I am writing a web service client in C# and do not want to create and serialize/deserialize objects, but rather send and receive raw XML.
Is this possible in C#?
Here is part of an implementation I just got running based on John M Gant's example. It is important to set the content type request header. Plus my request needed credentials.
protected virtual WebRequest CreateRequest(ISoapMessage soapMessage)
{
var wr = WebRequest.Create(soapMessage.Uri);
wr.ContentType = "text/xml;charset=utf-8";
wr.ContentLength = soapMessage.ContentXml.Length;
wr.Headers.Add("SOAPAction", soapMessage.SoapAction);
wr.Credentials = soapMessage.Credentials;
wr.Method = "POST";
wr.GetRequestStream().Write(Encoding.UTF8.GetBytes(soapMessage.ContentXml), 0, soapMessage.ContentXml.Length);
return wr;
}
public interface ISoapMessage
{
string Uri { get; }
string ContentXml { get; }
string SoapAction { get; }
ICredentials Credentials { get; }
}
You can use the System.Net classes, such as HttpWebRequest and HttpWebResponse to read and write directly to an HTTP connection.
Here's a basic (off-the-cuff, not compiled, non-error-checking, grossly oversimplified) example. May not be 100% correct, but at least will give you an idea of how it works:
HttpWebRequest req = (HttpWebRequest) HttpWebRequest.Create(url);
req.ContentLength = content.Length;
req.Method = "POST";
req.GetRequestStream().Write(Encoding.ASCII.GetBytes(content), 0, content.Length);
HttpWebResponse resp = (HttpWebResponse) req.getResponse();
//Read resp.GetResponseStream() and do something with it...
This approach works well. But chances are whatever you need to do can be accomplished by inheriting the existing proxy classes and overriding the members you need to have behave differently. This type of thing is best reserved for when you have no other choice, which is not very often in my experience.
Yes - you can simply declare the inputs and outputs as XmlNode's
[WebMethod]
public XmlNode MyMethod(XmlNode input);
You can have your web service method return a string containing the xml, but do heed the comment above about making things more error-prone.
Related
We use a third party service which - when accessed via a browser - it yields this error :
OK - we should call them and probably tell them to fix this at their side.
But -
Question:
Looking at this simple C# code - Why don't I see any exception about this warning , or in other words - How can I make C# to reflect this warning or unsafe access ?
NB I already know that I can use a more advanced webrequest class using other class - But it doesn't matter for this question. (imho).
void Main()
{
Console.WriteLine(CreatePost("https://------", "dummy")); // No exception/warning here
}
private string CreatePost(string uri, string data)
{
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create(uri); request.KeepAlive = false;
request.ProtocolVersion = HttpVersion.Version10;
request.Method = "POST";
byte[] postBytes = Encoding.GetEncoding("UTF-8").GetBytes(data);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postBytes.Length;
Stream requestStream = request.GetRequestStream();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// now send it
requestStream.Write(postBytes, 0, postBytes.Length);
requestStream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
return new StreamReader(response.GetResponseStream(), Encoding.GetEncoding("UTF-8")).ReadToEnd();
}
Also - I know that browser url address is using GET (unlike the C# post verb) - but I don't think that they've redirected this action to a silenced warning)
You don't see any warning when accessing it via C# because Google Chrome is checking how the SSL is set up and putting the warning in the way to try and protect you (and users of said service). When you access it from C#, it never touches Chrome and so you don't get the warning.
You'll get a similar warning in a few other browsers, but it's not part of the response to the request you're making - just the browser trying to keep you safe.
You could manually check the signature algorithm in your code, and throw an exception if it's not what you deem "secure".
Edit: you can check the signature algorithm by adding a custom validation callback to ServicePointManager, something like this:
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(
(sender, certificate, chain, errors) => {
var insecureAlgorithms = new List<String> { "SHA1" };
var sslCertificate = (X509Certificate2) certificate;
var signingAlgorithm = sslCertificate.SignatureAlgorithm;
if (insecureAlgorithms.Contains(signingAlgorithm.FriendlyName))
{
return false;
}
// do some other checks here...
return true;
}
);
I originally asked a question regarding a WCF web service that I was trying to write and then found that the ASP.net web API was more appropriate to my needs, due to some feedback on here.
I've now found a good tutorial that tells me how to create a simple REST service using Web API which works well pretty much out of the box.
My question
I have a POST method in my REST service server:
// POST api/values/5
public string Post([FromBody]string value)
{
return "Putting value: " + value;
}
I can POST to this using POSTER and also my C# client code.
However the bit I don't understand is why I have to prepend an '=' sign to the POST data so that it reads: "=Here is my data which is actually a JSON string"; rather than just sending: "Here is my data which is actually a JSON string";
My C# Client that talks to the REST service is written as follows:
public string SendPOSTRequest(string sFunction, string sData)
{
string sResponse = string.Empty;
// Create the request string using the data provided
Uri uriRequest = GetFormRequest(m_sWebServiceURL, sFunction, string.Empty);
// Data to post
string sPostData = "=" + sData;
// The Http Request obj
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uriRequest);
request.Method = m_VERB_POST;
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
Byte[] byteArray = encoding.GetBytes(sPostData);
request.ContentLength = byteArray.Length;
request.ContentType = m_APPLICATION_FORM_URLENCODED;
try
{
using (Stream dataStream = request.GetRequestStream())
{
dataStream.Write(byteArray, 0, byteArray.Length);
}
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (Stream stream = response.GetResponseStream())
{
StreamReader reader = new StreamReader(stream, Encoding.UTF8);
sResponse = reader.ReadToEnd();
}
}
}
catch (WebException ex)
{
//Log exception
}
return sResponse;
}
private static Uri GetFormRequest(string sURL, string sFunction, string sParam)
{
StringBuilder sbRequest = new StringBuilder();
sbRequest.Append(sURL);
if ((!sURL.EndsWith("/") &&
(!string.IsNullOrEmpty(sFunction))))
{
sbRequest.Append("/");
}
sbRequest.Append(sFunction);
if ((!sFunction.EndsWith("/") &&
(!string.IsNullOrEmpty(sParam))))
{
sbRequest.Append("/");
}
sbRequest.Append(sParam);
return new Uri(sbRequest.ToString());
}
Is anybody able to explain why I have to prepend the '=' sign as in the above code (string sPostData = "=" + sData;)?
Many thanks in advance!
The content type x-www-form-urlencoded is a key-value format. With form bodies you are only able to read a single simple type from a request body. As a name is expected, but in this case not allowed, you have to prefix the equal sign to indicate that there is no name with the followed value.
However, you should lean away from accepting simple types within the body of your web-api controller actions.
You are limited to only a single simple type if you attempt to pass data in the body of an HttpPost/HttpPut without directly implementing your own MediaTypeFormatter, which is unlikely to be reliable. Creating a light-weight complex type is generally much more preferable, and will make interoperating with other content-types, like application/json, much easier.
I am writing a c# program for HttpRequest and Response as below.
public string Methods(int id)
{
HttpWebRequest Request = (HttpWebRequest) WebRequest.Create(#"http://172.17.18.16:8082/item/detail/90");
Request.Method = "Get";
WebResponse Response = Request.GetResponse();
IHttpRequest request = (IHttpRequest)Request;
IHttpResponse response = (IHttpResponse)Response;
SetupRequest(request, response, session);
//Request.Method = Method.Get;
string m = request.Method;
TemplateManager mg=new TemplateManager();
ItemController it = new ItemController(mg);
it.Detail();
return m;
}
Here IHttpRequest and IHttpResponse are the Interfaces which are already created.
I want to assign HttpWebRequest Request to the interface so that the remaining functionality should happen itself. I am getting error in casting lines as
Unable to cast object of type 'System.Net.HttpWebRequest' to type 'HttpServer.IHttpRequest'.
Please help me to find a solution
Thanks
These lines are never going to work:
IHttpRequest request = (IHttpRequest)Request;
IHttpResponse response = (IHttpResponse)Response;
because neither of them implement the interfaces IHttpRequest or IHttpResponse. To make an inbuilt class implement your own interfaces you will have to extend it (derive a new class from it), I'm not sure exactly why you are trying to do this with these two classes, but typically you would only pass them around as an interface if you wanted to change how they are implemented; i.e. if you wanted to write a replacement for HttpWebRequest, or if you were using a dependency injection container (and even this doesn't require interfaces to work).
Check here for their doco online: HttpWebRequest & HttpWebResponse
I am having difficulty in consuming the reCaptcha Web Service using C#/.Net 3.5. Although I think the problem is with consuming web services in general.
String validate = String.Format("http://api-verify.recaptcha.net/verify?privatekey={0}&remoteip={1}&challenge={2}&response={3}", PrivateKey, UserIP, Challenge, Response);
WebClient serviceRequest = new WebClient();
serviceRequest.Headers.Add("ContentType","application/x-www-form-urlencoded")
String response = serviceRequest.DownloadString(new Uri(validate ));
It keeps telling me that the error is: nverify-params-incorrect. Which means:
The parameters to /verify were incorrect, make sure you are passing all the required parameters.
But it's correct. I am using the private key, the IP address (locally) is 127.0.0.1, and the challenge and response seem fine. However the error keeps occurring.
I am pretty sure this is a issue with how I am requesting the service as this is the first time I have actually used webservices and .Net.
I also tried this as it ensures the data is posted:
String queryString = String.Format("privatekey={0}&remoteip={1}&challenge={2}&response={3}",PrivateKey, UserIP, Challenge, Response);
String Validate = "http://api-verify.recaptcha.net/verify" + queryString;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(Validate));
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = Validate.Length;
**HttpWebResponse captchaResponse = (HttpWebResponse)request.GetResponse();**
String response;
using (StreamReader reader = new StreamReader(captchaResponse.GetResponseStream()))
response = reader.ReadToEnd();
Seems to stall at the point where I get response.
Any advice?
Thanks in advance
Haven't worked with the recaptcha service previously, but I have two troubleshooting recommendations:
Use Fiddler or Firebug and watch what you're sending outbound. Verifying your parameters would help you with basic troubleshooting, i.e. invalid characters, etc.
The Recaptcha Wiki has an entry about dealing with development on Vista. It doesn't have to be limited to Vista, though; if you're system can handle IPv6, then your browser could be communicating in that format as a default. It appears as if Recaptcha deals with IPv4. Having Fiddler/Firebug working would tell you about those other parameters that could be causing you grief.
This may not help solve your problem but it might provide you with better troubleshooting info.
So got this working, for some reason I needed to write the request to a stream like so:
//Write data to request stream
using (Stream requestSteam = request.GetRequestStream())
requestSteam.Write(byteData, 0, byteData.Length);
Could anyone explain why this works. I didn't think I would need to do this, don't completely understand what's happening behind the scenes..
Damien's answer is correct of course, but just to be clear about the order of things (I was a little confused) and to have a complete code sample...
var uri = new Uri("http://api-verify.recaptcha.net/verify");
var queryString = string.Format(
"privatekey={0}&remoteip={1}&challenge={2}&response={3}",
privateKey,
userIP,
challenge,
response);
var request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Method = WebRequestMethods.Http.Post;
request.ContentLength = queryString.Length;
request.ContentType = "application/x-www-form-urlencoded";
using (var writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(queryString);
}
string result;
using (var webResponse = (HttpWebResponse)request.GetResponse())
{
var reader = new StreamReader(webResponse.GetResponseStream());
result = reader.ReadToEnd();
}
There's a slight difference in that I'm writing the post variables to the request, but the core of it is the same.
Would it be possible to write a screen-scraper for a website protected by a form login. I have access to the site, of course, but I have no idea how to login to the site and save my credentials in C#.
Also, any good examples of screenscrapers in C# would be hugely appreciated.
Has this already been done?
It's pretty simple. You need your custom login (HttpPost) method.
You can come up with something like this (in this way you will get all needed cookies after login, and you need just to pass them to the next HttpWebRequest):
public static HttpWebResponse HttpPost(String url, String referer, String userAgent, ref CookieCollection cookies, String postData, out WebHeaderCollection headers, WebProxy proxy)
{
try
{
HttpWebRequest http = WebRequest.Create(url) as HttpWebRequest;
http.Proxy = proxy;
http.AllowAutoRedirect = true;
http.Method = "POST";
http.ContentType = "application/x-www-form-urlencoded";
http.UserAgent = userAgent;
http.CookieContainer = new CookieContainer();
http.CookieContainer.Add(cookies);
http.Referer = referer;
byte[] dataBytes = UTF8Encoding.UTF8.GetBytes(postData);
http.ContentLength = dataBytes.Length;
using (Stream postStream = http.GetRequestStream())
{
postStream.Write(dataBytes, 0, dataBytes.Length);
}
HttpWebResponse httpResponse = http.GetResponse() as HttpWebResponse;
headers = http.Headers;
cookies.Add(httpResponse.Cookies);
return httpResponse;
}
catch { }
headers = null;
return null;
}
Sure, this has been done. I have done it a couple of times. This is (generically) called Screen-scraping or Web Scraping.
You should take a look at this question (and also browse the questions under the tag "screen-scraping". Note that Scraping does not only relate to data extraction from a web resource. It also involves submission of data to online forms so as mimic the actions of a user when submitting input such as a Login form.