I need to create a POST method in WebApi so I can send data from application to WebApi method. I'm not able to get header value.
Here I have added header values in the application:
using (var client = new WebClient())
{
// Set the header so it knows we are sending JSON.
client.Headers[HttpRequestHeader.ContentType] = "application/json";
client.Headers.Add("Custom", "sample");
// Make the request
var response = client.UploadString(url, jsonObj);
}
Following the WebApi post method:
public string Postsam([FromBody]object jsonData)
{
HttpRequestMessage re = new HttpRequestMessage();
var headers = re.Headers;
if (headers.Contains("Custom"))
{
string token = headers.GetValues("Custom").First();
}
}
What is the correct method for getting header values?
Thanks.
On the Web API side, simply use Request object instead of creating new HttpRequestMessage
var re = Request;
var headers = re.Headers;
if (headers.Contains("Custom"))
{
string token = headers.GetValues("Custom").First();
}
return null;
Output -
Suppose we have a API Controller
ProductsController : ApiController
There is a Get function which returns some value and expects some input header (for eg. UserName & Password)
[HttpGet]
public IHttpActionResult GetProduct(int id)
{
System.Net.Http.Headers.HttpRequestHeaders headers = this.Request.Headers;
string token = string.Empty;
string pwd = string.Empty;
if (headers.Contains("username"))
{
token = headers.GetValues("username").First();
}
if (headers.Contains("password"))
{
pwd = headers.GetValues("password").First();
}
//code to authenticate and return some thing
if (!Authenticated(token, pwd)
return Unauthorized();
var product = products.FirstOrDefault((p) => p.Id == id);
if (product == null)
{
return NotFound();
}
return Ok(product);
}
Now we can send the request from page using JQuery:
$.ajax({
url: 'api/products/10',
type: 'GET',
headers: { 'username': 'test','password':'123' },
success: function (data) {
alert(data);
},
failure: function (result) {
alert('Error: ' + result);
}
});
Hope this helps someone ...
As someone already pointed out how to do this with .Net Core, if your header contains a "-" or some other character .Net disallows, you can do something like:
public string Test([FromHeader]string host, [FromHeader(Name = "Content-Type")] string contentType)
{
}
Another way using a the TryGetValues method.
public string Postsam([FromBody]object jsonData)
{
IEnumerable<string> headerValues;
if (Request.Headers.TryGetValues("Custom", out headerValues))
{
string token = headerValues.First();
}
}
For .NET Core:
string Token = Request.Headers["Custom"];
Or
var re = Request;
var headers = re.Headers;
string token = string.Empty;
StringValues x = default(StringValues);
if (headers.ContainsKey("Custom"))
{
var m = headers.TryGetValue("Custom", out x);
}
In case someone is using ASP.NET Core for model binding,
https://learn.microsoft.com/en-us/aspnet/core/mvc/models/model-binding
There's is built in support for retrieving values from the header using the [FromHeader] attribute
public string Test([FromHeader]string Host, [FromHeader]string Content-Type )
{
return $"Host: {Host} Content-Type: {Content-Type}";
}
try these line of codes working in my case:
IEnumerable<string> values = new List<string>();
this.Request.Headers.TryGetValues("Authorization", out values);
For WEB API 2.0:
I had to use Request.Content.Headers instead of Request.Headers
and then i declared an extestion as below
/// <summary>
/// Returns an individual HTTP Header value
/// </summary>
/// <param name="headers"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string GetHeader(this HttpContentHeaders headers, string key, string defaultValue)
{
IEnumerable<string> keys = null;
if (!headers.TryGetValues(key, out keys))
return defaultValue;
return keys.First();
}
And then i invoked it by this way.
var headerValue = Request.Content.Headers.GetHeader("custom-header-key", "default-value");
I hope it might be helpful
app.MapGet("/", ([FromHeader(Name = "User-Agent")] string data) =>
{
return $"User agent header is: {data}";
});
A simple function to get a header value, with a "one-liner" variant using TryGetValue:
private string GetHeaderValue(string key) =>
Request.Headers.TryGetValue(key, out var value)
? value.First()
: null;
var headerValue = GetHeaderValue("Custom");
You need to get the HttpRequestMessage from the current OperationContext. Using OperationContext you can do it like so
OperationContext context = OperationContext.Current;
MessageProperties messageProperties = context.IncomingMessageProperties;
HttpRequestMessageProperty requestProperty = messageProperties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
string customHeaderValue = requestProperty.Headers["Custom"];
For .net Core in GET method, you can do like this:
StringValues value1;
string DeviceId = string.Empty;
if (Request.Headers.TryGetValue("param1", out value1))
{
DeviceId = value1.FirstOrDefault();
}
Related
With this I just can obtain 200 status code and reason Phrase is OK
public HttpResponseMessage Authenticate(string userName,string password)
{
var jsonString = JsonConvert.SerializeObject(new {userName=userName,password=password});
var parameters = new RestApiClientMethodParameter
{
AdditionalUri = "authenticate" , Body = jsonString
};
var result = _restApiClient.Post(parameters);
return result;
}
This is Post method of _restApiClient :
public HttpResponseMessage Post(RestApiClientMethodParameter parameter)
{
try
{
var httpContent = new StringContent(parameter.Body, Encoding.UTF8, "application/json");
return _client.PostAsync(parameter.AdditionalUri, httpContent).GetAwaiter().GetResult();
}
catch (Exception e)
{
Console.WriteLine(e);
}
return null;
}
And my requestUri is also true when im debugging, any ideas?
Thanks
I tried to change method return type as my model, i expect to return a bearer token from that uri so i can say that im authenticated to that system
Hope my understanding about your question is right.
If you are just want to change the return type to a string which is a token, you can use ReadAsStringAsync()
// 📌 Change method's return type
public async Task<string> Authenticate(string userName,string password)
{
var jsonString = JsonConvert.SerializeObject(new {userName=userName,password=password});
var parameters = new RestApiClientMethodParameter
{
AdditionalUri = "authenticate" , Body = jsonString
};
var result = _restApiClient.Post(parameters);
// 📌 Use ReadAsStringAsync()
return await result.Content.ReadAsStringAsync();
}
Get result by Result property
string token = Authenticate("userName", "password").Result;
I have an ASP.NET Core 1.0 Web API application and trying to figure out how to pass the exception message to the client if a function that my controller is calling errors out.
I have tried so many things, but nothing implements IActionResult.
I don't understand why this isn't a common thing that people need. If there truthfully is no solution can someone tell me why?
I do see some documentation out there using HttpResponseException(HttpResponseMessage), but in order to use this, I have to install the compat shim. Is there a new way of doing these things in Core 1.0?
Here is something I have been trying with the shim but it isn't working:
// GET: api/customers/{id}
[HttpGet("{id}", Name = "GetCustomer")]
public IActionResult GetById(int id)
{
Customer c = _customersService.GetCustomerById(id);
if (c == null)
{
var response = new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent("Customer doesn't exist", System.Text.Encoding.UTF8, "text/plain"),
StatusCode = HttpStatusCode.NotFound
};
throw new HttpResponseException(response);
//return NotFound();
}
return new ObjectResult(c);
}
When the HttpResponseException is thrown, I look on the client and can't find the message I am sending anything in the content.
Here is an simple error DTO class
public class ErrorDto
{
public int Code {get;set;}
public string Message { get; set; }
// other fields
public override string ToString()
{
return JsonConvert.SerializeObject(this);
}
}
And then using the ExceptionHandler middleware:
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
context.Response.StatusCode = 500; // or another Status accordingly to Exception Type
context.Response.ContentType = "application/json";
var error = context.Features.Get<IExceptionHandlerFeature>();
if (error != null)
{
var ex = error.Error;
await context.Response.WriteAsync(new ErrorDto()
{
Code = <your custom code based on Exception Type>,
Message = ex.Message // or your custom message
// other custom data
}.ToString(), Encoding.UTF8);
}
});
});
Yes it is possible to change the status code to whatever you need:
In your CustomExceptionFilterAttribute.cs file modify the code as follows:
public class CustomExceptionFilterAttribute : ExceptionFilterAttribute
{
public override void OnException(ExceptionContext context)
{
var exception = context.Exception;
context.Result = new ContentResult
{
Content = $"Error: {exception.Message}",
ContentType = "text/plain",
// change to whatever status code you want to send out
StatusCode = (int?)HttpStatusCode.BadRequest
};
}
}
That's pretty much it.
If you have custom exceptions, then you can also check for them when grabbing the thrown exception from the context. Following on from that you can then send out different HTTP Status Codes depdending on what has happened in your code.
Hope that helps.
You can create a custom Exception Filter like below
public class CustomExceptionFilterAttribute : ExceptionFilterAttribute
{
public override void OnException(ExceptionContext context)
{
var exception = context.Exception;
context.Result = new JsonResult(exception.Message);
}
}
Then apply the above attribute to your controller.
[Route("api/[controller]")]
[CustomExceptionFilter]
public class ValuesController : Controller
{
// GET: api/values
[HttpGet]
public IEnumerable<string> Get()
{
throw new Exception("Suckers");
return new string[] { "value1", "value2" };
}
}
Rather than raising and catching an exception, how about you simplify your action to:
// GET: api/customers/{id}
[HttpGet("{id}", Name = "GetCustomer")]
public IActionResult GetById(int id)
{
var customer = _customersService.GetCustomerById(id);
if (customer == null)
{
return NotFound("Customer doesn't exist");
}
return Ok(customer);
}
I wrote a blog post with some more options such as returning a JSON object instead of text.
Maybe that is helpful. You can return just object and sent for example a BadRequest (HTTP CODE: 400) with your custom object as actual parameter (I just used an interpolated string here) but you can put in anything.
In your client side you can catch that error situation for example with an AJAX error handler.
// GET: api/TruckFahrerGeoData
[HttpGet]
public object GetTruckFahrerGeoData()
{
var truckFahrerGeoDataItems = new List<TruckFahrerGeoDataViewModel>();
var geodataItems = _context.TruckFahrerGeoData;
foreach (var truckFahrerGeoData in geodataItems)
{
GeoTelemetryData geoTelemetryData = JsonConvert.DeserializeObject<GeoTelemetryData>(truckFahrerGeoData.TelemetryData);
if (geoTelemetryData == null)
{
return BadRequest($"geoTelemetryData null for id: {truckFahrerGeoData.Id}");
}
TruckFahrerGeoDataViewModel truckFahrerGeoDataViewModel = new TruckFahrerGeoDataViewModel
{
Speed = geoTelemetryData.Speed,
Accuracy = geoTelemetryData.Accuracy,
TruckAppId = geoTelemetryData.Activity.TruckAppId,
TruckAuftragStatusId = geoTelemetryData.Activity.TruckAuftragStatusId,
ClId = geoTelemetryData.Activity.ClId,
TruckAuftragLaufStatusId = geoTelemetryData.Activity.TruckAuftragLaufStatusId,
TaskId = geoTelemetryData.Activity.TaskId,
TruckAuftragWorkflowStatusId = geoTelemetryData.Activity.TruckAuftragWorkflowStatusId
};
truckFahrerGeoDataItems.Add(truckFahrerGeoDataViewModel);
}
return truckFahrerGeoDataItems;
}
Or an even more cleaner way with IActionResult like that way:
// GET: api/TruckFahrerGeoData
[HttpGet]
public IActionResult GetTruckFahrerGeoData()
{
var truckFahrerGeoDataItems = new List<TruckFahrerGeoDataViewModel>();
var geodataItems = _context.TruckFahrerGeoData;
foreach (var truckFahrerGeoData in geodataItems)
{
GeoTelemetryData geoTelemetryData = JsonConvert.DeserializeObject<GeoTelemetryData>(truckFahrerGeoData.TelemetryData);
if (geoTelemetryData == null)
{
return BadRequest($"geoTelemetryData null for id: {truckFahrerGeoData.Id}");
}
TruckFahrerGeoDataViewModel truckFahrerGeoDataViewModel = new TruckFahrerGeoDataViewModel
{
Speed = geoTelemetryData.Speed,
Accuracy = geoTelemetryData.Accuracy,
TruckAppId = geoTelemetryData.Activity.TruckAppId,
TruckAuftragStatusId = geoTelemetryData.Activity.TruckAuftragStatusId,
ClId = geoTelemetryData.Activity.ClId,
TruckAuftragLaufStatusId = geoTelemetryData.Activity.TruckAuftragLaufStatusId,
TaskId = geoTelemetryData.Activity.TaskId,
TruckAuftragWorkflowStatusId = geoTelemetryData.Activity.TruckAuftragWorkflowStatusId
};
truckFahrerGeoDataItems.Add(truckFahrerGeoDataViewModel);
}
return Ok(truckFahrerGeoDataItems);
}
Late to the party but refining the answer .
Define your error response class with minimum below attributes
using Microsoft.AspNetCore.Http;
public class ErrorResponse
{
private readonly RequestDelegate next;
public ErrorResponse(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context )
{
try
{
await next(context);
}
catch (Exception ex)
{
await HandleExceptionAsync(context, ex);
}
}
private static Task HandleExceptionAsync(HttpContext context, Exception ex)
{
var code = HttpStatusCode.InternalServerError;
string result = string.Empty;
object data = new object();
if (ex is ForbiddenException)
{
code = HttpStatusCode.Forbidden;
result = JsonConvert.SerializeObject(new Response<object>(Status.Forbidden(ex.Message), data));
}
else if(ex is BadRequestException){
code = HttpStatusCode.BadRequest;
result = JsonConvert.SerializeObject(new Response<object>(Status.BadRequest(ex.Message), data));
}
else if (ex is NotFoundException)
{
code = HttpStatusCode.NotFound;
result = JsonConvert.SerializeObject(new Response<object>(Status.NotFound(ex.Message), data));
}
else if (ex is UnauthorizedException)
{
code = HttpStatusCode.Unauthorized;
result = JsonConvert.SerializeObject(new Response<object>(Status.Unauthorized(ex.Message), data));
}
else
{
result = JsonConvert.SerializeObject(new Response<object>(Status.InternalServerError(ex.Message), data));
}
context.Response.ContentType = "application/json";
context.Response.StatusCode = (int)code;
return context.Response.WriteAsync(result);
}
}
Next use this class as middleware in startup.cs class
app.UseHttpsRedirection();
app.UseMiddleware(typeof(ErrorResponse));
Now each request and response will go through this class,if an error occurs then error code will be set to true with error code. A sample response like below
data: {}
status: {
code: 404
error: true
message: "No employee data found"
type: "Not Found"
}
I had the same problem and after some research, I found out I could use HttpClient to call my API and read the response easily. HttpClient does not throw any error when the HTTP response contains an error code, but it sets the IsSuccessStatusCode property to false.
This is my function using the HttpClient. I call this from my controller.
public static async Task<HttpResponseMessage> HttpClientPost(string header, string postdata, string url)
{
string uri = apiUrl + url;
using (var client = new HttpClient())
{
//client.BaseAddress = new Uri(uri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", header);
HttpResponseMessage response = await client.PostAsync(uri, new StringContent(postdata));
return response;
}
}
This is my controller code, where I call the function and read the response and determine whether I have an error or not and respond accordingly. Note that I am checking the IsSuccessStatusCode.
HttpResponseMessage response;
string url = $"Setup/AddDonor";
var postdata = JsonConvert.SerializeObject(donor);
response = await ApiHandler.HttpClientPost(HttpContext.Session.GetString(tokenName), postdata, url);
//var headers = response.Headers.Concat(response.Content.Headers);
var responseBody = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
tnxresult = JsonConvert.DeserializeObject<TnxResult>(AppFunctions.CleanResponse(responseBody));
return Json(new
{
ok = true,
message = tnxresult.Message,
statusCode = tnxresult.StatusCode
});
}
else
{
ApiError rs = JsonConvert.DeserializeObject<ApiError>(AppFunctions.CleanResponse(responseBody));
return Json(new
{
ok = false,
message = rs.Message,
statusCode = rs.StatusCode
});
}
My API returns error messages in JSON. If the call is successful, I am packing the response in JSON too.
The crucial line of code is this one...
var responseBody = await response.Content.ReadAsStringAsync();
It serializes the HTTP content to a string as an asynchronous operation.
After that I can convert my JSON string to an object and access the error/success message and the Status Code too.
IDE: Visual Studio 2012
I have controller as follows:
public class MyController: ApiController
{
public IHttpActionResult AddMyControllerInfo([FromBody]Dictionary<string, string> dictCustomer)
{
//Some logic...
return Ok("Success");
}
}
And it is being called from client project:
Calling code is as follows:
internal static void SendInfoToMyController(Dictionary<string, string> dictCustomer)
{
string jsDict = Utilities.SerializeToJson<Dictionary<string, string>>(dictCustomer);
string js = Utilities.MakeRequest_Post("/api/AddMyControllerInfo", jsDict);
}
and here is Make request function:
internal static string MakeRequest_Post(string sURL, string formData)
{
try
{
sURL = ConfigurationManager.AppSettings["ServerApiPath"] + sURL;
using (var client = new WebClient())
{
client.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
var result = client.UploadString(sURL, "POST", "=" + formData);
}
}
catch (Exception ex)
{
}
return "";
}
Above code is working fine when I receive the [FromBody] parameter data in the form of string (json format) datatype, and deserialize it to dictionary form.
but in above scenario I am receiving dictionary object as null.
Can you tell me how to receive the complex object at web api, for above scenario.
You are using the wrong content type in your requests. In your MakeRequest_Post method, change the content type header as follows:
client.Headers[HttpRequestHeader.ContentType] = "application/json";
I believe you also need to remove the leading = from the POST body like this:
var result = client.UploadString(sURL, "POST", formData);
I am consuming a web api wrote in c#, MVC, that looks like:
public IEnumerable<Day> Post([FromBody] string postObject)
Using fiddler or poster I can post to that REST service since my body has a = before my sending JSON, something like
={"BillTypeId":"4","RestId":"1"}
Using retrofit to make this call I can not send that initial = and my request looks like
{"BillTypeId":"4","RestId":"1"}
That makes the rest service receive always a null parameter.
Do you know a way to send it before my json? Since I am calling that rest like this
void postToGetDayList(#Body ResquestListenerBillType request, Callback<List<Day>> callback);
Thank you!!!
If you haven't fixed your issue, I think you can refer to my following code:
WebAPI:
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// POST api/values
public string Post([FromBody]string value)
{
return value;
}
}
Retrofit WebAPIService:
public interface WebAPIService {
#GET("/api/values")
List<String> listValues();
#POST("/api/values")
String postValues(#Body String value);
}
Call webAPIService.postValues("BNK");
You will find the result as the following image. Hope this helps!
before send class convert to string and add one " fist string and add one " on last string then send body
my client API is :
[Put("/WebPage/{key}/")]
Task<string> PutWebPage([AliasAs("key")]string id, [Body]string value);
sample code is :
WebPageModel webPageModelSave = new WebPageModel();
webPageModelSave = ObjectCopier.CloneClass(Public.CashEntity.webPageModel);
webPageModelSave.Address = uxLabel_AddressTitle.Text;
string codeingData = JsonConvert.SerializeObject(webPageModelSave);
codeingData = ArmanSerialize.CryptoString.Encrypt(codeingData, "5552552");
string resutlt = await Public.Helper.ApiServer.PutWebPage("123", "\""+codeingData+"\"");
and on server remove the " fist and last string like this:
// PUT api/<controller>/5
[HttpPut("{id}/")]
public string Put(string id, [FromBody]string value)
{
string removeCotation = value.Remove(value.Length - 1, 1).Remove(0, 1);
string valueItem = ArmanSerialize.CryptoString.Decrypt(value, "5552552");
string baseUrl = Request.Host.Host;
baseUrl = baseUrl.ToLower().Replace("http://", "").Replace("https://", "");
var serverID = 123;
if (id.Replace("\"", "") == serverID.Replace("\"","") && !string.IsNullOrEmpty(valueItem))
{
WebPageModel webPageModel = new WebPageModel();
webPageModel = JsonConvert.DeserializeObject<WebPageModel>(valueItem);
EntityFrameworkCore.LogicLayer logicLayer = new EntityFrameworkCore.LogicLayer();
logicLayer.UpdateWebPageModel(webPageModel);
return JsonConvert.SerializeObject("OK");
}
else
{
//error
return JsonConvert.SerializeObject("Error");
}
}
I test it on xamarin form and asp.net core 3 its work it.
I am building an OAuth 1.0(a) authorization server using DotNetOpenAuth (NuGet package DotNetOpenAuth.OAuth.ServiceProvider, version = 4.1.4.12333). The server is hosted in an ASP.NET application but that's irrelevant to the question.
My ServiceProvider is configured like this:
private ServiceProvider GetServiceProvider()
{
var baseUri = "http://myauth.com";
return new ServiceProvider(
new ServiceProviderDescription
{
UserAuthorizationEndpoint = new MessageReceivingEndpoint(
new Uri(baseUri + "/get_request_token"),
HttpDeliveryMethods.GetRequest
),
RequestTokenEndpoint = new MessageReceivingEndpoint(
new Uri(baseUri + "/authorize"),
HttpDeliveryMethods.PostRequest
),
AccessTokenEndpoint = new MessageReceivingEndpoint(
new Uri(baseUri + "/get_token"),
HttpDeliveryMethods.PostRequest
),
ProtocolVersion = ProtocolVersion.V10a,
TamperProtectionElements = new ITamperProtectionChannelBindingElement[]
{
new PlaintextSigningBindingElement(),
new HmacSha1SigningBindingElement(),
},
},
tokenManager,
new OAuthServiceProviderMessageFactory(tokenManager)
);
}
The relevant part of my get_request_token endpoint looks like this:
var serviceProvider = GetServiceProvider();
var tokenRequest = serviceProvider.ReadTokenRequest();
Now when a consumer sends the following request to this endpoint:
GET /get_request_token?oauth_nonce=C5657420BCE5F3224914304376B5334696B09B7FFC17C105A7F9629A008869DC&oauth_timestamp=1356006599&oauth_consumer_key=sampleconsumer&oauth_signature_method=plaintext&oauth_signature=samplesecret%26&oauth_version=1.0&oauth_callback=http%3a%2f%2flocalhost%3a30103%2fCustomOAuth1 HTTP/1.1
Host: localhost:8180
Connection: close
(broken for clarity):
oauth_nonce=C5657420BCE5F3224914304376B5334696B09B7FFC17C105A7F9629A008869DC
oauth_timestamp=1356006599
oauth_consumer_key=sampleconsumer
oauth_signature_method=plaintext
oauth_signature=samplesecret%26
oauth_version=1.0
oauth_callback=http%3a%2f%2flocalhost%3a30103%2fCustomOAuth1
The serviceProvider.ReadTokenRequest() method throws an exception:
The UnauthorizedTokenRequest message required protections {All} but the channel could only apply {Expiration, ReplayProtection}.
at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestBase httpRequest)
at DotNetOpenAuth.Messaging.Channel.TryReadFromRequest[TRequest](HttpRequestBase httpRequest, TRequest& request)
at DotNetOpenAuth.OAuth.ServiceProvider.ReadTokenRequest(HttpRequestBase request)
at DotNetOpenAuth.OAuth.ServiceProvider.ReadTokenRequest()
at OAuthServers.OAuth1.Services.OAuth1Service.Any(GetRequestTokenRequest request)
at lambda_method(Closure , Object , Object )
at ServiceStack.ServiceHost.ServiceRunner`1.Execute(IRequestContext requestContext, Object instance, TRequest request)
On the other hand if the client sends the following request:
GET /get_request_token?oauth_callback=http%3a%2f%2flocalhost%3a65271%2foauth1%2fHandleAccessToken&oauth_consumer_key=sampleconsumer&oauth_nonce=rGFvxlWm&oauth_signature_method=HMAC-SHA1&oauth_signature=HV%2f5Vq%2b0cF3NrtiISE9k4jmgCrY%3d&oauth_version=1.0&oauth_timestamp=1356007830 HTTP/1.1
Host: localhost:8180
Connection: close
(broken for clarity):
oauth_callback=http%3a%2f%2flocalhost%3a65271%2foauth1%2fHandleAccessToken
oauth_consumer_key=sampleconsumer
oauth_nonce=rGFvxlWm
oauth_signature_method=HMAC-SHA1
oauth_signature=HV%2f5Vq%2b0cF3NrtiISE9k4jmgCrY%3d
oauth_version=1.0
oauth_timestamp=1356007830
it succeeds.
As you can see the only difference between those 2 requests is the oauth_signature_method being used. In the first case PLAINTEXT is used whereas in the second HMAC-SHA1.
Is it possible to make DotNetOpenAuth accept a PLAINTEXT signature method for the request token endpoint along with the GET verb (even if the OAuth 1.0(a) specification recommends POST to be used for this endpoint)? Is there some config option that could relax this requirement on the server?
At the moment modifying the client is not an option for me.
OAuth Authentication is done in three steps:
The Consumer obtains an unauthorized Request Token.
The User authorizes the Request Token.
The Consumer exchanges the Request Token for an Access Token.
So here's what that would look like:
public class InMemoryTokenManager : IConsumerTokenManager, IOpenIdOAuthTokenManager
{
private Dictionary<string, string> tokensAndSecrets = new Dictionary<string, string>();
public InMemoryTokenManager(string consumerKey, string consumerSecret)
{
if (String.IsNullOrEmpty(consumerKey))
{
throw new ArgumentNullException("consumerKey");
}
this.ConsumerKey = consumerKey;
this.ConsumerSecret = consumerSecret;
}
public string ConsumerKey { get; private set; }
public string ConsumerSecret { get; private set; }
#region ITokenManager Members
public string GetConsumerSecret(string consumerKey)
{
if (consumerKey == this.ConsumerKey)
{
return this.ConsumerSecret;
}
else
{
throw new ArgumentException("Unrecognized consumer key.", "consumerKey");
}
}
public string GetTokenSecret(string token)
{
return this.tokensAndSecrets[token];
}
public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
{
this.tokensAndSecrets[response.Token] = response.TokenSecret;
}
public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret)
{
this.tokensAndSecrets.Remove(requestToken);
this.tokensAndSecrets[accessToken] = accessTokenSecret;
}
/// <summary>
/// Classifies a token as a request token or an access token.
/// </summary>
/// <param name="token">The token to classify.</param>
/// <returns>Request or Access token, or invalid if the token is not recognized.</returns>
public TokenType GetTokenType(string token)
{
throw new NotImplementedException();
}
#endregion
#region IOpenIdOAuthTokenManager Members
public void StoreOpenIdAuthorizedRequestToken(string consumerKey, AuthorizationApprovedResponse authorization)
{
this.tokensAndSecrets[authorization.RequestToken] = string.Empty;
}
#endregion
}
Following block of code may help you to generate plain text signature
public static string GetSignature(OAuthSignatureMethod signatureMethod, AuthSignatureTreatment signatureTreatment, string signatureBase, string consumerSecret, string tokenSecret)
{
if (tokenSecret.IsNullOrBlank())
{
tokenSecret = String.Empty;
}
consumerSecret = UrlEncodeRelaxed(consumerSecret);
tokenSecret = UrlEncodeRelaxed(tokenSecret);
string signature;
switch (signatureMethod)
{
case OAuthSignatureMethod.HmacSha1:
{
var crypto = new HMACSHA1();
var key = "{0}&{1}".FormatWith(consumerSecret, tokenSecret);
crypto.Key = _encoding.GetBytes(key);
signature = signatureBase.HashWith(crypto);
break;
}
case OAuthSignatureMethod.PlainText:
{
signature = "{0}&{1}".FormatWith(consumerSecret, tokenSecret);
break;
}
default:
throw new NotImplementedException("Only HMAC-SHA1 is currently supported.");
}
var result = signatureTreatment == OAuthSignatureTreatment.Escaped
? UrlEncodeRelaxed(signature)
: signature;
return result;
}