username, this.Password));
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
throw new NotImplementedException();
}
public void Validate(ServiceEndpoint endpoint)
{
// do nothing...
}
}
public class PasswordDigestMessageInspector : IClientMessageInspector
{
public String Username { get; set; }
public String Password { get; set; }
public PasswordDigestMessageInspector(String username, String password)
{
this.Username = username;
this.Password = password;
}
public void AfterReceiveReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
{
// do nothing
}
public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
// Use the WSE 3.0 security token class
var option = PasswordOption.SendHashed;
if (string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password))
option = PasswordOption.SendPlainText;
UsernameToken token = new UsernameToken(this.Username, this.Password, option);
// Serialize the token to XML
XmlDocument xmlDoc = new XmlDocument();
XmlElement securityToken = token.GetXml(xmlDoc);
// find nonce and add EncodingType attribute for BSP compliance
XmlNamespaceManager nsMgr = new XmlNamespaceManager(xmlDoc.NameTable);
nsMgr.AddNamespace("wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlNodeList nonces = securityToken.SelectNodes("//wsse:Nonce", nsMgr);
XmlAttribute encodingAttr = xmlDoc.CreateAttribute("EncodingType");
encodingAttr.Value = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
if (nonces.Count > 0)
{
nonces[0].Attributes.Append(encodingAttr);
//nonces[0].Attributes[0].Value = "foo";
}
//
MessageHeader securityHeader = MessageHeader.CreateHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", securityToken, false);
request.Headers.Add(securityHeader);
// complete
return Convert.DBNull;
}
}
And this is how to use it:
var endPointAddress = new EndpointAddress("http://DEVICE_IPADDRESS/onvif/device_service");
var httpTransportBinding = new HttpTransportBindingElement { AuthenticationScheme = AuthenticationSchemes.Digest };
var textMessageEncodingBinding = new TextMessageEncodingBindingElement { MessageVersion = MessageVersion.CreateVersion(EnvelopeVersion.Soap12, AddressingVersion.None) };
var customBinding = new CustomBinding(textMessageEncodingBinding, httpTransportBinding);
var passwordDigestBehavior = new PasswordDigestBehavior(USERNAME, PASSWORD);
var deviceService = new DeviceClient(customBinding, endPointAddress);
deviceService.Endpoint.Behaviors.Add(passwordDigestBehavior);
For future readers, finally I was able to perform both type of authentication without using WSE 3.0.
This is partial code (for shortness), based on the IClientMessageInspector interface (you can find lot of other examples based on this interface):
public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
if (HTTPDigestAuthentication)
{
string digestHeader = string.Format("Digest username=\"{0}\",realm=\"{1}\",nonce=\"{2}\",uri=\"{3}\"," +
"cnonce=\"{4}\",nc={5:00000000},qop={6},response=\"{7}\",opaque=\"{8}\"",
_username, realm, nonce, new Uri(this.URI).AbsolutePath, cnonce, counter, qop, digestResponse, opaque);
HttpRequestMessageProperty httpRequest = new HttpRequestMessageProperty();
httpRequest.Headers.Add("Authorization", digestHeader);
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequest);
return Convert.DBNull;
}
else if (UsernametokenAuthorization)
{
string headerText = "<wsse:UsernameToken xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
"<wsse:Username>" + _username + "</wsse:Username>" +
"<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">" + digestPassword + "</wsse:Password>" +
"<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + Convert.ToBase64String(nonce) + "</wsse:Nonce>" +
"<wsu:Created xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + created + "</wsu:Created>" +
"</wsse:UsernameToken>";
XmlDocument MyDoc = new XmlDocument();
MyDoc.LoadXml(headerText);
MessageHeader myHeader = MessageHeader.CreateHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", MyDoc.DocumentElement, false);
request.Headers.Add(myHeader);
return Convert.DBNull;
}
return request;
}
This class should be able to replace the WSE UserNameToken object and remove the dependency on WSE. It also makes the searching and repairing nonces in IClientInspector unnecessary. I've only tested it on 1 camera and only with hashed passwords. YMMV.
public enum PasswordOption
{
SendPlain = 0,
SendHashed = 1,
SendNone = 2
}
public class UsernameToken
{
private string Username;
private string Password;
private PasswordOption PwdOption;
public UsernameToken(string username, string password, PasswordOption option)
{
Username = username;
Password = password;
PwdOption = option;
}
public XmlElement GetXml(XmlDocument xmlDoc)
{
string wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
string wsu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
XmlDocument doc = xmlDoc;
//XmlElement securityEl = doc.CreateElement("Security", wsse);
XmlElement usernameTokenEl = doc.CreateElement("wsse", "UsernameToken", wsse);
XmlAttribute a = doc.CreateAttribute("wsu", "Id", wsu);
usernameTokenEl.SetAttribute("xmlns:wsse", wsse);
usernameTokenEl.SetAttribute("xmlns:wsu", wsu);
a.InnerText = "SecurityToken-" + Guid.NewGuid().ToString();
usernameTokenEl.Attributes.Append(a);
//Username
XmlElement usernameEl = doc.CreateElement("wsse:Username", wsse);
usernameEl.InnerText = Username;
usernameTokenEl.AppendChild(usernameEl);
//Password
XmlElement pwdEl = doc.CreateElement("wsse:Password", wsse);
switch (PwdOption)
{
case PasswordOption.SendHashed:
//Nonce+Create+Password
pwdEl.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
string created = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ");
byte[] nonce = GenerateNonce(16);
byte[] pwdBytes = Encoding.ASCII.GetBytes(Password);
byte[] createdBytes = Encoding.ASCII.GetBytes(created);
byte[] pwdDigest = new byte[nonce.Length + pwdBytes.Length + createdBytes.Length];
Array.Copy(nonce, pwdDigest, nonce.Length);
Array.Copy(createdBytes, 0, pwdDigest, nonce.Length, createdBytes.Length);
Array.Copy(pwdBytes, 0, pwdDigest, nonce.Length + createdBytes.Length, pwdBytes.Length);
pwdEl.InnerText = ToBase64(SHA1Hash(pwdDigest));
usernameTokenEl.AppendChild(pwdEl);
//Nonce
XmlElement nonceEl = doc.CreateElement("wsse:Nonce", wsse);
nonceEl.SetAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
nonceEl.InnerText = ToBase64(nonce);
usernameTokenEl.AppendChild(nonceEl);
//Created
XmlElement createdEl = doc.CreateElement("wsu:Created", wsu);
createdEl.InnerText = created;
usernameTokenEl.AppendChild(createdEl);
break;
case PasswordOption.SendNone:
pwdEl.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pwdEl.InnerText = "";
usernameTokenEl.AppendChild(pwdEl);
break;
case PasswordOption.SendPlain:
pwdEl.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pwdEl.InnerText = Password;
usernameTokenEl.AppendChild(pwdEl);
break;
}
return usernameTokenEl;
}
private byte[] GenerateNonce(int bytes)
{
byte[] output = new byte[bytes];
Random r = new Random(DateTime.Now.Millisecond);
r.NextBytes(output);
return output;
}
private static byte[] SHA1Hash(byte[] input)
{
SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider();
return sha1Hasher.ComputeHash(input);
}
private static string ToBase64(byte[] input)
{
return Convert.ToBase64String(input);
}
}
}
Related
[Note: I've already worked out an answer to this but struggled to find anything online so I'm adding it here]
I need to invalidate the cache for an individual AWS API Gateway endpoint using ASPNETCORE.
The docs say to send a signed request. How do you do this in .NET?
I'm answering my own question as I couldn't find much information online and it took a bit of time to get working. Hopefully it'll help someone.
I've added code here: https://gist.github.com/secretorange/905b4811300d7c96c71fa9c6d115ee24
CacheInvalidationRequestBuilder.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;
namespace Aws
{
public static class CacheInvalidationRequestBuilder
{
private const string ServiceName = "execute-api";
private const string Algorithm = "AWS4-HMAC-SHA256";
private const string ContentType = "application/json";
private const string DateTimeFormat = "yyyyMMddTHHmmssZ";
private const string DateFormat = "yyyyMMdd";
public static WebRequest Build(CacheInvalidationRequestModel request)
{
string hashedRequestPayload = CreateRequestPayload(String.Empty);
string authorization = Sign(request, hashedRequestPayload, "GET", request.AbsolutePath, request.QueryString);
string requestDate = DateTime.UtcNow.ToString(DateTimeFormat);
var webRequest = WebRequest.Create($"https://{request.Host}{request.AbsolutePath}");
webRequest.Method = "GET";
webRequest.ContentType = ContentType;
webRequest.Headers.Add("Cache-Control", "max-age=0");
webRequest.Headers.Add("Host", request.Host);
webRequest.Headers.Add("X-Amz-Date", requestDate);
webRequest.Headers.Add("Authorization", authorization);
return webRequest;
}
private static string CreateRequestPayload(string jsonString)
{
return HexEncode(Hash(ToBytes(jsonString)));
}
private static string Sign(CacheInvalidationRequestModel request, string hashedRequestPayload, string requestMethod, string canonicalUri, string canonicalQueryString)
{
var currentDateTime = DateTime.UtcNow;
var dateStamp = currentDateTime.ToString(DateFormat);
var requestDate = currentDateTime.ToString(DateTimeFormat);
var credentialScope = $"{dateStamp}/{request.Region}/{ServiceName}/aws4_request";
var headers = new SortedDictionary<string, string> {
{ "cache-control", "max-age=0" },
{ "content-type", ContentType },
{ "host", request.Host },
{ "x-amz-date", requestDate }
};
var canonicalHeaders = string.Join("\n", headers.Select(x => x.Key.ToLowerInvariant() + ":" + x.Value.Trim())) + "\n";
// Task 1: Create a Canonical Request For Signature Version 4
var SignedHeaders = String.Join(';', headers.Select(x => x.Key.ToLowerInvariant()));
var canonicalRequest = $"{requestMethod}\n{canonicalUri}\n{canonicalQueryString}\n{canonicalHeaders}\n{SignedHeaders}\n{hashedRequestPayload}";
var hashedCanonicalRequest = HexEncode(Hash(ToBytes(canonicalRequest)));
// Task 2: Create a String to Sign for Signature Version 4
var stringToSign = $"{Algorithm}\n{requestDate}\n{credentialScope}\n{hashedCanonicalRequest}";
// Task 3: Calculate the AWS Signature Version 4
var signingKey = GetSignatureKey(request.SecretKey, dateStamp, request.Region, ServiceName);
var signature = HexEncode(HmacSha256(stringToSign, signingKey));
// Task 4: Prepare a signed request
// Authorization: algorithm Credential=access key ID/credential scope, SignedHeadaers=SignedHeaders, Signature=signature
var authorization = $"{Algorithm} Credential={request.AccessKey}/{dateStamp}/{request.Region}/{ServiceName}/aws4_request, SignedHeaders={SignedHeaders}, Signature={signature}";
return authorization;
}
private static byte[] GetSignatureKey(string key, string dateStamp, string regionName, string serviceName)
{
var kDate = HmacSha256(dateStamp, ToBytes("AWS4" + key));
var kRegion = HmacSha256(regionName, kDate);
var kService = HmacSha256(serviceName, kRegion);
return HmacSha256("aws4_request", kService);
}
private static byte[] ToBytes(string str)
{
return Encoding.UTF8.GetBytes(str.ToCharArray());
}
private static string HexEncode(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", string.Empty).ToLowerInvariant();
}
private static byte[] Hash(byte[] bytes)
{
return SHA256.Create().ComputeHash(bytes);
}
private static byte[] HmacSha256(string data, byte[] key)
{
return new HMACSHA256(key).ComputeHash(ToBytes(data));
}
}
}
CacheInvalidationRequestModel.cs
using System;
using System.Collections.Generic;
using System.Text;
namespace Aws
{
public class CacheInvalidationRequestModel
{
public string Region { get; set; }
public string Host { get; set; }
public string AbsolutePath { get; set; }
public string QueryString { get; set; }
public string AccessKey { get; set; }
public string SecretKey { get; set; }
}
}
How to use the code
To make a request, use code similar to:
var url = $"/myendpoint";
var model = GetCacheInvalidationRequestModel(url);
var request = CacheInvalidationRequestBuilder.Build(model);
try
{
// Hit the endpoint
using (var response = request.GetResponse())
{
// Not currently doing anything with the response
}
}
catch(Exception ex)
{
Logger.LogError(ex, "Problem invalidating cache for url: " + url);
}
The GetCacheInvalidationRequestModel method might look something like this (I pass in the model properties as IOptions):
private CacheInvalidationRequestModel GetCacheInvalidationRequestModel(string absolutePath)
{
return new CacheInvalidationRequestModel()
{
Region = Options.Region,
Host = Options.Host,
AccessKey = Options.InvalidatorKey,
SecretKey = Options.InvalidatorSecret,
AbsolutePath = absolutePath
};
}
AWS Information
AWS docs for building signed requests are here: https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
Your AWS user will need an attached policy, as shown here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:InvalidateCache"
],
"Resource": [
"arn:aws:execute-api:region:account-id:api-id/stage-name/GET/resource-path-specifier"
]
}
]
}
NOTE: You can use wildcards if you like.
good morning, I have a solution in .net where I call the webservices of saber bargain finder max. Now I want to download the compressed information but the response object returns null. I read that you have to call the interface IClientMessageInspector BeforeSendRequest and AfterReceiveReply but I do not know how to proceed. someone will have an example or solution about it? Thank you
The response for the service cannot handle the compressed response, so yes, you have to put middleware in order to process the decompression before you let it continue.
First of all, you need to import the BFM WSDL as a service instead of as a web services, so:
Right click on "Service References" and click on "Add Service Reference..."
Paste the WSDL URL under "Address:" and click on "Go"
Recommendation: Download the WSDL and the associated schemas so you can modify them, since .NET has some issues handling some things, which you can manually modify. Sabre has some covered here.
Name the service whatever you like, in this example I'll call it BargainFinderMaxRQ_4_1_0_Srvc, under "Namespace:" and click on "OK"
Then, I created 2 classes, one that will be the one calling BFM ("BFM_v410Service"), and another one for the middleware ("BFMInspector").
Let's start with the BFMInspector:
// The inspector class has to implement both IClientMessageInspector and IEndpointBehavior interfaces
public class BFMInspector : IClientMessageInspector, IEndpointBehavior
{
// This is the method to action after receiving a response from Sabre
public void AfterReceiveReply(ref Message reply, object correlationState)
{
try
{
// Get compressed response from reply and load that into a byte array.
XmlDictionaryReader bodyReader = reply.GetReaderAtBodyContents();
bodyReader.ReadStartElement("CompressedResponse");
byte[] bodyByteArray = bodyReader.ReadContentAsBase64();
// Create some helper variables
StringBuilder uncompressed = new StringBuilder();
String xmlString = "";
XmlDocument xmlPayload = new XmlDocument();
// Load the byte array into memory
using (MemoryStream memoryStream = new MemoryStream(bodyByteArray))
{
// Unzip the Stream
using (GZipStream gZipStream = new GZipStream(memoryStream, CompressionMode.Decompress))
{
byte[] buffer = new byte[1024];
int readBytes;
// Unzips character by character
while ((readBytes = gZipStream.Read(buffer, 0, buffer.Length)) != 0)
{
for (int i = 0; i < readBytes; i++)
// Append all characters to build the response
uncompressed.Append((char)buffer[i]);
}
}
xmlString = uncompressed.ToString();
xmlString = xmlString.Replace("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>", "");
}
// Convert the string into an XML
xmlPayload.LoadXml(xmlString);
// Create a new Message, which is what will substitute what was returned by Sabre
Message tempMessage = Message.CreateMessage(reply.Version, null, xmlPayload.ChildNodes[0]);
tempMessage.Headers.CopyHeadersFrom(reply.Headers);
tempMessage.Properties.CopyProperties(reply.Properties);
MessageBuffer bufferOfFault = tempMessage.CreateBufferedCopy(Int32.MaxValue);
// Replace the reply with the new Message
reply = bufferOfFault.CreateMessage();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
// Nothing is done here, so we simply return null
return null;
}
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
// Nothing done
}
public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
{
// Add "this" as an endpoint to be inspected
clientRuntime.MessageInspectors.Add(this);
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
{
// Nothing done
}
public void Validate(ServiceEndpoint endpoint)
{
// Nothing done
}
}
Now, the BFM_v410Service:
// BFM calling class
public class BFM_v410Service
{
// The constructor and CreateRequest simeply create a complete request
private BargainFinderMaxRQRequest service;
private OTA_AirLowFareSearchRQ request;
public OTA_AirLowFareSearchRS response;
private string endpoint;
public BFM_v410Service(string token, string pcc, string convId, string endpoint)
{
CreateRequest(pcc, true);
this.endpoint = endpoint;
service = new BargainFinderMaxRQRequest()
{
MessageHeader = new BargainFinderMaxRQ_3_4_0_Srvc.MessageHeader()
{
From = new From()
{
PartyId = new PartyId[]
{
new PartyId()
{
Value = pcc
}
}
},
To = new To()
{
PartyId = new PartyId[]
{
new PartyId()
{
Value = endpoint
}
}
},
ConversationId = convId,
CPAId = pcc,
Service = new Service()
{
Value = "BargainFinderMaxRQ"
},
Action = "BargainFinderMaxRQ",
MessageData = new MessageData()
{
Timestamp = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssK")
}
},
OTA_AirLowFareSearchRQ = request,
Security = new Security()
{
BinarySecurityToken = token
}
};
}
private void CreateRequest(string pcc, bool compressed)
{
request = new OTA_AirLowFareSearchRQ()
{
Version = "3.4.0",
POS = new SourceType[]
{
new SourceType()
{
PseudoCityCode = pcc,
RequestorID = new UniqueID_Type()
{
ID = "1",
Type = "1",
CompanyName = new CompanyNameType()
{
Code = "TN",
Value = "TN"
}
}
}
},
OriginDestinationInformation = new OTA_AirLowFareSearchRQOriginDestinationInformation[]
{
new OTA_AirLowFareSearchRQOriginDestinationInformation()
{
RPH = "1",
Item = "2018-09-21T11:00:00",
ItemElementName = ItemChoiceType.DepartureDateTime,
OriginLocation = new OriginDestinationInformationTypeOriginLocation()
{
LocationCode = "MVD"
},
DestinationLocation = new OriginDestinationInformationTypeDestinationLocation()
{
LocationCode = "KRK"
}
},
new OTA_AirLowFareSearchRQOriginDestinationInformation()
{
RPH = "2",
Item = "2018-09-28T11:00:00",
ItemElementName = ItemChoiceType.DepartureDateTime,
OriginLocation = new OriginDestinationInformationTypeOriginLocation()
{
LocationCode = "KRK"
},
DestinationLocation = new OriginDestinationInformationTypeDestinationLocation()
{
LocationCode = "MVD"
}
}
},
TravelerInfoSummary = new TravelerInfoSummaryType()
{
AirTravelerAvail = new TravelerInformationType[]
{
new TravelerInformationType()
{
PassengerTypeQuantity = new PassengerTypeQuantityType[]
{
new PassengerTypeQuantityType()
{
Code = "ADT",
Quantity = "1"
}
}
}
}
},
TPA_Extensions = new OTA_AirLowFareSearchRQTPA_Extensions()
{
IntelliSellTransaction = new TransactionType()
{
RequestType = new TransactionTypeRequestType()
{
Name = "50ITINS"
},
CompressResponse = new TransactionTypeCompressResponse()
{
Value = compressed
}
}
}
};
}
public void Execute()
{
try
{
// Instanciate the Inspector
BFMInspector inspector = new BFMInspector();
// Select the URL you'll be sending the request. I've passed this as a parameter in the constructor
EndpointAddress url = new EndpointAddress(new Uri(endpoint));
// Create a binding, with a couple of characteristics, because of the size of the response
Binding binding = new BasicHttpsBinding()
{
MaxReceivedMessageSize = Int32.MaxValue,
MaxBufferSize = Int32.MaxValue
};
// Create the executable the BargainFinderMaxPortTypeClient variable, which will allow me to call the service
BargainFinderMaxPortTypeClient execute = new BargainFinderMaxPortTypeClient(binding, url);
// Add the middleware. Here's where ApplyClientBehavior is called behind the scene and adds itself
execute.Endpoint.EndpointBehaviors.Add(inspector);
// Call BFM and successfully get the response as an OTA_AirLowFareSearchRS object
response = execute.BargainFinderMaxRQ(ref service.MessageHeader, ref service.Security, request);
Console.WriteLine(response);
}
catch(Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
Then, simply call this from a console application:
static void Main(string[] args)
{
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
string token = #"Shared/IDL:IceSess\/SessMgr:1\.0.IDL/Common/!ICESMS\/RESA!ICESMSLB\/RES.LB!-3146624380791354996!413892!0!1!E2E-1";
string pcc = "XXXX";
string convId = "HERE GOES YOUR CONVERSATION ID";
string endpoint = "https://webservices.havail.sabre.com";
BFM_v410Service bfm340 = new BFM_v410Service(token, pcc, convId, endpoint);
bfm410.Execute();
}
Hope this helps!
I'm trying to consume a third-party web service (discription on russian language) https://92.46.122.150:8443/esf-web/ws/SessionService?wsdl
I am trying to connect to a website using method "createSession", get Id session and close session in a website.
Do this I using Visual Studio 2013, C#, .NET 4.5, WSE 3.0 (Microsoft.Web.Services3.dll).
I have already created project in Visual Studio 2013 "Windows Forms Application". In this form user can enter user name, login and to choose his a digital signature certificate. Also I added web service as a "web service reference" but I'm not sure how to pass the credentials for the header.
I'm trying to do this:
string strPasswordCertificate = "123456";
string strCertificate = "C:/Test/AUTH_RSA_db79bb07b4722c042e025979b3b11995fc46765b.p12";
X509Certificate x509_CertAUTH = new X509Certificate(strCertificateFilePathAUTH, strPasswordCertificate);
string strCertAUTH = x509_CertAUTH.ToString();
CreateSessionRequest CreateReq = new CreateSessionRequest();
CreateReq.x509Certificate = strCertAUTH;
string strIIN = "753159846249";
CreateReq.tin = strIIN;
WS.createSession(CreateReq);
But when run a programm Visual studio show an error on a line with "WS.createSession(CreateReq)" like below:
SoapHeaderException was unhandled.
An unhandled exception of type "System.Web.Service.Protocols.SoapHeaderExeption" occurred in System.Web.Services.dll
Additional information: An error was discovered processing the "wsse:Security" header.
This exception is thrown when an XML Web service method is called over SOAP and an exception occurs during processing of the SOAP header.
After that I made changes in my code like below:
string strPasswordCertificate = "123456";
string strCertificate = "C:/Test/AUTH_RSA_db79bb07b4722c042e025979b3b11995fc46765b.p12";
X509Certificate x509_CertAUTH = new X509Certificate(strCertificateFilePathAUTH, strPasswordCertificate);
string strCertAUTH = x509_CertAUTH.ToString();
CreateSessionRequest CreateReq = new CreateSessionRequest();
CreateReq.x509Certificate = strCertAUTH;
string strIIN = "753159846249";
CreateReq.tin = strIIN;
WS.createSession(CreateReq);
string _userName = "123456789011";
string _UserPassword = "TestPass123";
UsernameToken userToken;
userToken = new UsernameToken(_userName, _UserPassword, PasswordOption.SendPlainText);
SessionService WS = new SessionService();
SoapContext requestContext = WS.RequestSoapContext;
requestContext.Security.Tokens.Add(userToken);
WS.createSession(CreateReq);
But when run a programm Visual studio show error on a line with "WS.createSession(CreateReq)" like below:
SoapHeaderException was unhandled.
An unhandled exception of type 'System.Web.Service.Protocols.SoapHeaderExeption' occurred in System.Web.Services.dll
Additional information: An invalid security token was provided.
What I need more to do or change in my code that web reverence start to work? Any idea?
First, need add web service "https://92.46.122.150:8443/esf-web/ws/SessionService?wsdl" like Service Reference.
Second, your certificate should be like trusted. If not, then you can do this using code below:
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Third, add in your solution new item like C# class for your SOAP header. In this class shoud be code like below:
namespace WindowsFormsApplication1
{
public class MySoapSecurityHeader : MessageHeader
{
private readonly UsernameToken _usernameToken;
public MySoapSecurityHeader(string username, string password)
{
_usernameToken = new UsernameToken(string.Empty, username, password);
}
public MySoapSecurityHeader(string id, string username, string password)
{
_usernameToken = new UsernameToken(id, username, password);
}
public override string Name
{
get { return "Security"; }
}
public override string Namespace
{
get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
}
protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
{
XmlSerializer serializer = new XmlSerializer(typeof(UsernameToken));
serializer.Serialize(writer, _usernameToken);
}
}
[XmlRoot(Namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")]
public class UsernameToken
{
public UsernameToken()
{
}
public UsernameToken(string id, string username, string password)
{
Id = id;
Username = username;
Password = new Password() { Value = password };
}
[XmlAttribute(Namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")]
public string Id { get; set; }
[XmlElement]
public string Username { get; set; }
[XmlElement]
public Password Password { get; set; }
}
public class Password
{
public Password()
{
Type = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
}
[XmlAttribute]
public string Type { get; set; }
[XmlText]
public string Value { get; set; }
}
}
After that you need add code in a file "Form1.cs":
//The path to the certificate.
string certPath = "C:/AUTH_RSA256_e9f5afab50193175883774ec07bac05cb8c9e2d7.p12";
//Password to signing a certificate
string certPassword = "123456";
//IIN or BIN persom who signing ESF on esf_gov site
var tin = "123456789021";
//Load the certificate into an X509Certificate object.
X509Certificate x509Cert = new X509Certificate(certPath, certPassword);
//Transfer sertificate to string value of base64
var certPEM = ExportToPEM(x509Cert);
using (SessionServiceClient client = new SessionServiceClient())
{
using (new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageHeaders.Add(
new MySoapSecurityHeader("123456789011", "TestPass123"));
//Create session for a work with site ESF
CreateSessionRequest createSessionRequest = new CreateSessionRequest
{
tin = tin,
x509Certificate = certPEM
};
var response = client.createSession(createSessionRequest);
MessageBox.Show("Session ID is: " + response.sessionId, "Information message",
MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button1);
//Close session for a work with site ESF
CloseSessionRequest closeSessionRequest = new CloseSessionRequest
{
sessionId = response.sessionId,
tin = tin,
x509Certificate = certPEM
};
var closeResponse = client.closeSession(closeSessionRequest);
}
}
}
public static string ExportToPEM(X509Certificate cert)
{
//Export certificate, get baty array, convert in base64 string
return Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks);
}
Then run a programm and this will be work.
The new Recaptcha 2 looks promising, but i didn't find a way to validate it in ASP.NET's server side,
if(Page.IsValid) in This answer, is valid for the old Recaptcha, but not the new one,
How to validate the new reCAPTCHA in server side?
After reading many resources, I ended up with writing this class to handle the validation of the new ReCaptcha :
As mentioned Here : When a reCAPTCHA is solved by end user, a new field (g-recaptcha-response) will be populated in HTML.
We need to read this value and pass it to the class below to validate it:
In C#:
In the code behind of your page :
string EncodedResponse = Request.Form["g-Recaptcha-Response"];
bool IsCaptchaValid = (ReCaptchaClass.Validate(EncodedResponse) == "true" ? true : false);
if (IsCaptchaValid) {
//Valid Request
}
The Class:
using Newtonsoft.Json;
public class ReCaptchaClass
{
public static string Validate(string EncodedResponse)
{
var client = new System.Net.WebClient();
string PrivateKey = "6LcH-v8SerfgAPlLLffghrITSL9xM7XLrz8aeory";
var GoogleReply = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", PrivateKey, EncodedResponse));
var captchaResponse = Newtonsoft.Json.JsonConvert.DeserializeObject<ReCaptchaClass>(GoogleReply);
return captchaResponse.Success.ToLower();
}
[JsonProperty("success")]
public string Success
{
get { return m_Success; }
set { m_Success = value; }
}
private string m_Success;
[JsonProperty("error-codes")]
public List<string> ErrorCodes
{
get { return m_ErrorCodes; }
set { m_ErrorCodes = value; }
}
private List<string> m_ErrorCodes;
}
In VB.NET:
In the code behind of your page :
Dim EncodedResponse As String = Request.Form("g-Recaptcha-Response")
Dim IsCaptchaValid As Boolean = IIf(ReCaptchaClass.Validate(EncodedResponse) = "True", True, False)
If IsCaptchaValid Then
'Valid Request
End If
The Class:
Imports Newtonsoft.Json
Public Class ReCaptchaClass
Public Shared Function Validate(ByVal EncodedResponse As String) As String
Dim client = New System.Net.WebClient()
Dim PrivateKey As String = "6dsfH-v8SerfgAPlLLffghrITSL9xM7XLrz8aeory"
Dim GoogleReply = client.DownloadString(String.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", PrivateKey, EncodedResponse))
Dim captchaResponse = Newtonsoft.Json.JsonConvert.DeserializeObject(Of ReCaptchaClass)(GoogleReply)
Return captchaResponse.Success
End Function
<JsonProperty("success")> _
Public Property Success() As String
Get
Return m_Success
End Get
Set(value As String)
m_Success = value
End Set
End Property
Private m_Success As String
<JsonProperty("error-codes")> _
Public Property ErrorCodes() As List(Of String)
Get
Return m_ErrorCodes
End Get
Set(value As List(Of String))
m_ErrorCodes = value
End Set
End Property
Private m_ErrorCodes As List(Of String)
End Class
Here's a version that uses the JavaScriptSerializer. Thanks Ala for the basis for this code.
WebConfig App Setting -
I've added the secret key to the Web.Config in my case to allow transforms between environments. It can also be easily encrypted here if required.
<add key="Google.ReCaptcha.Secret" value="123456789012345678901234567890" />
The ReCaptcha Class - A simple class to post the response parameter along with your secret to Google and validate it. The response is deserialized using the .Net JavaScriptSerializer class and from that true or false returned.
using System.Collections.Generic;
using System.Configuration;
public class ReCaptcha
{
public bool Success { get; set; }
public List<string> ErrorCodes { get; set; }
public static bool Validate(string encodedResponse)
{
if (string.IsNullOrEmpty(encodedResponse)) return false;
var client = new System.Net.WebClient();
var secret = ConfigurationManager.AppSettings["Google.ReCaptcha.Secret"];
if (string.IsNullOrEmpty(secret)) return false;
var googleReply = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secret, encodedResponse));
var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
var reCaptcha = serializer.Deserialize<ReCaptcha>(googleReply);
return reCaptcha.Success;
}
}
Validate The Response - Check the validity of the g-Recaptcha-Response form parameter in your Controller (or code behind for a web form) and take appropriate action.
var encodedResponse = Request.Form["g-Recaptcha-Response"];
var isCaptchaValid = ReCaptcha.Validate(encodedResponse);
if (!isCaptchaValid)
{
// E.g. Return to view or set an error message to visible
}
Most of these answers seem more complex than needed. They also dont specify the IP which will help prevent a interception attack (https://security.stackexchange.com/questions/81865/is-there-any-reason-to-include-the-remote-ip-when-using-recaptcha). Here's what I settled on
public bool CheckCaptcha(string captchaResponse, string ipAddress)
{
using (var client = new WebClient())
{
var response = client.DownloadString($"https://www.google.com/recaptcha/api/siteverify?secret={ ConfigurationManager.AppSettings["Google.ReCaptcha.Secret"] }&response={ captchaResponse }&remoteIp={ ipAddress }");
return (bool)JObject.Parse(response)["success"];
}
}
You can use "IsValidCaptcha()" method to validate your google recaptcha on server side. Replace your secret key with "YourRecaptchaSecretkey" in the following method.
Public bool IsValidCaptcha()
{
string resp = Request["g-recaptcha-response"];
var req = (HttpWebRequest)WebRequest.Create
(https://www.google.com/recaptcha/api/siteverify?secret=+ YourRecaptchaSecretkey + "&response=" + resp);
using (WebResponse wResponse = req.GetResponse())
{
using (StreamReader readStream = new StreamReader(wResponse.GetResponseStream()))
{
string jsonResponse = readStream.ReadToEnd();
JavaScriptSerializer js = new JavaScriptSerializer();
// Deserialize Json
CaptchaResult data = js.Deserialize<CaptchaResult>(jsonResponse);
if (Convert.ToBoolean(data.success))
{
return true;
}
}
}
return false;
}
Also create following class as well.
public class CaptchaResult
{
public string success { get; set; }
}
According to the doc you just post your secret key and user's answer to API and read returned "success" property
SHORT ANSWER:
var webClient = new WebClient();
string verification = webClient.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secretKey, userResponse));
if (JObject.Parse(verification)["success"].Value<bool>())
{
// SUCCESS!!!
FULL EXAMPLE:
Suppose, you implement this page in IamNotARobotLogin.cshtml.
<head>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<form action="Login" method="POST">
<div class="g-recaptcha" data-sitekey="your_site_key"></div><br/>
<input type="submit" value="Log In">
</form>
</body>
And suppose you wish the controller saved, let's say, "I_AM_NOT_ROBOT" flag in the session if the verification succeeded:
public ActionResult IamNotARobotLogin()
{
return View();
}
[HttpPost]
public ActionResult Login()
{
const string secretKey = "6LcH-v8SerfgAPlLLffghrITSL9xM7XLrz8aeory";
string userResponse = Request.Form["g-Recaptcha-Response"];
var webClient = new System.Net.WebClient();
string verification = webClient.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secretKey, userResponse));
var verificationJson = Newtonsoft.Json.Linq.JObject.Parse(verification);
if (verificationJson["success"].Value<bool>())
{
Session["I_AM_NOT_A_ROBOT"] = "true";
return RedirectToAction("Index", "Demo");
}
// try again:
return RedirectToAction("IamNotARobotLogin");
}
Here's my fork of Ala's solution in order to:
send paramter in POST
to sanitize the form input
include the requester IP address
store the secret in Web.Config:
In the controller:
bool isCaptchaValid = await ReCaptchaClass.Validate(this.Request);
if (!isCaptchaValid)
{
ModelState.AddModelError("", "Invalid captcha");
return View(model);
}
The utility class:
public class ReCaptchaClass
{
private static ILog log = LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
private static string SecretKey = System.Configuration.ConfigurationManager.AppSettings["Google.ReCaptcha.Secret"];
[JsonProperty("success")]
public bool Success { get; set; }
[JsonProperty("error-codes")]
public List<string> ErrorCodes { get; set; }
public static async Task<bool> Validate(HttpRequestBase Request)
{
string encodedResponse = Request.Form["g-Recaptcha-Response"];
string remoteIp = Request.UserHostAddress;
using (var client = new HttpClient())
{
var values = new Dictionary<string, string>
{
{"secret", SecretKey},
{"remoteIp", remoteIp},
{"response", encodedResponse}
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("https://www.google.com/recaptcha/api/siteverify", content);
var responseString = await response.Content.ReadAsStringAsync();
var captchaResponse = Newtonsoft.Json.JsonConvert.DeserializeObject<ReCaptchaClass>(responseString);
if ((captchaResponse.ErrorCodes?.Count ?? 0) != 0)
{
log.Warn("ReCaptcha errors: " + string.Join("\n", captchaResponse.ErrorCodes));
}
return captchaResponse.Success;
}
}
}
This article give clear step by step explication on how to implement a ReCaptcha validation attribute on your model.
First, create the Recaptcha validation attribute.
namespace Sample.Validation
{
public class GoogleReCaptchaValidationAttribute : ValidationAttribute
{
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
Lazy<ValidationResult> errorResult = new Lazy<ValidationResult>(() => new ValidationResult("Google reCAPTCHA validation failed", new String[] { validationContext.MemberName }));
if (value == null || String.IsNullOrWhiteSpace( value.ToString()))
{
return errorResult.Value;
}
IConfiguration configuration = (IConfiguration)validationContext.GetService(typeof(IConfiguration));
String reCaptchResponse = value.ToString();
String reCaptchaSecret = configuration.GetValue<String>("GoogleReCaptcha:SecretKey");
HttpClient httpClient = new HttpClient();
var httpResponse = httpClient.GetAsync($"https://www.google.com/recaptcha/api/siteverify?secret={reCaptchaSecret}&response={reCaptchResponse}").Result;
if (httpResponse.StatusCode != HttpStatusCode.OK)
{
return errorResult.Value;
}
String jsonResponse = httpResponse.Content.ReadAsStringAsync().Result;
dynamic jsonData = JObject.Parse(jsonResponse);
if (jsonData.success != true.ToString().ToLower())
{
return errorResult.Value;
}
return ValidationResult.Success;
}
}
}
Then add the validation attribute on your model.
namespace Sample.Models
{
public class XModel
{
// ...
[Required]
[GoogleReCaptchaValidation]
public String GoogleReCaptchaResponse { get; set; }
}
}
Finally, you have just to call the ModelState.IsValid method
namespace Sample.Api.Controllers
{
[ApiController]
public class XController : ControllerBase
{
[HttpPost]
public IActionResult Post(XModel model)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
// ...
}
}
}
Et voilĂ ! :)
Another example is posted here:
RecaptchaV2.NET (Github)
It also implements the secure token option of Recaptcha 2.0 (look at full source code for that bit, I have stripped out relevant pieces of code ONLY for validating a result).
This one doesn't rely on newtonsoft's json parser and instead uses the built in .NET one.
Here is the relevant snippet of code from the RecaptchaV2.NET library (from recaptcha.cs):
namespace RecaptchaV2.NET
{
/// <summary>
/// Helper Methods for the Google Recaptcha V2 Library
/// </summary>
public class Recaptcha
{
public string SiteKey { get; set; }
public string SecretKey { get; set; }
public Guid SessionId { get; set; }
/// <summary>
/// Validates a Recaptcha V2 response.
/// </summary>
/// <param name="recaptchaResponse">g-recaptcha-response form response variable (HttpContext.Current.Request.Form["g-recaptcha-response"])</param>
/// <returns>RecaptchaValidationResult</returns>
public RecaptchaValidationResult Validate(string recaptchaResponse)
{
RecaptchaValidationResult result = new RecaptchaValidationResult();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://www.google.com/recaptcha/api/siteverify?secret=" + SecretKey + "&response="
+ recaptchaResponse + "&remoteip=" + GetClientIp());
//Google recaptcha Response
using (WebResponse wResponse = req.GetResponse())
{
using (StreamReader readStream = new StreamReader(wResponse.GetResponseStream()))
{
string jsonResponse = readStream.ReadToEnd();
JavaScriptSerializer js = new JavaScriptSerializer();
result = js.Deserialize<RecaptchaValidationResult>(jsonResponse.Replace("error-codes", "ErrorMessages").Replace("success", "Succeeded"));// Deserialize Json
}
}
return result;
}
private string GetClientIp()
{
// Look for a proxy address first
String _ip = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
// If there is no proxy, get the standard remote address
if (string.IsNullOrWhiteSpace(_ip) || _ip.ToLower() == "unknown")
_ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
return _ip;
}
}
public class RecaptchaValidationResult
{
public RecaptchaValidationResult()
{
ErrorMessages = new List<string>();
Succeeded = false;
}
public List<string> ErrorMessages { get; set; }
public bool Succeeded { get; set; }
public string GetErrorMessagesString()
{
return string.Join("<br/>", ErrorMessages.ToArray());
}
}
}
Google's ReCaptcha API no longer accepts the payload as query string parameters in a GET request. Google always returned a "false" success response unless I sent the data via HTTP POST. Here is an update to Ala's (excellent!) class which POSTs the payload to the Google service endpoint:
using Newtonsoft.Json;
using System.Net;
using System.IO;
using System.Text;
public class RecaptchaHandler
{
public static string Validate(string EncodedResponse, string RemoteIP)
{
var client = new WebClient();
string PrivateKey = "PRIVATE KEY";
WebRequest req = WebRequest.Create("https://www.google.com/recaptcha/api/siteverify");
string postData = String.Format("secret={0}&response={1}&remoteip={2}",
PrivateKey,
EncodedResponse,
RemoteIP);
byte[] send = Encoding.Default.GetBytes(postData);
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = send.Length;
Stream sout = req.GetRequestStream();
sout.Write(send, 0, send.Length);
sout.Flush();
sout.Close();
WebResponse res = req.GetResponse();
StreamReader sr = new StreamReader(res.GetResponseStream());
string returnvalue = sr.ReadToEnd();
var captchaResponse = JsonConvert.DeserializeObject<RecaptchaHandler>(returnvalue);
return captchaResponse.Success;
}
[JsonProperty("success")]
public string Success
{
get { return m_Success; }
set { m_Success = value; }
}
private string m_Success;
[JsonProperty("error-codes")]
public List<string> ErrorCodes
{
get { return m_ErrorCodes; }
set { m_ErrorCodes = value; }
}
private List<string> m_ErrorCodes;
}
Using dynamic to validate recaptcha at server side
Calling Function
[HttpPost]
public ActionResult ClientOrderDetail(FormCollection collection, string EncodedResponse)
{
Boolean Validation = myFunction.ValidateRecaptcha(EncodedResponse);
return View();
}
Function Declaration
public static Boolean ValidateRecaptcha(string EncodedResponse)
{
string PrivateKey = "YourSiteKey";
var client = new System.Net.WebClient();
var GoogleReply = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", PrivateKey, EncodedResponse));
var serializer = new JavaScriptSerializer();
dynamic data = serializer.Deserialize(GoogleReply, typeof(object));
Boolean Status = data["success"];
string challenge_ts = data["challenge_ts"];
string hostname = data["hostname"];
return Status;
}
the example I posted in this so post uses Newtonsoft.JSON to deserialize the full returned JSON, posts the data to Google(as opposed to using a querystring) stores the relevant variables in the web.config rather than hard coded.
I'm new to C# and I'm having some difficulty with saving the XML Atom feed from Gmail to an xml file. I'm certain I'm miles off of where I need to be and I'm embarassed to be asking this but I'm not getting anywhere on my own:(
I'm using the GmailHandler class that's been floating around for some time.
GmailHandler.cs
using System;
using System.Data;
using System.Xml;
using System.Net;
using System.IO;
/*
* this code made by Ahmed Essawy
* AhmedEssawy#gmail.com
* http://fci-h.blogspot.com
*/
/// <summary>
/// Summary description for Class1
/// </summary>
public class GmailHandler
{
private string username;
private string password;
private string gmailAtomUrl;
public string GmailAtomUrl
{
get { return gmailAtomUrl; }
set { gmailAtomUrl = value; }
}
public string Password
{
get { return password; }
set { password = value; }
}
public string Username
{
get { return username; }
set { username = value; }
}
public GmailHandler(string _Username, string _Password, string _GmailAtomUrl)
{
Username = _Username;
Password = _Password;
GmailAtomUrl = _GmailAtomUrl;
}
public GmailHandler(string _Username, string _Password)
{
Username = _Username;
Password = _Password;
GmailAtomUrl = "https://mail.google.com/mail/feed/atom";
}
public XmlDocument GetGmailAtom()
{
byte[] buffer = new byte[8192];
int byteCount = 0;
XmlDocument _feedXml = null;
try
{
System.Text.StringBuilder sBuilder = new System.Text.StringBuilder();
WebRequest webRequest = WebRequest.Create(GmailAtomUrl);
webRequest.PreAuthenticate = true;
System.Net.NetworkCredential credentials = new NetworkCredential(this.Username, this.Password);
webRequest.Credentials = credentials;
WebResponse webResponse = webRequest.GetResponse();
Stream stream = webResponse.GetResponseStream();
while ((byteCount = stream.Read(buffer, 0, buffer.Length)) > 0)
sBuilder.Append(System.Text.Encoding.ASCII.GetString(buffer, 0, byteCount));
_feedXml = new XmlDocument();
_feedXml.LoadXml(sBuilder.ToString());
}
catch (Exception ex)
{
//add error handling
throw ex;
}
return _feedXml;
}
}
Then I've got my Program.cs here:
I'm assuming the issue is with the code below since I'm responsible for that, and not what's above.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Xml;
namespace GmailAtom
{
class Program
{
static void Main()
{
//Create the object from GmailHandler class
GmailHandler gmailFeed = new GmailHandler("username", "password");
//get the feed
XmlDocument myXml = gmailFeed.GetGmailAtom();
XmlTextWriter writer = new XmlTextWriter("data.xml", null);
writer.Formatting = Formatting.Indented;
myXml.Save(writer);
}
}
}
When I run the program I get a "WebException was unhandled - The remote server returned an error: (407) Proxy Authentication Required."
Any advice would be appreciated!
I have tried the code and it works fine (but I have no proxy in my network).
I have changed the GmailHandler.cs, the constructor now accepts a internet proxy.
using System;
using System.Data;
using System.Xml;
using System.Net;
using System.IO;
/*
* this code made by Ahmed Essawy
* AhmedEssawy#gmail.com
* http://fci-h.blogspot.com
*/
/// <summary>
/// Summary description for Class1
/// </summary>
public class GmailHandler
{
private string username;
private string password;
private string gmailAtomUrl;
private string proxy;
public string GmailAtomUrl
{
get { return gmailAtomUrl; }
set { gmailAtomUrl = value; }
}
public string Password
{
get { return password; }
set { password = value; }
}
public string Username
{
get { return username; }
set { username = value; }
}
public string Proxy
{
get { return proxy; }
set { proxy = value; }
}
public GmailHandler(string _Username, string _Password, string _GmailAtomUrl, string _proxy = null)
{
Username = _Username;
Password = _Password;
GmailAtomUrl = _GmailAtomUrl;
Proxy = _proxy;
}
public GmailHandler(string _Username, string _Password, string _proxy = null)
{
Username = _Username;
Password = _Password;
GmailAtomUrl = "https://mail.google.com/mail/feed/atom";
Proxy = _proxy;
}
public XmlDocument GetGmailAtom()
{
byte[] buffer = new byte[8192];
int byteCount = 0;
XmlDocument _feedXml = null;
try
{
System.Text.StringBuilder sBuilder = new System.Text.StringBuilder();
WebRequest webRequest = WebRequest.Create(GmailAtomUrl);
if(!String.IsNullOrWhiteSpace(Proxy))
webRequest.Proxy = new WebProxy(Proxy, true);
webRequest.PreAuthenticate = true;
System.Net.NetworkCredential credentials = new NetworkCredential(this.Username, this.Password);
webRequest.Credentials = credentials;
WebResponse webResponse = webRequest.GetResponse();
Stream stream = webResponse.GetResponseStream();
while ((byteCount = stream.Read(buffer, 0, buffer.Length)) > 0)
sBuilder.Append(System.Text.Encoding.ASCII.GetString(buffer, 0, byteCount));
_feedXml = new XmlDocument();
_feedXml.LoadXml(sBuilder.ToString());
}
catch (Exception ex)
{
//add error handling
throw ex;
}
return _feedXml;
}
}
Use this in your console application:
//Create the object from GmailHandler class
GmailHandler gmailFeed = new GmailHandler("username", "password", "http://proxyserver:80/");
//get the feed
XmlDocument myXml = gmailFeed.GetGmailAtom();
XmlTextWriter writer = new XmlTextWriter("data.xml", null);
writer.Formatting = Formatting.Indented;
myXml.Save(writer);