We Keep Coding

API authtentication with a Ionic app

I am building a Ionic app that is supposed to communicate with an ASP net MVC application (I need to get JSON data).
When I send request to the ASP application from the Ionic app, I am not allowed because I am not logged. I get this :
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:8100' is therefore not allowed
access. The response had HTTP status code 401.
My issue is that I want to log in to my API but I do not know how to proceed with Ionic. In a similar application, I used C# client and I was using an HttpWebRequest & NetworkCredential objects.
I made POST request to try to log in the API but I just get a 401 error.
Here is the code, but the credentials that I sent do not allow me to authenticate to the web service.
connect(){
var credentials = "name=" + mylogin + "&password=" + mypassword;
var headers = new Headers();
headers.append('Content-Type', 'application/x-www-form-urlencoded');
this.http.post(URLServeur, credentials, {headers: headers}).subscribe(data => {
if(data.json().success){
console.log("yes");
resolve(true);
}
else
{
console.log("no");
resolve(false);
}
});
}
Thanks,

I finaly found out that it is an issue in Angular with the parameters of the request. If you insert too much request options, withCredentials : true is ignored.
Code in Ionic app:
var headers = new Headers();
headers.append('Content-Type', 'application/json');
var url = "http://localhost"
var data = "This is my data";
this.http.post(url, JSON.stringify(data), {withCredentials: true}).subscribe(data => {
if(data){
console.log("yes");
}
else
{
console.log("no");
}
});
Also, do not forget to add this to webConfig file on server :
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="http://localhost:8100" />
<add name="Access-Control-Allow-Headers" value="content-Type,authorization" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
I hope it will help other people

swift 3, wcf service

I am trying to use an existing WCF service in an IOS APP coded in swift 3.
The problem seem to be in the format of the envelope.
The service is on line and work well (is already used by an android app)
URL of the service: www.esmnovara.it\FitnessManagerService.svc
This is the request, seen from a WCF test client:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://tempuri.org/FitnessManagerIService/Login</Action>
</s:Header>
<s:Body>
<Login xmlns="http://tempuri.org/">
<NomeUtente></NomeUtente>
<Password></Password>
</Login>
</s:Body>
</s:Envelope>
It must return this:
"
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header />
<s:Body>
<LoginResponse xmlns="http://tempuri.org/">
<LoginResult>0|ERRORE GENERICO, RIVOLGERSI ALLA RECEPTION</LoginResult>
<NomeUtente a:nil="true" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" />
<Password a:nil="true" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" />
</LoginResponse>
</s:Body>
</s:Envelope>
"
This is the code of my IOS swift 3 app:
var soapMessage : String = ""
soapMessage += "<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'>"
soapMessage += "<s:Header>"
soapMessage += "<Action s:mustUnderstand='1' xmlns='http://schemas.microsoft.com/ws/2005/05/addressing/none'>http://tempuri.org/FitnessManagerIService/Login</Action>"
soapMessage += "</s:Header>"
soapMessage += "<s:Body>"
soapMessage += "<Login xmlns='http://tempuri.org/FitnessManagerIService/Login'>"
soapMessage += "<NomeUtente></NomeUtente>"
soapMessage += "<Password></Password>"
soapMessage += "</Login>"
soapMessage += "</s:Body>"
soapMessage += "</s:Envelope>'"
let urlString = "http://www.esmnovara.it/FitnessManagerService.svc"
let url = URL(string: urlString)
let theRequest = NSMutableURLRequest(url: url!)
let msgLength = soapMessage.characters.count
theRequest.addValue("text/xml; charset=utf-8", forHTTPHeaderField: "Content-Type")
theRequest.addValue(String(msgLength), forHTTPHeaderField: "Content-Length")
theRequest.httpMethod = "POST"
theRequest.httpBody = soapMessage.data(using: String.Encoding.utf8, allowLossyConversion: false) // or false
let connection = NSURLConnection(request: theRequest as URLRequest, delegate: self, startImmediately: true)
connection!.start()
if (connection != nil) {
var mutableData : Void = NSMutableData.initialize()
//debugPrint(mutableData)
}
And this is what I get:
"IIS 8.5 Detailed Error - 400.0 - Bad Request"
"HTTP Error 400.0 - Bad Request"
"Bad Request"
"Detailed Error Information:"
"Module"
"IsapiModule"
"Notification"
"ExecuteRequestHandler"
"Handler"
"svc-ISAPI-4.0_32bit"
"Error Code"
"0x00000000"
"Requested URL"
"http://www.esmnovara.it:80/FitnessManagerService.svc"
"Physical Path"
"D:\\inetpub\\webs\\esmnovarait\\FitnessManagerService.svc"
"Logon Method"
"Anonymous"
"Logon User"
"Anonymous"
"Request Tracing Directory"
"D:\\LogFiles\\FailedReqLogFiles"
"More Information:"
" \n The request could not be understood by the server due to malformed syntax. \n "
"View more information "
"Microsoft Knowledge Base Articles:"
Can anyone help me?

I wrote a little playground script which seems to work:
import UIKit
import PlaygroundSupport
// Ignore the next line, it's just to avoid a annoying message in Playgrounds
URLCache.shared = URLCache(memoryCapacity: 0, diskCapacity: 0, diskPath: nil)
// Service URL
let serviceUrl = URL(string: "http://www.esmnovara.it/FitnessManagerService.svc")
// Service request using the serviceURL
var serviceRequest = URLRequest(url: serviceUrl!)
// Set a couple of headers
serviceRequest.addValue("text/xml; charset=utf-8", forHTTPHeaderField: "Content-Type")
serviceRequest.addValue("http://tempuri.org/FitnessManagerIService/Login", forHTTPHeaderField: "SOAPAction")
// Set the http verb
serviceRequest.httpMethod = "POST"
// Soap message
let soapMessageAsText = "<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body><Login xmlns=\"http://tempuri.org/\"><NomeUtente/><Password/></Login></s:Body></s:Envelope>"
// Enconded as data
let soapMessageAsData = soapMessageAsText.data(using: String.Encoding.utf8)
// Set message as data in the http body of the request
serviceRequest.httpBody = soapMessageAsData
// Call the service using URLSession
URLSession.shared.dataTask(with: serviceRequest) { (data, response, error) in
// Check for error
guard error == nil else {
print(error ?? "Unknown error")
return
}
// Display data as string
let dataAsString = String(data: data!, encoding: String.Encoding.utf8)
print(dataAsString)
}.resume()
// Ignore this line, it's neccesary so that playground waits
PlaygroundPage.current.needsIndefiniteExecution = true
Hope it works.

Square API with Vb.net

Dim myUri = New Uri("https://squareup.com/v2/locations")
Dim RQ As HttpWebRequest = TryCast(WebRequest.Create(myUri), HttpWebRequest)
RQ.PreAuthenticate = True
RQ.Headers.Add("Authorization", "Bearer" & Token) '''Token is a Shared string assigned to my current Access Token
RQ.Method = "GET"
RQ.Accept = "application/json"
RQ.ContentType = "application/json"
Using response As HttpWebResponse = TryCast(RQ.GetResponse(), HttpWebResponse) '''''"The remote server returned an error: (404) Not Found."
Very new to the Square-Connect API and there are no vb.net examples so this was as far as i can get. Im not able to get pass the last line. I always get a 404 error no matter what i try. Anyone know why.
If I use this command (replacing Token with my access Token), in a terminal then I get the result I want in vb.net.
curl -H "Authorization: Bearer Token" https://connect.squareup.com/v2/locations

The guys at square quickly found my problem so here is the working code:
Dim myUri = New Uri("https://connect.squareup.com/v2/locations")
Dim RQ As HttpWebRequest = TryCast(WebRequest.Create(myUri), HttpWebRequest)
RQ.PreAuthenticate = True
RQ.Headers.Add("Authorization", "Bearer " + Token) 'Token is a Shared string assigned to my current Access Token
RQ.Method = "GET"
RQ.Accept = "application/json"
RQ.ContentType = "application/json"
Using response As HttpWebResponse = TryCast(RQ.GetResponse(), HttpWebResponse)

OAuth2 "Invalid Grant" response from server

I ask my client to hit at this URL with his authorized gmail account with which he has created the google api project.
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=http://www.XXXXXXXX.com/oauth2callback&client_id=XXXXXX.apps.googleusercontent.com&state=profile&approval_prompt=force
and then ask him to provide me the code parameter from the redirected URL
http://www.XXXXXXXX.com/oauth2callback?code=4/jUxc2MdX0xmF-b4_I6v2SLMQMuxO.cvQLVEpcJMUXOl05ti8ZT3ZvsT9ddwI
Then i myself post this form with following info.
<form action="https://accounts.google.com/o/oauth2/token" method="post" >
<input type="hidden" name="grant_type" value="authorization_code" >
<input type="text" name="code" value="**is the one i recieved from previous step**">
<input type="hidden" name="client_id" value="XXXXXXX.apps.googleusercontent.com" >
<input type="hidden" name="client_secret" value="XXXXXXXXXXXX" >
<input type="hidden" name="redirect_uri" value="http://www.XXXXXX.com/oauth2callback" >
<input type="submit" value="Submit">
</form>
and then i get the following error
{
"error" : "invalid_grant"
}
When i generate the code url param myself and perform the next step. i am successfully presented with following response
{
 "access_token" : "XXXXXXStBkRnGyZ2mUYOLgls7QVBxOg82XhBCFo8UIT5gM",
 "token_type" : "Bearer",
 "expires_in" : 3600,
 "refresh_token" : "XXXXXX3SEBX7F2cfrHcqJEa3KoAHYeXES6nmho"
}
But if the client generate the url param "code" then i see the invalid grant error.
My Client is in UK and i am in another country. Can anybody please confirm if it's the error because client is generating the code param in another country and i am using that code in another country ?
Thanks in advance.

I got annoyed by invalid_grant error instead of the fact that same code is getting me correct access token some times.
Shaikh's answer has guided me to correct direction.
First of all we try to get access code from:
https://accounts.google.com/o/oauth2/auth
User is directed to "Allow Permission" screen and then our app receive access code.
Using that access code we try to get access token from:
https://accounts.google.com/o/oauth2/token
In the first attempt it will return us access_token with grant_type=authorization_code, but once access_token has been provided to us, it no longer expect to receive grant_type=authorization again, instead it likes to receive grant_type=refresh_token
For fellow android developers code is as follows:
String accessToken = null, refreshToken = null;
HttpPost httppost = new HttpPost(https://accounts.google.com/o/oauth2/token);
HttpParams myParams = new BasicHttpParams();
httppost.setHeader("Content-type", "application/x-www-form-urlencoded");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(4);
nameValuePairs.add(new BasicNameValuePair("client_id", BLOGGER_CLIENT_ID));
SharedPreferences prefs = context.getSharedPreferences(PREFERENCES_NAME, Context.MODE_PRIVATE);
String bloggerAccessToken = prefs.getString(PREFERENCES_KEY_BLOGGER_ACCESS_TOKEN, null);
if(bloggerAccessToken != null && bloggerAccessToken.length() > 0){
nameValuePairs.add(new BasicNameValuePair("refresh_token", prefs.getString(PREFERENCES_KEY_BLOGGER_REFRESH_TOKEN, null)));
nameValuePairs.add(new BasicNameValuePair("grant_type", "refresh_token"));
} else{
nameValuePairs.add(new BasicNameValuePair("code", prefs.getString(PREFERENCES_KEY_BLOGGER_ACCESS_CODE, null)));
nameValuePairs.add(new BasicNameValuePair("grant_type", "authorization_code"));
nameValuePairs.add(new BasicNameValuePair("redirect_uri", "http://localhost"));
}
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpClient httpClient = new DefaultHttpClient(myParams);
response = httpClient.execute(httppost);
String returnedJsonStr = EntityUtils.toString(response.getEntity());
JSONObject jsonObject = new JSONObject(returnedJsonStr);
accessToken = jsonObject.getString("access_token");
if(jsonObject.has("refresh_token"))
refreshToken = jsonObject.getString("refresh_token");

You may ask the client to generate the code PLUS the subsequent refresh token himself. Give him the access to the form above where the refresh_token is generated.
Then you can use refresh_token to generate access_tokens.
Hope it fixes your problem.

405 - Method Not Allowed HttpWebRequest

I have a problem when trying to send a POST request. The sending method looks like this:
Public Sub SendXML(ByVal file As String)
Dim reader As New StreamReader(file)
Dim data As String = reader.ReadToEnd()
reader.Close()
Dim request As HttpWebRequest = WebRequest.Create("http://blah/Request")
request.Method = "POST"
System.Net.ServicePointManager.Expect100Continue = False
Dim bytes As Byte() = System.Text.Encoding.ASCII.GetBytes(data)
request.ContentLength = bytes.Length
Dim oStreamOut As Stream = request.GetRequestStream()
oStreamOut.Write(bytes, 0, bytes.Length)
oStreamOut.Close()
Dim response As HttpWebResponse = request.GetResponse()
End Sub
When running this I get the above error. Through Fiddler I can see that the request looks like:
POST http://blah/Request HTTP/1.1
Host: blah
Content-Length: 322
Proxy-Connection: Keep-Alive
<?xml version="1.0"?>
<Envelope>
<Header>
<UserID>uid</UserID>
<Password>pass</Password>
<SessionID />
<RequestType>GetDetails</RequestType>
<POSCompany>01</POSCompany>
<PackageType>DATA</PackageType>
<ActionType>READ</ActionType>
<SnoopUserID />
</Header>
<Body>
<MagicNumber>124</MagicNumber>
</Body>
</Envelope>
Now looking at this I suspected that it was due to the fact that the server does not accept POST messages. But some other reading suggests that the the URI http://blah/Request has been generated with a proxy and should be /Request so the line should read POST /Request HTTP/1.1
So what would be the common reason for this? And if it is a proxy problem, how is it sorted?
As asked below, I have created a new question for the more specific request. Changing absolute URI to relative in HTTP POST header

There is nothing wrong with the POST request, so the problem must lie elsewhere.
There are a number of other places along the way that could be causing trouble:
There could be a bad proxy between you and the server that is changing the HTTP method
The server could be malfunctioning or simply no support POST
My guess, however, is that the server is doing more than just looking at the HTTP method and is instead giving you a 405 error in response to the RPC call that your XML payload is wrapping.
Some RPC servers will (erroneously) use HTTP status codes like this to indicate that the requested method cannot be executed, or that something else is wrong with the request that is of a permissions and security nature.
If the server is slightly better behaved (and you are lucky), it should be returning additional information in the response body that might indicate where the 405 error is coming from.

Are you missing the Content-Type header required for a POST ?
Read here for details.
I assume it is mandatory.

Your POST appears to be completely invalid. POST data is supposed to be encoded (ie, as multipart/form-data) and use correct content-type (ie, application/x-www-form-urlencoded) with proper encoding and boundaries etc. You are just sending the server a lump of text and I'm not surprised it flips out.
I'm not 100% sure what VB is doing behind the scenes but this MSDN page suggests you need to set the content-type to a supported method and you probably need Content-Disposition: form-data in your headers as well. I found an example that does this and adds the MIME boundaries:
string FileData = "this is test file data\r\n"; // test data to send.
StringBuilder DataString = new StringBuilder();
DataString.Append(dataBoundary + "\r\n");
//This sends the viewstate info
DataString.Append("Content-Disposition: form-data; name=" + HiddenValue
+ "\r\n"
+ dataBoundary + "\r\n");
DataString.Append("Content-Disposition: form-data; name=" + "\"" +
"File1" +
"\"" +
"; filename=" + "\"" + "TestFile3.txt" + "\"" + "\r\n");
DataString.Append("Content-Type: text/plain\r\n\r\n");
DataString.Append(FileData);
DataString.Append(dataBoundary + "\r\n");
DataString.Append("Content-Disposition: form-data; name=" + "\"" +
"Submit1" +
"\"" + "\r\n\r\n" + "Upload\r\n" + dataBoundary + "--\r\n");
That example emulates a file field upload.
For a simpler version you can use request.ContentType = "application/x-www-form-urlencoded" with URL-encoded data like: Dim postData As String = "myURL=http%3A%2F%2Fexample.com%2Findex.php". Note that the format is key=value and the data must be URL-encoded first.
I'm not sure what exactly you need though because a lot depends on what the remote server actually expects for the form and field names. It also depends wether the server is actually following the relevant HTML standards and RFCs. Do you have a working HTML form to use as a guide for what the server expects?