I am trying to download a file from rapidshare using System.Net.WebClient in C#.
I wanted to implement authorization using the http header field "Authorization: Basic ".
I do it with the following code:
WebClient.Headers.Add(HttpRequestHeader.Authorization,
"Basic " +
Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(_userPass)));
Problem is that, when i access rapidshare I get a redirected to a sub domoin of rapidshare, this means The problem is that this field, Authorization, (unlike "Cookie") isn't added to the hedear in the second (redirected) request.
This blocks me from authenticating with the server.
How can I make the class pass the authorization header with the redirected request, or is there a better way to pass on authorization?
Is better, "righter" way to do this, maybe with a different library?
All help will be very appreciated.
I think that rapidshare uses cookies to authenticate users and allow direct downloads...
EDIT: I did some digging on google and found a "Simple Rapidshare Download Class". Maybe this would be helpful to you?
Related
We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?
UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?
string postData = $"{{\"grant_type\":\"{grant_type}\",\"client_id\":\"{client_id}\",\"code\":\"{code}\",\"redirect_uri\":\"{redirect_uri}\",\"client_secret\":\"{client_secret}\"}}";
string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";
string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";
UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.
I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2
This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios
I just want to know if there is a naming standard on REDIRECT URIS for :
Twitter, LinkedIn, Microsoft, Facebook and Google when using OAuth 2.0?
Because, if I write my domain like that : http://domain.com/account/external-signin.aspx every external login stop working except Twitter and Facebook. The name account/external-signin.aspx is the real URL I'm working with and that I'm supposed to give to every external login.
So, Microsoft give this error:
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
LinkedIn:
Invalid redirect_uri. This value must match a URL registered with the API Key.
And Google
400. That’s an error. Error: redirect_uri_mismatch
If I remove the page extension .aspx it seems to work although I deliberately write a wrong url like http://domain.com/sign-google, http://domain.com/sign-microsoft etc...
I'm working with MVC5 and C#.
I think I missed a few things ...
Thanks for your help
So finally, here is the correct answer:
It's not you that choose the redirect URL. You must write your domain.com/signin-{suppliername} in your app management.
Example:
Microsoft : https://domain.com/signin-microsoft
LinkedIn : https://domain.com/signin-linkedin
Google : https://domain.com/signin-google
Facebook and Twitter can work with your own redirect URL. Once successfully registered, the effect is immediate. Hope this can help somebody.
Karine
This error is denoting that you're having a miss match with the URL you're returning, and the return URL registered at the API Server. When you register your application, at the server, (for Google: https://code.google.com/apis/console) you have to make sure that the URLs being used would be matching.
After this, you will not get this error, I think on the server you've set this property to, http://domain.com/account/external-signin (without aspx; as you've said that this works without the extension but not with it). So try to change it on the server too.
For Linkedin append your url with "signin-linkedin".e.g. if your url is http://localhost:{portnumber}, make sure its is register in linked in as "http://localhost:{portnumber}/signin-linkedin" and this will do the trick.
Happy Codding :)
I'm using Google Apis, instead of Google Sign In, to connect to Google on my app because I'm developping with Xamarin.
This is the library I'm using : https://github.com/xamarin/google-apis
When I'm logging in, i get this error :
Authentication Error
Unexpected character '<'. At line 1, column 0.
Maybe it's because my AccessTokenUrl is not good, but I've tried many things. I know for a fact that my ClientId, my RedirectUrl and my Secret are okay.
When logging in, Google asks correctly for the good permissions that I want, but after I accept, this is when I receive the error.
I've tried finding the request to see if there was the '<' in it but had no luck accessing it.
Is there a good way to connect to Google with Xamarin using this library or I'm just doing something bad?
Should I just do it nativaly on iOS and Android?
Thanks
I just encountered a similar problem using Xamarin.Auth to hit a custom OAuth service (i.e. not Google). In my case, the accessTokenUrl pointed to an action on a controller that was entirely protected by the [Authorize] attribute. Naturally, the user was required to login before hitting the /oauth/authorize endpoint using a web browser, but the request to /oauth/token to exchange the resulting authorization code for an access token was not inside the same web browser/session. It was trying to get back token data in JSON format but was being redirected to an HTML login screen. Once I changed the token endpoint for anonymous access, things started working (Note: A valid authorization code cannot be obtained without authenticating).
General Recommendations
The error message strongly suggests that the response coming back is HTML (or at least some form of XML). This could be an authentication redirect as it was in my scenario, or possibly some sort of error page. I would first start by setting up a proxy. I used Charles Proxy to uncover some interesting information. You will need to configure SSL on the proxy to see anything except high level information. This will show the exact requests coming out of your app to the OAuth application.
Another technique I used was simulating the requests that the OAuth2Authenticator would be making in a web browser and/or Postman. The first request would be to authorize:
https://your.domain.here/oauth/authorize?client_id=<some_client_id>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F&response_type=code&scope=<some_scope>&state=<some_state>
That endpoint should be protected, so you will likely be redirected to something like this:
https://your.domain.here/Account/Login?returnurl=%2Foauth%2Fauthorize%3Fclient_id%3D<some_client_id>%26redirect_uri%3Dhttp%253A%252F%252Fyour.domain.here%252F%26response_type%3Dcode%26scope%3D<some_scope>%26state%3D<some_state>
After authenticating, the authorize endpoint should redirect to your redirect URI with the authorization code and state included as query string parameters. You will use the code in the next step.
Lastly, using a fresh web browser (i.e. new session), you should hit the token endpoint with your new authorization code and other client information.
https://your.domain.here/oauth/token?client_id=<some_client_id>&client_secret=<some_secret>&grant_type=<your_grant_type>&code=<your_authorization_code>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F
If the response is not JSON data, it should give you an indication about what is failing with Xamarin.
Got the same error.
Solved by using https://accounts.google.com/o/oauth2/token as AccessTokenUrl
I have two website
1) Main website: it has a link Help & Training that redirects user to another Help website.
2) Help website has no authentication rules thus anybody can visit the website directly.
Now I have a requirement to allow second website to be visited from first website's link, all the other request should be redirect to another page.
Offcourse querystring/parameter validation is not acceptable as that can be visible and constant
Is it possible, any suggestion is appreciated.
You can use http://msdn.microsoft.com/en-us/library/system.web.httprequest.urlreferrer.aspx which is just an ASP.NET wrapper around the HTTP referrer header. http://en.wikipedia.org/wiki/HTTP_referrer
This, of course, can be spoofed so don't rely on it for creating something super secure.
what if you add a get parameter to the link's url in the first site and checks for it in the second site. That's of course a very simple solution and could be cheated pretty fast.
from here:
You could use the UrlReferrer property of the request:
Request.UrlReferrer
This will read the Referer HTTP header from the request which may or may not be supplied by the client (user agent).
Hi you can use this block of code to identify from where the user came to your website
If Not IsPostBack Then
If Not Request.UrlReferrer.ToString() Is Nothing Then
referrer = Request.UrlReferrer.ToString()
End If
End If
if you want something that's not easily spoofable by average users...
site2 exposes a webservice which validates a "secret" parameter (could just be some long random string that only site1 and site2 know). this service returns a unique "token" that is only good for a small period of time. site1 appends this token to the querystring when directing the user to site2. site2 validates that the token is legit and still valid. once a token has been used, site2 no longer treats it as valid.
I'm trying to parse through and obtain my (my personal account not my app) albums from Facebook using the Facebook C# SDK. My goal is to grab the 10-12 most recent photos on my account. However, I understand I have to grab the albums first.
So, I've tried numerous things and ended up with the following url which returns a 400 Bad Request:
https://graph.facebook.com/{my_user_id}/albums?access_token={my_access_token}
The token was obtained by calling:
https://graph.facebook.com/oauth/access_token?client_id={0}&client_secret={1}&grant_type={2}&scope={3}
Any ideas why I'd be getting the 400?
When using grant_type = client_credentials you're requesting the an app access token. This will allow you to do various administrative actions for your application. See App Login in http://developers.facebook.com/docs/authentication/.
However, when using the user-parts of the Graph Api you need to perform a User Login using the oAuth Dialog. There are different ways of doing this such as with the Javascript SDK which should be straightforward to use.
I've not found a nice way of doing this in a standalone web app using Facebook C# SDK without the Javascript SDK (it's easy in a canvas app using the CanvasAuthorize attribute).
Here's an example of how to do it i a WinForms app http://blog.prabir.me/post/Facebook-CSharp-SDK-Writing-your-first-Facebook-Application.aspx. It might work in a Asp.Net app if you could use the WebBrowser control. I've tried with WebClient but didn't have any luck.
Update
By looking at the sample here http://facebooksdk.codeplex.com/SourceControl/changeset/view/534da45e108f#Samples%2fCSMvcWebsite%2fControllers%2fHomeController.cs it looks like you should be able to use the FacebookAuthorize attribute in a standalone site.
Error code 400 means that the request was not correctly formatted. Verify that that the Final URL looks OK and try it in a browser.
The request could not be understood by
the server due to malformed syntax.
The client SHOULD NOT repeat the
request without modifications.
I.e. that you try the following https://graph.facebook.com/someuser/albums?access_token=1234 You would pre presented with the following:
{
"error": {
"type": "OAuthException",
"message": "Invalid OAuth access token."
}
}
If you provide an OK token and a real user, the result will probably look a bit different, but in your case you get a 400 because there is something wrong with the request.