How to build valid PUT rest call that requires CSRF token - vb.net

I get the "400" error when i do this PUT call (vb.net).
What am i doing wrong?
Dim wRequest As HttpWebRequest = DirectCast(HttpWebRequest.Create("https://localhost:8444/api/route/1802/state"), HttpWebRequest)
wRequest.Method = "PUT"
wRequest.ContentType = "text/plain"
Dim stringData As String = "STOP"
Dim data = Encoding.ASCII.GetBytes(stringData)
wRequest.ContentLength = data.Length
Dim newStream = wRequest.GetRequestStream()
newStream.Write(data, 0, data.Length)
newStream.Close()
wResponse = DirectCast(wRequest.GetResponse(), HttpWebResponse)
The last line throw the 400.
this call doc

X-CSRF-Token was missing.
Do a GET and store the CSRF token from the response.
If(String.IsNullOrWhiteSpace(_csrfToken))
_csrfToken = wResponse.Headers("X-CSRF-Token")
End If
Add the token to PUT request before the "GetResponse"
If(not String.IsNullOrWhiteSpace(_csrfToken))
wRequest.Headers("X-CSRF-Token") = _csrfToken
End If
Note: X-CSRF-Token have the lifespan of the session.

Related

VB.NET ~ PUT WebRequest raising exceptions when trying to GetResponse of it

I am getting TWO exceptions. The first one in the regular code and the second into the exception handling block.
I have this function (below) that supposed to change user settings in a Web API using PUT method. Everything runs fine until the point that I try to get a response from the web request. Then it raises the first exception (unknown) and when I try to handle the error I get a second exception "Object reference not set to an instance of an object".
As far as I know normally what will cause this error is the attempt of getting a response of an unassigned web request, but in this case it IS assigned and the Uri is valid. All the credentials for authorization are correct too.
This is my code:
Try
Dim webRequest As System.Net.HttpWebRequest
webRequest = System.Net.HttpWebRequest.Create(InternalSettings.APIurl + "/config")
webRequest.Headers("Authorization") = InternalSettings.APIpwd
webRequest.Headers("API-Application-Key") = InternalSettings.APIkey
webRequest.Method = "PUT"
webRequest.ContentType = "application/x-www-form-urlencoded"
Dim postData As String = ""
postData += "SaveAllCustomersData=false"
Dim byteArray As Byte() = Encoding.UTF8.GetBytes(postData)
Dim dataStream As Stream = webRequest.GetRequestStream()
dataStream.Write(byteArray, 0, byteArray.Length)
dataStream.Close()
'The next line will raise an unknown exception
Dim myHttpWebResponse As HttpWebResponse = webRequest.GetResponse
Dim responseReader As StreamReader = New StreamReader(myHttpWebResponse.GetResponseStream())
Dim responseData As String = responseReader.ReadToEnd()
responseReader.Close()
webRequest.GetResponse().Close()
Catch ex As WebException
'The next line will raise a "Object reference not set to an instance of an object" exception
Dim resp = New StreamReader(ex.Response.GetResponseStream()).ReadToEnd()
Dim obj = JsonConvert.DeserializeObject(resp)
Return False
End Try
If you are using basic authentification you can try something like this:
Dim strUrl As String = InternalSettings.APIurl + "/config"
Dim request As WebRequest = DirectCast(WebRequest.Create(strUrl), HttpWebRequest)
Dim strResponse As String = ""
Dim byteAuth() As Byte = Encoding.UTF8.GetBytes(InternalSettings.APIkey & ":" & InternalSettings.APIpwd)
Dim strPost As String = "SaveAllCustomersData=false"
Dim bytePost() As Byte = Encoding.UTF8.GetBytes(strPost)
request.ContentType = "application/x-www-form-urlencoded"
request.Method = "PUT"
request.Headers.Add("Authorization", "Basic " & Convert.ToBase64String(byteAuth))
Using sw = New StreamWriter(request.GetRequestStream())
sw.Write(bytePost, 0, bytePost.Length)
sw.Flush()
Using response As HttpWebResponse = request.GetResponse()
Using sr = New StreamReader(response.GetResponseStream())
strResponse = sr.ReadToEnd()
End Using
End Using
End Using

WebRequest with Bearer Authorization in VB.NET

I would need to send a POST request to a remote server, which requires a Bearer Authorization.
this is my VB.NET code:
Public Shared Function syncAsana() As String
Dim result As String
Try
Dim token As String = "TOKEN"
Dim uri As String = "https://URL/api/1.0/tasks"
Dim postData As String = "assignee=email&notes=TEST_NOTES&name=NOME 1&projects=123985"
Dim byteArray As Byte() = Encoding.UTF8.GetBytes(postData)
Dim request As WebRequest = WebRequest.Create(uri)
request.Method = "POST"
request.PreAuthenticate = True
request.Headers.Add("Authorization", "Bearer " & token)
request.ContentType = "application/x-www-form-urlencoded"
request.ContentLength = byteArray.Length
Dim dataStream As Stream = request.GetRequestStream()
dataStream.Write(byteArray, 0, byteArray.Length)
dataStream.Close()
Dim response As WebResponse = request.GetResponse()
Using dataStream1 As Stream = response.GetResponseStream()
................
result = responseFromServer
End Using
response.Close()
Catch ex As Exception
result = ex.Message
End Try
Return result
End Function
the problem is that I always get the error The underlying connection was closed: An unexpected error occurred on a receive
the same request made with jquery / ajax or with curl works.
I have tried both from the local server launched by visual studio, and by putting the code on the production server.
could you tell me where i'm wrong?

PayPal Get Access Token vb.net The request was aborted: Could not create SSL/TLS secure channel

I have a few questions on calling Grant Access Token API of PayPal, below is my code:
Public Function testAPI() As String
Dim data As StringBuilder
Dim byteData() As Byte
Dim request As HttpWebRequest
Dim response As HttpWebResponse = Nothing
Dim postStream As Stream = Nothing
Dim reader As StreamReader
Dim Result As String = ""
request = DirectCast(WebRequest.Create("https://api.sandbox.paypal.com/v1/oauth2/token"), HttpWebRequest)
request.Headers.Add("Username", "XXXXXXXXXX")
request.Headers.Add("Password", "XXXXXXXXXX")
data = New StringBuilder("{""grant_type"":""client_credentials""}")
request.ContentType = "application/x-www-form-urlencoded"
request.Method = WebRequestMethods.Http.Post
byteData = UTF8Encoding.UTF8.GetBytes(data.ToString())
request.ContentLength = byteData.Length
postStream = request.GetRequestStream()
postStream.Write(byteData, 0, byteData.Length)
If Not postStream Is Nothing Then postStream.Close()
response = DirectCast(request.GetResponse(), HttpWebResponse)
reader = New StreamReader(response.GetResponseStream())
Result = reader.ReadToEnd().ToString
Return Result
End Function
Am I passing Username and Password in right way?
Am I passing "grant_type":"client_credentials" in right way?
I keep getting error: The request was aborted: Could not create SSL/TLS secure channel. I have tried to add some code that I searched from google:
ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
request.ProtocolVersion = HttpVersion.Version11
But it still failed and return same error message. Please help.

Error trying to Create ASANA Project in VB.NET

I am getting an error:
400 Bad request
when trying to create a project via vb.net in asana.
Note: The ApiKey I am using works when I use it in other vb.net code to get the list of workspaces which is where I got my workspace ID.
Here is my code; I would be grateful for any insight...
Public Sub main()
Dim address As Uri
address = New Uri("https://app.asana.com/api/1.0/projects")
Dim ApiKey As String
ApiKey = "<my api key>"
Dim basicAuthenticationString As String
basicAuthenticationString = Convert.ToBase64String(New UTF8Encoding().GetBytes(ApiKey + ":"))
' Create the web request
Dim request As HttpWebRequest
request = DirectCast(WebRequest.Create(address), HttpWebRequest)
request.Headers("Authorization") = "Basic " & basicAuthenticationString
request.Method = "POST"
request.ContentType = "application/json"
Dim postData As String = "{""data"":[{""name"":""Randy Test Project"",""notes"":""Randy Test Project Notes"",""workspace"":5272875888767}]}"
Dim byteArray As Byte() = Encoding.UTF8.GetBytes(postData)
request.ContentLength = byteArray.Length
Dim dataStream As Stream = request.GetRequestStream()
dataStream.Write(byteArray, 0, byteArray.Length)
dataStream.Close()
Dim response As HttpWebResponse = request.GetResponse()
Console.WriteLine(CType(response, HttpWebResponse).StatusDescription)
dataStream = response.GetResponseStream()
Dim reader As New StreamReader(dataStream)
Dim responseFromServer As String = reader.ReadToEnd()
Console.WriteLine(responseFromServer)
reader.Close()
dataStream.Close()
response.Close()
Exit Sub
End Sub
I was able to figure it out, My address needed to be:
Dim address As Uri = New Uri("app.asana.com/api/1.0/teams/22956925957833/projects")
Then my postData needed to be:
Dim postData As String = "{""data"":{""name"":""Randy Test Project"",""notes"":""Randy Test Project Notes""}}"
Alternatively, you can specify the team or workspace in the post data. When you get a 400 Bad Request the body of the error response will tell you which fields were actually missing/invalid.

How to log into router with HttpWebRequest?

I'm trying to figure out how to successfully log into a DSL-Router (Model: Speedport w504v Type A).
I wrote a function usinig HttpWebRequest and HttpWebResponse. So far this function is not finished and is only for finding out the right login process.
Public Function DoRequest(ByVal url As String, ByVal password As String, ByVal container As CookieContainer) As String
'Login Request
Dim reqLogin As HttpWebRequest = DirectCast(HttpWebRequest.Create("https://speedport.ip/cgi-bin/login.cgi"), HttpWebRequest)
reqLogin.CookieContainer = container
reqLogin.Method = "POST"
reqLogin.Referer = "https://speedport.ip/hcti_start_passwort.stm"
reqLogin.KeepAlive = True
reqLogin.Host = "speedport.ip"
reqLogin.ContentType = "application/x-www-form-urlencoded"
reqLogin.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
reqLogin.Headers.Add("Accept-Language", "de-de,de;q=0.8,en-us;q=0.5,en;q=0.3")
reqLogin.Headers.Add("Accept-Encoding", "gzip, deflate")
'Login Data
Dim encoding As New ASCIIEncoding()
Dim data As String = Uri.EscapeDataString("pws") & "=" & Uri.EscapeDataString(password)
Dim bytes As Byte() = encoding.GetBytes(data)
reqLogin.ContentLength = bytes.Length
Dim stream As Stream = reqLogin.GetRequestStream
stream.Write(bytes, 0, bytes.Length)
stream.Close()
'Login Response
Dim resLogin As HttpWebResponse = DirectCast(reqLogin.GetResponse(), HttpWebResponse)
'Receive Cookie
Dim CookieHeaderValue As String = reqLogin.Headers.Get("Cookie")
If CookieHeaderValue <> Nothing Then
Dim aCookie As String() = CookieHeaderValue.Split("=")
Dim Cookie As New Cookie
Cookie.Domain = "speedport.ip"
Cookie.Path = "/"
Cookie.Secure = True
Cookie.Name = aCookie(0)
Cookie.Value = aCookie(1)
container.Add(Cookie)
End If
'Url Request
Dim reqIndex As HttpWebRequest = DirectCast(HttpWebRequest.Create(url), HttpWebRequest)
reqIndex.CookieContainer = container
reqIndex.Method = "GET"
reqIndex.Referer = "https://speedport.ip/wait_login.stm"
reqIndex.KeepAlive = True
reqIndex.Host = "speedport.ip"
reqIndex.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
'Url Content
Dim resIndex As HttpWebResponse = DirectCast(reqIndex.GetResponse(), HttpWebResponse)
Dim sr As StreamReader = New StreamReader(resIndex.GetResponseStream())
Dim output As String = sr.ReadToEnd
resIndex.Close()
Return output
End Function
Unfortunately I don't get the right content. Instead I'm getting the sitecontent from an Error-Page saying:
double administration access!
This site is returned when you try to login but there is another session already running.
So maybe I'm already successfully logged in but don't get the site content.
I get the header information from an Firefox AddOn called HTTP Live Header.
I also tried to run curl but also did not work:
curl -d "pws=PASSWORD" -c cookies.txt -e https://speedport.ip/hcti_start_passwort.stm -k https://speedport.ip/cgi-bin/login.cgi
curl -c cookies.txt -e https://speedport.ip/wait_login.stm -k https://speedport.ip/index.stm
Maybe someone has an idea what's going wrong.
Using Fiddler I figured it out. I've to set also the User Agent Header for the first request.
reqLogin.UserAgent = "YOUR USERAGNET STRING"
Furthermore I don't have to get the value for reqLogin.Headers.Get("Cookie").
It's already set to the CookieContainer so cancel the "Receive Cookie" part.