I have the following question. We are using net core 3.1.
We make a soap request (HttpWebRequest) to a external webservice where they only allow a whitelist of IP addresses into the portal. Our VPN Ipadress is in the whitelist.
But when i send a request (Via Visual studio debugger) it get rejected by de external webservice: 403 Unauthorized.
But when starting Fiddler and then sending the same request again, via Visual studio debugger, we get a 200 OK.
The same is with Postman. When fiddler is not running the request gets rejected. When Fiddler
is running the request is accepted and the response is 200 OK.
I dont understand what is happening, How to solve this.
NOT VIA Fiddler:
Status: 500 Internal Server Error
Version HTTP/1.1
Transferred 408 B (233 B size)
Referrer Policy strict-origin-when-cross-origin
Request Priority Highest
Response Headers:
Content-Type: application/json
Date: Thu, 28 Jul 2022 08:42:32 GMT
Server: Kestrel
Transfer-Encoding: chunked
X-Powered-By: ASP.NET
VIA Fiddler:
Status 200 OK
Version HTTP/1.1
Transferred 1.57 KB (1.41 KB size)
Referrer Policy strict-origin-when-cross-origin
Request Priority Highest
Content-Type text/plain; charset=utf-8
Date Thu, 28 Jul 2022 09:01:24 GMT
Server Kestrel
Transfer-Encoding chunked
X-Powered-By ASP.NET
Related
I am capturing a HttpResponseMessage using C#. I see the Headers and Content easily using C# and Telerik Fiddler. How do I get to the Json Message ={"error_message":"Unable to find Category 130"}? This is the response that is being returned from a third party vendor
HttpResponse:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-control: no-cache="set-cookie"
Content-Type: application/xxxxxxxx;version=1.0
Date: Thu, 23 Jan 2020 20:14:18 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: AWSELB=B951170B0258C274F4328378523700A29FEEC6BAABF6103540B7038DA196F54B6874B912614AC1E0CD2E8767C34FC2E6F1E24E6532E90C88E5E4413E3E7A09EFA6074CFAC1;PATH=/;MAX-AGE=300
Content-Length: 47
Connection: keep-alive
{"error_message":"Unable to find Category 130"}
So how I went about solving this issue with Http Response being returned with statuscode of 200 but and error message in the content, is to include looking for a error in the Response.Content.ReadAsStringAsync().Result
I'm trying to collect and download my lifelog user data. The first step into doing this is getting a user-access token. I am encountering problems while requesting authorization.
From the sony developer authenticization page I am told to input the following code into my API explorer:
https://platform.lifelog.sonymobile.com/oauth/2/authorize?client_id=YOUR_CLIENT_ID&scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read
I am supposed to receive the authorization code as such:
https://YOUR_CALLBACK_URL?code=abcdef
However, this is what the current situation is actually like:
I have replaced my actual client ID below with MY_CLIENT_ID for security reasons
INPUT:
GET /oauth/2/authorize?client_id=MY_CLIENT_ID&scope=lifelog.profile.read%2Blifelog.activities.read%2Blifelog.locations.read HTTP/1.1
Authorization:
Bearer kN2Kj5BThn5ZvBnAAPM-8JU0TlU
Host:
platform.lifelog.sonymobile.com
X-Target-URI:
https://platform.lifelog.sonymobile.com
Connection:
Keep-Alive
RESPONSE:
HTTP/1.1 302 Found
Content-Length:
196
Location:
https://auth.lifelog.sonymobile.com/oauth/2/authorize?scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read&client_id=MY_CLIENT_ID
Access-Control-Max-Age:
3628800
X-Amz-Cf-Id:
HILH9w3eOm-6ebs_74ghegYQyWS4xyqA1l0gXPRJuuubsoZ6eiiS3g==
Access-Control-Allow-Methods:
GET, PUT, POST, DELETE
X-Request-Id:
76caccfc976d40259ef30415d10980e9
Connection:
keep-alive
Server:
Apigee Router
X-Cache:
Miss from cloudfront
X-Powered-By:
Express
Access-Control-Allow-Headers:
origin, x-requested-with, accept
Date:
Sun, 22 Jan 2017 03:00:42 GMT
Access-Control-Allow-Origin:
*
Vary:
Accept
Via:
1.1 dc698cd00b7ec82887573cfaba9ecca6.cloudfront.net (CloudFront)
Content-Type:
text/plain; charset=utf-8
Found. Redirecting to https://auth.lifelog.sonymobile.com/oauth/2/authorize?scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read&client_id=MY_CLIENT_ID
Nowhere can I see the authorization code in the above code. I even tried copying and pasting the URL (on the last line) into my browser, it says "localhost.com took too long to respond"
This is where I input my request
I am not sure whether it is an issue with the callback URL. I don't have an actual website or app made, I just used the default localhost
I am a beginner in this and would really appreciate all help.
I've build a web api service with basic authentication and using a global DelegatingHandler implementation which I hook up to the web API GlobalConfiguration, in order to extract the username:password credentials from the request and hook an IPrincipal to the HttpContext if the credentials map to a valid user.
I've tested my api thoroughly on localhost and it's working fine, but not quite when hosted on IIS on a VPS.
I've hooked up remote debugging on the VPS in order to inspect whats going on and it turns out that whenever I include the authorization header to my request, the breakpoints I have set on the message handler are not getting hit, meaning that the request does not reach the handler. If I remove the Authorization header from the request, the breakpoint is getting hit and the handler is able to process it.
Since the message handlers are the first that will process the request in the pipeline (from what I know of, correct me if I'm wrong) I guess there must be an IIS or setup issue that I'm not aware of that messes the authentication process.
Fiddler Request Headers
GET http://myip/api/v1/route/parameter HTTP/1.1
Content-Type: application/json; charset=utf-8
Authorization: Basic ZHJpdmVyOjEwMTAyMDAz
Host: myip
Fiddler Response Headers
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
WWW-Authenticate: Basic realm="myip"
X-Powered-By: ASP.NET
Date: Mon, 22 Aug 2016 15:04:15 GMT
Content-Length: 61
{"Message":"Authorization has been denied for this request."}
What could be possibly be wrong, where should I look at for a solution?
EDIT
Had to disable Basic Authentication from the Authentication menu on the right pane setting for the IIS application.
Just like postman does, does api-designer support that?
I try to POST my request to my service (127.0.0.1:8180) and if I click 'API is behind a firewall', it POST http://127.0.0.1:8180/v1/deviceļ¼and the response is:
Status
0
Headers
If uncheck 'API is behind a firewall', it POST /proxy/http://127.0.0.1:8180/v1/device, and the response is
Status
404
Headers
connection:
keep-alive
content-length:
51
content-type:
text/html; charset=utf-8
date:
Fri, 09 Sep 2016 14:24:06 GMT
x-content-type-options:
nosniff
x-powered-by:
Express
Body
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
1
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
CozyAzure.
Unfortenly, api-designer has several problems with the proxy. I didn't spend much time for the issue and started to use postman collections for this. You can Importing RAML folders as Collections and make a request with postman.
I used both Fiddler and my test C# application to update my profile information in Cliqset.com through their API but I always get 403 error. It works well when I just want to get my profile info, not to update. I use all necessary HTTP headers, like CliqsetConsumerKey and Authorization.
Thank you.
When I try to get my status, I use this:
GET https://api.cliqset.com/user/cosmorocket/status HTTP/1.1
Authorization: Basic Y**********rZXQ6ZnVsY3J1bTA=
CliqsetConsumerKey: 11**********3c2ccd26c4ca946e3d8e
Host: api.cliqset.com
And it returns this:
HTTP/1.1 200 OK
Date: Fri, 10 Jul 2009 05:17:37 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
Content-Type: application/xml
Content-Length: 153
Set-Cookie: csp=appInst2; path=/
Connection: close
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><StatusEntry><Updated>2009-06-09T18:09:29.315Z</Updated><Status>cliqsetting all day long</Status></StatusEntry>
But if I use the same credentials for updating with this request:
PUT https://api.cliqset.com/200905/user/cosmorocket/status HTTP/1.1
I get this:
HTTP/1.1 403 Forbidden
Date: Fri, 10 Jul 2009 05:25:04 GMT
Vary: Accept-Encoding
Content-Length: 9
Connection: close
Content-Type: text/html; charset=iso-8859-1
Error 403
I contacted tech support and solved the problem. Each time a new user uses my registered application it's necessary to make an authenticated GET
request to 'https://api.cliqset.com/200905/user/useridentifier'. Notice that you don't change 'useridentifier' to any other login name, just leave it as it is. This
will setup the appropriate permissions to update data.
I did this request and now it works well.