I am using the admin sdk API to retrieve all G Suite users. We require an access token for this. AWS is used to host our website. I've tried a few different codes to generate access token, but they always return error
"Server returned HTTP response code: 401 for URL: https://accounts.google.com/o/oauth2/token."
I have no idea why this error is occurring. My code is running smoothly, generating access token and retrieving every user domain wise in a local environment. Any help in why actually I am getting this error. have i missed something? any help in it.
This is my code.
private String getAccessToken()
{
String accessToken="";
try
{
Map<String,Object> params = new LinkedHashMap<>();
params.put("grant_type","refresh_token");
params.put("client_id",client_id);
params.put("client_secret",client_secret);
params.put("refresh_token",refresh_token);
StringBuilder postData = new StringBuilder();
for(Map.Entry<String,Object> param : params.entrySet())
{
if(postData.length() != 0)
{
postData.append('&');
}
postData.append(URLEncoder.encode(param.getKey(),"UTF-8"));
postData.append('=');
postData.append(URLEncoder.encode(String.valueOf(param.getValue()),"UTF-8"));
}
byte[] postDataBytes = postData.toString().getBytes("UTF-8");
URL url = new URL("https://accounts.google.com/o/oauth2/token");
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setDoOutput(true);
con.setUseCaches(false);
con.setRequestMethod("POST");
con.getOutputStream().write(postDataBytes);
BufferedReader reader = new BufferedReader(new InputStreamReader(con.getInputStream()));
StringBuffer buffer = new StringBuffer();
for (String line = reader.readLine(); line != null; line = reader.readLine())
{
buffer.append(line);
}
JSONObject json = new JSONObject(buffer.toString());
accessToken = json.getString("access_token");
return accessToken;
}
catch (Exception ex)
{
ex.printStackTrace();
}
return accessToken;
}
I have a problem to call default endpoint '/api/values' from xUnit test project. Web api is default .net core project. I always get bad request - 400 even I add header with value from AF cookie on each request.
First i setup antiforgery in Startup class.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(
opt =>
{
opt.Filters.Add(new ValidateAntiForgeryTokenAttribute());
}
).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddAntiforgery(options =>
{
options.HeaderName = "X-XSRF-TOKEN";
});
}
Then add separate controller and action to create AF cookie
[IgnoreAntiforgeryToken]
[AllowAnonymous]
[HttpGet("antiforgery")]
public IActionResult GenerateAntiForgeryTokens()
{
//generate the tokens/cookie values
//it modifies the response so that the Set-Cookie statement is added to it (that’s why it needs HttpContext as an argument).
var tokens = _antiForgery.GetAndStoreTokens(HttpContext);
Response.Cookies.Append("XSRF-REQUEST-TOKEN", tokens.RequestToken, new CookieOptions
{
HttpOnly = false,
});
return NoContent();
}
Then I setup test class
public UnitTest1()
{
_server = new TestServer(
WebHost.CreateDefaultBuilder()
.ConfigureAppConfiguration((builderContext, config) =>
{
config.AddJsonFile("appsettings.test.json", optional: false, reloadOnChange: true);
})
.UseStartup<Startup>()
.UseEnvironment("Development")
);
_client = _server.CreateClient();
_client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
}
and add method in test class to get value from AF cookie for AF header
protected async Task<string> EnsureAntiforgeryToken()
{
string _antiforgeryToken = string.Empty;
var response = await _client.GetAsync("/api/AntiForgery/antiforgery");
response.EnsureSuccessStatusCode();
if (response.Headers.TryGetValues("Set-Cookie", out IEnumerable<string> values))
{
var _antiforgeryCookie = Microsoft.Net.Http.Headers.SetCookieHeaderValue.ParseList(values.ToList()).SingleOrDefault(c => c.Name.StartsWith(XSRF_TOKEN, StringComparison.InvariantCultureIgnoreCase));
_antiforgeryToken = _antiforgeryCookie.Value.ToString();
}
return await Task.FromResult<string>(_antiforgeryToken);
}
and in my test method I try to call endpoint
[Fact]
public async Task Test1Async()
{
_antiforgeryCookie = await EnsureAntiforgeryToken();
_client.DefaultRequestHeaders.Add("X-XSRF-TOKEN", _antiforgeryCookie);
var result = await _client.GetAsync("/api/values"); //always get error 400
Assert.True(true, "");
}
What's happening is that cookies in browsers or debugging tools like postman are automatically stored when received, then sent with every subsequent request to URLs with the same domain they were received from. This is not the case when you try to write and make requests in code.
So, you need to add the cookies, as cookies, to requests which hit an endpoint with anti-forgery validation.
When you get the response with the XSRF token, you have the cookies array which you are retrieving from a token generation response as such:
response.Headers.TryGetValues("Set-Cookie", out IEnumerable<string> values)
And you're also parsing the XSRF-TOKEN cookie to get its value, which is great. But you also need both cookies unparsed as well.
So, you could introduce:
public class AntiForgeryToken
{
public string XsrfToken { get; set; }
public string[] Cookies { get; set; }
}
And modify EnsureAntiforgeryToken to populate it as such:
protected async Task<AntiForgeryToken> EnsureAntiforgeryToken()
{
var antiForgerytoken = new AntiForgeryToken();
var response = await _client.GetAsync("/api/AntiForgery/antiforgery");
response.EnsureSuccessStatusCode();
if (response.Headers.TryGetValues("Set-Cookie", out IEnumerable<string> values))
{
var cookies = SetCookieHeaderValue.ParseList(values.ToList());
var _antiforgeryCookie = cookies.SingleOrDefault(c =>
c.Name.StartsWith(XSRF_TOKEN, StringComparison.OrdinalIgnoreCase));
// Value of XSRF token cookie
antiForgerytoken.XsrfToken = _antiforgeryCookie.Value.ToString();
// and the cookies unparsed (both XSRF-TOKEN and .AspNetCore.Antiforgery.{someId})
antiForgerytoken.Cookies = values.ToArray();
}
return antiForgerytoken;
}
We return both the XSRF Token that you are already parsing, in addition to cookies array which was returned with the response. The cookies are strings with their values and all the metadata that makes them cookies.
You then add the X-XSRF-TOKEN header and both cookies to your HttpClient, as such:
public async Task Test1Async()
{
_antiForgeryToken = await EnsureAntiforgeryToken();
// the bit you have and will still need
_client.DefaultRequestHeaders.Add("X-XSRF-TOKEN", _antiForgeryToken.XsrfToken);
// the bit you're missing
_client.DefaultRequestHeaders.Add("Cookie", _antiForgeryToken.Cookies[0]);
_client.DefaultRequestHeaders.Add("Cookie", _antiForgeryToken.Cookies[1]);
var result = await _client.GetAsync("/api/values"); // no more 400
Assert.True(result.IsSuccessStatusCode);
}
Which ends up mimicking the behaviour of a browser or debugging tool, where cookies received are stored and automatically sent back with every request to URLs with the same domain it was received from.
Im trying to start Azure VM programmatically (using management certificate). Im getting this error when trying to process http request: error 401 Unauthorized. (thats not an error that appears when certificate is wrong). Tried other request to the same subscription(list hosted services) - went ok, seems like the problem appears only when im tryin to work with virtual machines. Have no idea what am i doing wrong. Here's the code:
static void Main(string[] args)
{
Certificate = new X509Certificate2(Convert.FromBase64String(base64Cer));
string uriFormat = "https://management.azure.com/subscriptions/{my_sub_id}/resourceGroups/{my_resourse_group}/providers/Microsoft.ClassicCompute/virtualMachines/{my_machine_name}/start?api-version={0}";
Uri uri = new Uri(string.Format(uriFormat, Version));
XDocument responseBody;
HttpWebResponse response = InvokeRequest(uri, "POST", out responseBody);
HttpStatusCode statusCode = statusCode = response.StatusCode;
Console.WriteLine("The status of the operation: {0}\n\n", statusCode.ToString());
Console.WriteLine(responseBody.ToString(SaveOptions.OmitDuplicateNamespaces));
Console.Write("Press any key to continue:");
Console.ReadKey();
}
private static HttpWebResponse InvokeRequest( Uri uri, string method, out XDocument responseBody)
{
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-version", Version);
request.ClientCertificates.Add(Certificate);
request.ContentType = "application/json";
request.ContentLength = 0;
responseBody = null;
HttpWebResponse response;
try
{
response = (HttpWebResponse)request.GetResponse();
}
catch (WebException ex)
{
response = (HttpWebResponse)ex.Response;
}
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Ignore;
if (response.ContentLength > 0)
{
using (XmlReader reader = XmlReader.Create(response.GetResponseStream(), settings))
{
try
{
responseBody = XDocument.Load(reader);
}
catch
{
responseBody = null;
}
}
}
response.Close();
return response;
}
The reason you're getting this error is because you're trying to authenticate/authorize an Azure Resource Manager (ARM) API request with an X509 Certificate. Authorization of ARM API requires Azure AD based authorization token. Please see this link for authenticating/authorizing an ARM API request: https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx.
X509 Certificate based authentication/authorization works only for Classic Service Management API requests.
I am trying to send the contents of an XML file from a handheld device (Compact Framework/Windows CE) to a Web API method in my server app like so (Client code):
public static string SendXMLFile(string xmlFilepath, string uri, int timeout)
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.KeepAlive = false;
request.ProtocolVersion = HttpVersion.Version10;
request.Method = "POST";
StringBuilder sb = new StringBuilder();
using (StreamReader sr = new StreamReader(xmlFilepath))
{
String line;
while ((line = sr.ReadLine()) != null)
{
// test to see if it's finding any lines
//MessageBox.Show(line); <= works fine
sb.AppendLine(line);
}
byte[] postBytes = Encoding.UTF8.GetBytes(sb.ToString());
if (timeout < 0)
{
request.ReadWriteTimeout = timeout;
request.Timeout = timeout;
}
request.ContentLength = postBytes.Length;
request.KeepAlive = false;
request.ContentType = "application/xml";
try
{
Stream requestStream = request.GetRequestStream();
requestStream.Write(postBytes, 0, postBytes.Length);
requestStream.Close();
using (var response = (HttpWebResponse)request.GetResponse())
{
return response.ToString();
}
}
catch (Exception ex)
{
MessageBox.Show("SendXMLFile exception " + ex.Message);
request.Abort();
return string.Empty;
}
}
}
As you can see in the commented out code ("<= works fine"), I've tested it and the data I want is being added to the StringBuilder. There is no exception being thrown (I don't see "SendXMLFile exception ").
However, when the corresponding server code is called:
[Route("api/DeliveryItems/PostArgsAndXMLFileAsStr")]
public async void PostArgsAndXMLFileAsStr([FromBody] string stringifiedXML, string serialNum, string siteNum)
{
string beginningInvoiceNum = string.Empty;
string endingInvoiceNum = string.Empty;
XDocument doc = XDocument.Parse(stringifiedXML);
...the "serialNum" and "siteNum" args are as expected (contain the valid expected values) but the body (stringifiedXML) is null. Why?
UPDATE
I added this, too, in the client:
request.ContentLength = postBytes.Length;
// Did the sb get into the byte array?
MessageBox.Show(request.ContentLength.ToString());
...and the byte array does have the data, as it shows me "112" (the XML file is quite small).
UPDATE 2
Now I added yet another debug msg:
try
{
Stream requestStream = request.GetRequestStream();
// now test this:
MessageBox.Show(string.Format("requestStream length is {0}", requestStream.Length.ToString()));
requestStream.Write(postBytes, 0, postBytes.Length);
requestStream.Close();
using (var response = (HttpWebResponse)request.GetResponse())
{
return response.ToString();
}
}
catch (Exception ex)
{
MessageBox.Show("SendXMLFile exception " + ex.Message);
request.Abort();
return string.Empty;
}
...and I don't even see the "requestStream length is" message; instead I see, "SendXMLFileException NotSupportedException"...???
UPDATE 3
I guess this is an example of the Hawthorn Effect or similar. Once I commented out that debug (MessageBox.Show()) statement, I'm back to making it into the server app, but with the [FromBody] val null.
Then the client has the message, "Unable to read data from the transport connection"
UPDATE 4
stringifiedXML is still null here:
public async void PostArgsAndXMLFileAsStr([FromBody] string stringifiedXML, string serialNum, string siteNum)
{
string beginningInvoiceNum = string.Empty;
string endingInvoiceNum = string.Empty;
XDocument doc = XDocument.Parse(stringifiedXML);
...even after I modified the code in the client following a response to this question like so:
public static string SendXMLFile(string xmlFilepath, string uri)
{
MessageBox.Show(string.Format("In SendXMLFile() - xmlFilepath == {0}, uri == {1}", xmlFilepath, uri));
string strData = GetDataFromXMLFile();
HttpWebRequest request = CreateRequest(uri, HttpMethods.POST, strData, "application/xml");
request.KeepAlive = false;
request.ProtocolVersion = HttpVersion.Version10;
try
{
using (var response = (HttpWebResponse)request.GetResponse())
{
return response.GetResponseStream().ToString();
}
}
catch (Exception ex)
{
MessageBox.Show("SendXMLFile exception " + ex.Message);
request.Abort();
return string.Empty;
}
}
private static string GetDataFromXMLFile()
{
// test data - if it works, get the (same, for now) data from the file
return #"<?xml version=1.0?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>"; //had to remove "s from version num
}
// Based on code from Andy Wiggly (the owner of Wiggly Field in Chicago and the Wiggly chewing gum company?)
public static HttpWebRequest CreateRequest(string uri, HttpMethods method, string data, string contentType)
{
WebRequest request = HttpWebRequest.Create(uri);
request.Method = Enum.ToObject(typeof(HttpMethods), method).ToString();
request.ContentType = contentType;
((HttpWebRequest)request).Accept = contentType;
if (method != HttpMethods.GET && method != HttpMethods.DELETE)
{
Encoding encoding = Encoding.UTF8;
request.ContentLength = encoding.GetByteCount(data);
request.ContentType = contentType;
request.GetRequestStream().Write(
encoding.GetBytes(data), 0, (int)request.ContentLength);
request.GetRequestStream().Close();
}
else
{
// If we're doing a GET or DELETE don't bother with this
request.ContentLength = 0;
}
// Finally, return the newly created request to the caller.
return request as HttpWebRequest;
}
Note: I don't know if this is just a misleading side-effect of shutting down the server, but I subsequently saw this err msg in the client/handheld app:
"System.Net.ProtocolVi..."
"This operation cannot be performed after the request has been submitted."
UPDATE 5
For those wanting a Stack Trace, &c:
serNum and siteNum are simple values that get concatenated into the uri like so:
string uri = string.Format("http://192.168.125.50:28642/api/FileTransfer/GetHHSetupUpdate?serialNum={0}&clientVersion={1}", serNum, clientVer);
I tried to get the Stack Trace like so:
catch (Exception ex)
{
MessageBox.Show(string.Format("Msg = {0}; StackTrace = {1)", ex.Message, ex.StackTrace));
request.Abort();
return string.Empty;
}
...but now I'm only seeing, "This operation cannot be performed after the request has been submitted."
UPDATE 6
I changed the method signature to this:
public static HttpWebResponse SendXMLFile(string xmlFilepath, string uri)
...and the corresponding code to this:
try
{
using (var response = (HttpWebResponse)request.GetResponse())
{
return response;
}
}
catch (Exception ex)
{
MessageBox.Show(string.Format("Msg = {0}; StackTrace = {1)", ex.Message, ex.StackTrace));
request.Abort();
return null;
}
...but it made no difference (and I see no "StackTrave = " message, so it must be failing erstwheres)
UPDATE 7
I put two debug strings in:
0)
public static HttpWebRequest CreateRequestNoCredentials(string uri, HttpMethods method, string data, string contentType)
{
//test:
MessageBox.Show(string.Format("In CreateRequestNoCredentials(); data passed in = {0}", data));
1) In SendXMLFile():
//test:
MessageBox.Show(string.Format("After calling CreateRequestNoCredentials(), request contentLen = {0}, headers = {1}, requestUri = {2}",
request.ContentLength, request.Headers, request.RequestUri));
...and I see this:
...but then before the second one gets a chance to show me the gory details, the server receives the null body value, crashes thuswith, and then the client whin[g]es with the same old "This operation cannot be performed after the request has been submitted" complaint.
UPDATE 8
In response to the suggestion, "I suspect that if you remove the setting of KeepAlive and ProtocolVersion after the CreateRequest call, the exception will go away.", I changed my code from this:
HttpWebRequest request = CreateRequestNoCredentials(uri, HttpMethods.POST, strData, "application/xml");
//test:
MessageBox.Show(string.Format("After calling CreateRequestNoCredentials(), request contentLen = {0}, headers = {1}, requestUri = {2}",
request.ContentLength, request.Headers, request.RequestUri));
request.KeepAlive = false;
request.ProtocolVersion = HttpVersion.Version10;
public static HttpWebRequest CreateRequestNoCredentials(string uri, HttpMethods method, string data, string contentType)
{
//test:
MessageBox.Show(string.Format("In CreateRequestNoCredentials(); data passed in = {0}", data));
WebRequest request = HttpWebRequest.Create(uri);
request.Method = Enum.ToObject(typeof(HttpMethods), method).ToString();
request.ContentType = contentType;
((HttpWebRequest)request).Accept = contentType;
if (method != HttpMethods.GET && method != HttpMethods.DELETE)
{
Encoding encoding = Encoding.UTF8;
request.ContentLength = encoding.GetByteCount(data);
request.ContentType = contentType;
request.GetRequestStream().Write(
encoding.GetBytes(data), 0, (int)request.ContentLength);
request.GetRequestStream().Close();
}
else
{
// If we're doing a GET or DELETE don't bother with this
request.ContentLength = 0;
}
// Finally, return the newly created request to the caller.
return request as HttpWebRequest;
}
...to this:
HttpWebRequest request = CreateRequestNoCredentials(uri, HttpMethods.POST, strData, "application/xml");
//test:
MessageBox.Show(string.Format("After calling CreateRequestNoCredentials(), request contentLen = {0}, headers = {1}, requestUri = {2}",
request.ContentLength, request.Headers, request.RequestUri));
public static HttpWebRequest CreateRequestNoCredentials(string uri, HttpMethods method, string data, string contentType)
{
//test:
MessageBox.Show(string.Format("In CreateRequestNoCredentials(); data passed in = {0}", data));
WebRequest request = HttpWebRequest.Create(uri);
request.Method = Enum.ToObject(typeof(HttpMethods), method).ToString();
request.ContentType = contentType;
((HttpWebRequest)request).Accept = contentType;
// moved from elsewhere to here:
((HttpWebRequest)request).KeepAlive = false;
((HttpWebRequest)request).ProtocolVersion = HttpVersion.Version10;
if (method != HttpMethods.GET && method != HttpMethods.DELETE)
{
Encoding encoding = Encoding.UTF8;
request.ContentLength = encoding.GetByteCount(data);
request.ContentType = contentType;
request.GetRequestStream().Write(
encoding.GetBytes(data), 0, (int)request.ContentLength);
request.GetRequestStream().Close();
}
else
{
// If we're doing a GET or DELETE don't bother with this
request.ContentLength = 0;
}
// Finally, return the newly created request to the caller.
return request as HttpWebRequest;
}
...and yet I still get that same err msg ("This operation cannot be performed after the request has been submitted") and stringifiedXML is still null when it hits the server.
UPDATE 9
Here is what I get when I send what I understand to be what I should via Fiddler 2 (right-click the image and open in a new tab if you don't have visual superpowers):
...but I don't know what I'm looking at...did it work? Did it fail? The "body == 0" column gives me pause/makes me think it failed, yet "204" seems to mean "The server successfully processed the request, but is not returning any content"...
UPDATE 10
Here is the Fiddler scream shot after fixing the uri, and I do reach the breakpoint in the server app, with good data sent:
UPDATE 11
With changing this code:
string strData = sb.ToString();
HttpWebRequest request = CreateRequestNoCredentials(uri, HttpMethods.POST, strData, "application/xml");
...to this:
string strData = #sb.ToString(); // GetDataFromXMLFile();
string body = String.Format("\"{0}\"", strData);
HttpWebRequest request = CreateRequestNoCredentials(uri, HttpMethods.POST, body, "application/json");
...I'm now getting this in stringifiedXML: "
...and so I'm now getting: "System.Xml.XmlException was unhandled by user code
HResult=-2146232000
Message=Unexpected end of file has occurred. Line 1, position 15..."
It's an improvement, anyway...
UPDATE 12
Depending on the exact makeup/formatting of the string passed as "Request Body" in Fiddle, the results differ radically.
With this as Request Body:
<?xml version="1.0"?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>
...stringifiedXML is null
With this as Request Body:
"<?xml version=1.0?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>"
...stringifiedXML is exactly the same ("")
...but there is an exception:
System.Xml.XmlException was unhandled by user code
HResult=-2146232000
Message='1.0' is an unexpected token. The expected token is '"' or '''. Line 1, position 15.
Source=System.Xml
LineNumber=1
LinePosition=15
SourceUri=""
StackTrace:
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)
at System.Xml.XmlTextReaderImpl.ThrowUnexpectedToken(String expectedToken1, String expectedToken2)
at System.Xml.XmlTextReaderImpl.ParseXmlDeclaration(Boolean isTextDecl)
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.Linq.XDocument.Load(XmlReader reader, LoadOptions options)
at System.Xml.Linq.XDocument.Parse(String text, LoadOptions options)
at System.Xml.Linq.XDocument.Parse(String text)
at HandheldServer.Controllers.DeliveryItemsController.d__2.MoveNext() in c:\HandheldServer\HandheldServer
\Controllers\DeliveryItemsController.cs:line 63
InnerException:
With this as Request Body:
"<?xml version="1.0"?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>"
...stringifiedXML is "
Penultimately, with this as Request Body:
"<?xml version=\"1.0\"?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>"
...stringifiedXML is exactly the same thing ("")
...but I get this exception:
System.InvalidOperationException was unhandled by user code
HResult=-2146233079
Message=Sequence contains no elements
Source=System.Core
StackTrace:
at System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
at HandheldServer.Controllers.DeliveryItemsController.d__2.MoveNext() in c:\HandheldServer\HandheldServer\Controllers\DeliveryItemsController.cs:line 109
InnerException:
And finally, if I pass this, with (albeit bogus) vals within the angulars:
"<?xml version=\"1.0\"?><LocateAndLaunch><Tasks>Some Task</Tasks><Locations>Some Location</Locations></LocateAndLaunch>"
...I STILL get "sequence contains no elements"
This method is more picky than Rachel Canning! What does it want - egg in its beer?!?
UPDATE 13
With this code:
public async void PostArgsAndXMLFileAsStr([FromBody] string stringifiedXML, string serialNum, string siteNum)
{
XDocument doc = XDocument.Parse(await Request.Content.ReadAsStringAsync());
...or this:
. . .XDocument doc = XDocument.Load(await Request.Content.ReadAsStreamAsync());
...and this as the incoming stringifiedXML:
"Some TaskSome Location"
...I get the exception:
"System.Xml.XmlException was unhandled by user code
HResult=-2146232000
Message=Root element is missing."
With this code (same stringifiedXML):
XDocument doc = XDocument.Parse(stringifiedXML);
... I get, "System.InvalidOperationException was unhandled by user code
HResult=-2146233079
Message=Sequence contains no elements
Source=System.Core
StackTrace:
at System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
at HandheldServer.Controllers.DeliveryItemsController.d__2.MoveNext() in c:\HandheldServer\HandheldServer
\Controllers\DeliveryItemsController.cs:line 109
InnerException: "
IOW, depending on how I parse the incoming string, I get either "Root element is missing" or "Sequence contains no elements"
What the Deuce McAlistair MacLean Virginia Weeper?!? Isn't "<LocateAndLaunch>" a root element? Aren't "Some Task" and "Some Location" elements?
For the action method like this
public async void PostArgsAndXMLFileAsStr([FromBody] string stringifiedXML,
string serialNum, string siteNum)
{}
the request message must be like this. I use JSON here.
POST http://localhost:port/api/values/PostArgsAndXMLFileAsStr?serialNum=1&siteNum=2 HTTP/1.1
Content-Type: application/json
Host: localhost:port
Content-Length: 94
"<?xml version=1.0?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>"
The request body needs to contain the double quotes, BTW. With this, binding should work correctly.
So, post the message with content type application/json and format the body like this.
string content = #"<?xml version=1.0?><LocateAndLaunch><Tasks></Tasks><Locations></Locations></LocateAndLaunch>";
string body = String.Format("\"{0}\"", content);
Before, you change anything in the client side code, use Fiddler to send a POST like the one above to ensure it works in the web API side. After that, change your client side to make sure it outputs the request just the working request with Fiddler.
I'm using DotNetOpenAuth v3.5.0.10357 and each time a user authenticates against Facebook I get a different claimed identifier back. The token looks to be encrypted so I assume DNOA is somehow encrypting the token along with the expiry. Can anyone confirm this? Or am I using it wrong:
public ActionResult FacebookLogOn(string returnUrl)
{
IAuthorizationState authorization = m_FacebookClient.ProcessUserAuthorization();
if (authorization == null)
{
// Kick off authorization request
return new FacebookAuthenticationResult(m_FacebookClient, returnUrl);
}
else
{
// TODO: can we check response status codes to see if request was successful?
var baseTokenUrl = "https://graph.facebook.com/me?access_token=";
var requestUrl = String.Format("{0}{1}", baseTokenUrl, Uri.EscapeDataString(authorization.AccessToken));
var claimedIdentifier = String.Format("{0}{1}", baseTokenUrl, authorization.AccessToken.Split('|')[0]);
var request = WebRequest.Create(requestUrl);
using (var response = request.GetResponse())
{
using (var responseStream = response.GetResponseStream())
{
var graph = FacebookGraph.Deserialize(responseStream);
var token = RelyingPartyLogic.User.ProcessUserLogin(graph, claimedIdentifier);
this.FormsAuth.SignIn(token.ClaimedIdentifier, false);
}
}
return RedirectAfterLogin(returnUrl);
}
}
Here's the code for FacebookAuthenticationResult:
public class FacebookAuthenticationResult : ActionResult
{
private FacebookClient m_Client;
private OutgoingWebResponse m_Response;
public FacebookAuthenticationResult(FacebookClient client, string returnUrl)
{
m_Client = client;
var authorizationState = new AuthorizationState(new String[] { "email" });
if (!String.IsNullOrEmpty(returnUrl))
{
var currentUri = HttpContext.Current.Request.Url;
var path = HttpUtility.UrlDecode(returnUrl);
authorizationState.Callback = new Uri(String.Format("{0}?returnUrl={1}", currentUri.AbsoluteUri, path));
}
m_Response = m_Client.PrepareRequestUserAuthorization(authorizationState);
}
public FacebookAuthenticationResult(FacebookClient client) : this(client, null) { }
public override void ExecuteResult(ControllerContext context)
{
m_Response.Send();
}
}
Also, I am using the RelyingPartyLogic project included in the DNOA samples, but I added an overload for ProcessUserLogin that's specific to facebook:
public static AuthenticationToken ProcessUserLogin(FacebookGraph claim, string claimedIdentifier)
{
string name = claim.Name;
string email = claim.Email;
if (String.IsNullOrEmpty(name))
name = String.Format("{0} {1}", claim.FirstName, claim.LastName).TrimEnd();
return ProcessUserLogin(claimedIdentifier, "http://facebook.com", email, name, claim.Verified);
}
It looks as though FacebookClient inherits from WebServerClient but I looked for the source on GitHub and I don't see a branch or a tag related (or at least not labeled) with the corresponding v3.5 version.
Facebook does not support OpenID. Claimed Identifier is an OpenID term. Facebook uses OAuth 2.0, so you're mixing up OpenID and OAuth.
Facebook sends a different access token every time, which is normal for the OAuth protocol. You have to use the access token to query Facebook for the user id that is consistent on every visit.
I think you need to add the offline_access permission in the token request as well, see https://developers.facebook.com/docs/reference/api/permissions/