Sniff request in ActionFilter - asp.net-web-api2

One parameter in a Web API method is unexpectedly null, so I want to inspect the request. In support of this I wrote an ActionFilterAttribute and implemented the OnActionExecuting method. Attempting to retrieve Content as per the code below returns an empty string, but ContentLength says content is 345 bytes and content type is JSON (as expected).
using System.Diagnostics;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Website.ActionFilters
{
public class ActionFilterSniffAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
Task<string> task = actionContext.Request.Content.ReadAsStringAsync();
while (task.Status != TaskStatus.RanToCompletion)
Thread.Sleep(10);
Debug.WriteLine(task.Result);
}
}
}
What is the correct way to get hold of the HTTP request string? Installing Fiddler on the server is not something I'm keen to do.

This mechanism worked for me and is a good explanation of what is occurring.
Web API action filter content can't be read
public override async void OnActionExecuting(HttpActionContext actionContext)
{
System.Net.Http.HttpRequestMessage request = actionContext.Request;
Stream reqStream = await request.Content.ReadAsStreamAsync();
if (reqStream.CanSeek)
{
reqStream.Position = 0;
}
//now try to read the content as string
string data = await request.Content.ReadAsStringAsync();
Debugger.Break();
}

Related

Why does 'InputField' not contain a definition for 'text'?

I'm currently working on a Unity project for a college assignment, and I'm currently trying to connect a login/registration through PlayFab into a teammate's main menu for the game.
I've connected the PlayFabManager.cs script to the Input Fields for the email and password in the Unity editor, and something about my InputFields.cs file is preventing me from making any more progress.
I had to change the passwordInput and emailInput variables to TMP_InputField variables to achieve this, but now I am getting a compilation error in my project that says the following:
Assets\Scripts\InputField.cs(13,24): error CS1061: 'InputField' does not contain a definition for 'text' and no accessible extension method 'text' accepting a first argument of type 'InputField' could be found (are you missing a using directive or an assembly reference?)
Most places I look have people not including the "using UnityEngine.UI;" header at the top of the file, but that's included in my InputField.cs file.
Here's the code for my InputField.cs file:
using UnityEngine;
using System.Collections;
using UnityEngine.UI; // Required when Using UI elements.
public class InputField : MonoBehaviour
{
public InputField mainInputField;
public void Start()
{
mainInputField.text = "Enter text here...";
}
}
Here's the code for my PlayFabManager.cs file:
using System.Collections;
using System.Collections.Generic;
using UnityEngine;
using PlayFab;
using PlayFab.ClientModels;
using Newtonsoft.Json;
using UnityEngine.UI;
using TMPro; // Needed for login input fields
public class PlayFabManager : MonoBehaviour
{
[Header("UI)")]
public Text messageText;
public TMP_InputField emailInput;
public TMP_InputField passwordInput;
// Register/Login/ResetPassword
public void RegisterButton() {
var request = new RegisterPlayFabUserRequest {
Email = emailInput.text,
Password = passwordInput.text,
RequireBothUsernameAndEmail = false
};
PlayFabClientAPI.RegisterPlayFabUser(request, OnRegisterSuccess, OnError);
}
void OnRegisterSuccess(RegisterPlayFabUserResult result) {
messageText.text = "Registered and Logged in";
}
public void LoginButton() {
}
// Start is called before the first frame update
void Start() {
Login();
}
// Update is called once per frame
void Login() {
var request = new LoginWithCustomIDRequest {
CustomId = SystemInfo.deviceUniqueIdentifier,
CreateAccount = true
};
PlayFabClientAPI.LoginWithCustomID(request, OnSuccess, OnError);
}
void OnSuccess(LoginResult result) {
Debug.Log("Successful login/account create.");
}
void OnError(PlayFabError error) {
Debug.Log("Error while loggin in/creating account.");
Debug.Log(error.GenerateErrorReport());
}
}
I would just remove the InputField.cs class as it fixes my errors, but it changes the functionality of the following code that my teammate has contributed:
using System.Collections;
using System.Collections.Generic;
using UnityEngine;
using UnityEngine.UI;
using UnityEngine.SceneManagement;
public class MenuControl : MonoBehaviour
{
public string newGameLevel;
public void NewUser() {
SceneManager.LoadScene(newGameLevel);
}
public void ExitButton() {
Application.Quit();
}
}
Any help would be much appreciated!
Wanted to provide the solution in case this happens to anyone in the future:
I solved the problem by changing the
public InputField mainInputField;
into an input variable that could receive the TMP_Imput like so: public TMPro.TMP_InputField mainInputField;

How to use ReadAsStringAsync in asp.net core MVC controller?

How to use ReadAsStringAsync in asp.net core MVC controller?
The Microsoft.AspNetCore.Mvc.Request does not have Content property. Is there an alternative to this? Thank you!
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using AuthLibrary;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Web;
using System.Web.Http;
using System.Threading.Tasks;
[Microsoft.AspNetCore.Mvc.Route("TestAPI")]
public class TestController : Controller
{
[Microsoft.AspNetCore.Mvc.HttpPost]
[AllowAnonymous]
[Microsoft.AspNetCore.Mvc.Route("Start")]
public async Task<HttpResponseMessage> Start()
{
string req = await this.Request.Content.ReadAsStringAsync();
////
}
}
For Asp.Net Core MVC, you could access the request content with request.Body.
Here is an extension:
public static class HttpRequestExtensions
{
/// <summary>
/// Retrieve the raw body as a string from the Request.Body stream
/// </summary>
/// <param name="request">Request instance to apply to</param>
/// <param name="encoding">Optional - Encoding, defaults to UTF8</param>
/// <returns></returns>
public static async Task<string> GetRawBodyStringAsync(this HttpRequest request, Encoding encoding = null)
{
if (encoding == null)
encoding = Encoding.UTF8;
using (StreamReader reader = new StreamReader(request.Body, encoding))
return await reader.ReadToEndAsync();
}
/// <summary>
/// Retrieves the raw body as a byte array from the Request.Body stream
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public static async Task<byte[]> GetRawBodyBytesAsync(this HttpRequest request)
{
using (var ms = new MemoryStream(2048))
{
await request.Body.CopyToAsync(ms);
return ms.ToArray();
}
}
}
Use:
public async Task<string> ReadStringDataManual()
{
return await Request.GetRawBodyStringAsync();
}
Reference:Accepting Raw Request Body Content in ASP.NET Core API Controllers
You hope you can use .ReadAsStringAsync() on the current MVC request because perhaps you've seen something like this?
using Microsoft.AspNetCore.Mvc;
using System.Net.Http;
using System.Threading.Tasks;
namespace DL.SO.UI.Web.Controllers
{
public class DashboardController : Controller
{
// In order to be able to inject the factory, you need to register in Startup.cs
// services.AddHttpClient()
// .AddRouting(...)
// .AddMvc(...);
private readonly IHttpClientFactory _httpClientFactory;
public DashboardController(IHttpClientFactory httpClientFactory)
{
_httpClientFactory = httpClientFactory;
}
public async Task<IActionResult> Index()
{
var client = _httpClientFactory.CreateClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://www.google.com");
var response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string bodyContent = await response.Content.ReadAsStringAsync();
}
return View();
}
}
}
This is how you use HttpClient to fetch external data/resources in an app. .ReadAsStringAsync() is off an HttpContent, which is the property of either HttpRequestMessage or HttpResponseMessage. Both HttpRequestMessage and HttpResponseMessage are in System.Net.Http namespace.
But now you're in the app itself! Things work a little bit differently. We don't have a response for the request yet (because we haven't done return View();). Hence I assume the content you want to look at is the content of the request coming in?
GET request's content
When a GET request comes in, MVC will automatically bind request's query strings to action method parameters in the controller. They're also available in the Query property off the current Request object:
public IActionResult Index(int page = 1, int size = 15)
{
foreach (var param in Request.Query)
{
...
}
return View();
}
POST request's content
When a POST request comes in, Request.Body might not always have the data you're looking for. It depends on the content type of the POST request.
By default when you're submitting a form, the content type of the request is form-data. MVC then will bind the inputs to your view model as the action parameter:
[HttpPost]
public async Task<IActionResult> Close(CloseReservationViewModel model)
{
Request.Form // contains all the inputs, name/value pairs
Request.Body // will be empty!
...
}
If you use jQuery to fire POST requests without specifying the contentType, it defaults to x-www-form-urlencoded:
#section scripts {
<script type="text/javascript">
$(function() {
$.ajax({
url: '#Url.Action("test", "dashboard", new { area = "" })',
data: {
name: 'David Liang',
location: 'Portland Oregon'
},
method: 'POST'
}).done(function (response) {
console.info(response);
});
});
</script>
}
[HttpPost]
public async Task<IActionResult> Test()
{
string body;
using (var reader = new StreamReader(Request.Body))
{
body = await reader.ReadToEndAsync();
}
return Json(body);
}
Conclusion
If you want to use HttpClient to call external services inside your MVC app, you can utilize IHttpClientFactory, HttpClient from System.Net.Http and get a HttpContent from either the request or response without too much trouble. Then you can do ReadAsStringAsync() off it.
If you want to peek on the request data sent from the client to your MVC app, MVC has already done so much to help you bind the data using model binding. You can also read request's body for POST requests with a StreamReader. Just pay attention that depends on the content type, Request.Body might not have what you expect.

Asp.Net Core 2.1 - Authorize based on content in request

I am exposing an endpoint for integration with a 3rd party and their requirement is for me to authorize their requests to my endpoint based on a key passed in the body being posted. My code will then needs to validate that the passed key matches some predetermined value on my side. The incoming model will look something like this:
public class RequestBase
{
public string ApiKey { get; set; }
...
}
Exploring the options for Authorization in ASP.NET Core I don't really see a match for what I am attempting to do. I am thinking a custom AuthorizeAttribute from this question would work but I'm not having any luck and get a 401 regardless of what I do. This is what I have so far:
[AttributeUsage(AttributeTargets.Class)]
public class MyAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
private static IEnumerable<string> _apiKeys = new List<string>
{
"some key... eventually will be dynamic"
};
public void OnAuthorization(AuthorizationFilterContext context)
{
var req = context.HttpContext.Request;
req.EnableRewind();
using (var reader = new StreamReader(req.Body, Encoding.UTF8, true, 1024, true))
{
var bodyStr = reader.ReadToEnd();
var isAuthorized = _apiKeys.Any(apiKey => bodyStr.Contains(apiKey));
if (!isAuthorized)
{
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
return;
}
}
req.Body.Position = 0;
}
}
When the key is not found in the body the 403 is returned as expected. However, when the key is found the result I get back is still a 401. Almost seems as if the base.OnAuthorization is being called. I have other endpoints that use a standard AurhorizeAttribute. They work as expected when only if I pass in a JWT.
Questions:
Am I on the right path with a custom AuthorizeAttribute or is there a better way?
If a customer AuthorizeAttribute is the right path... what am I missing?
Appreciate any help!
For using your own authorize logic with IAuthorizationFilter, you should not use with AuthorizeAttribute which will check the Authentication with default authentication schema.
Try to change AuthorizeAttribute to Attribute.
[AttributeUsage(AttributeTargets.Class)]
public class KeyAuthorizeAttribute : Attribute, IAuthorizationFilter
{

ASP.NET Core Integration Test for controller action

Microsoft documentation (https://learn.microsoft.com/en-us/aspnet/core/testing/integration-testing) explain how to implement an integration test using the TestServer class. It is easy in case we are using WEB API because we get the serialized model as response from the action.
But in case I want to test a Controller action returning an HTML View containing some data, how can I evaluate that the page content is what I expect (avoiding to scan the HTML page contents) ?
One option is to use Automated UI Testing using something like Selenium
In order to append this JSON serialized view model to your page, I implemented the following filter:
using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc.ModelBinding;
using Newtonsoft.Json;
using Ticketino.Web.Components.Extensions.Request;
using Ticketino.Web.OnlineShop.Serializations;
using Ticketino.Web.OnlineShop.ViewModels.Base;
namespace Ticketino.Web.OnlineShop.Filters
{
/// <summary>
/// This is a filter used only for integration tests.
/// It format the ViewModel as jSon and appends it to the end of HMTL page, so that it can be deserialized from the test in order to check its values.
/// </summary>
/// <seealso cref="Microsoft.AspNetCore.Mvc.Filters.ResultFilterAttribute" />
[AttributeUsage(AttributeTargets.Method)]
public class IntegrationTestFilterAttribute : ResultFilterAttribute
{
public const string StartViewModelContainer = "<script type=\"model/json\">";
public const string EndViewModelContainer = "</script>";
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
if (!filterContext.ModelState.IsValid)
{
var viewResult = filterContext.Result as ViewResult;
if (viewResult?.Model is BaseViewModel)
{
var errors = IntegrationTestFilterAttribute.GetModelErrors(filterContext.ModelState);
((BaseViewModel)viewResult.Model).ValidationErrors = errors;
}
}
base.OnResultExecuting(filterContext);
}
public override void OnResultExecuted(ResultExecutedContext filterContext)
{
if (!filterContext.HttpContext.Request.IsAjaxRequest())
{
var viewResult = filterContext.Result as ViewResult;
if (viewResult?.Model != null)
{
var jsonViewModel = string.Concat(
IntegrationTestFilterAttribute.StartViewModelContainer,
JsonConvert.SerializeObject(viewResult.Model, Formatting.None, CommonJsonSerializerSettings.Settings()),
IntegrationTestFilterAttribute.EndViewModelContainer);
filterContext.HttpContext.Response.WriteAsync(jsonViewModel);
}
}
base.OnResultExecuted(filterContext);
}
#region Private methods
private static IDictionary<string, string> GetModelErrors(ModelStateDictionary errDictionary)
{
var errors = new Dictionary<string, string>();
//get all entries from the ModelStateDictionary that have any errors and add them to our Dictionary
errDictionary.Where(k => k.Value.Errors.Count > 0).ForEach(i =>
{
foreach (var errorMessage in i.Value.Errors.Select(e => e.ErrorMessage))
{
errors.Add(i.Key, errorMessage);
}
});
return errors;
}
#endregion
}
}
Then, in ConfigureServices(IServiceCollection serviceCollection) method inject it when you run integration test as show:
// Filter to append json serialized view model to buttom html response page, in order to eveluate from integration test class
if (_hostingEnvironment.IsIntegrationTest())
{
mvcBuilder.AddMvcOptions(opt => { opt.Filters.Add(new IntegrationTestFilterAttribute()); });
}

ASP.Net Web API - The remote server returned an error: (405) Method Not Allowed

I am using the new MVC4 ASP.Net Web API system.
I am calling my API in a test project using WebClient. If I use GET or POST, it works fine. If I use anything else, I get Method Not Allowed. I am actually "faking" the method by injecting the following header. I am doing this because my end users will also have to do this due to the limitations of some firewalls.
I am calling the URL via IIS (i.e. not cassini) - e.g. http://localhost/MyAPI/api/Test
wc.Headers.Add("X-HTTP-Method", "PUT");
I tried adjusting the script mappings in IIS, but as there is no extension, I don't know what I am meant to be adjusting!
Any ideas?
Regards
Nick
The X-HTTP-Method (or X-HTTP-Method-Override) header is not supported out of the box by Web API. You will need to create a custom DelegatingHandler (below implementation assumes that you are making your request with POST method as it should be):
public class XHttpMethodDelegatingHandler : DelegatingHandler
{
private static readonly string[] _allowedHttpMethods = { "PUT", "DELETE" };
private static readonly string _httpMethodHeader = "X-HTTP-Method";
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.Method == HttpMethod.Post && request.Headers.Contains(_httpMethodHeader))
{
string httpMethod = request.Headers.GetValues(_httpMethodHeader).FirstOrDefault();
if (_allowedHttpMethods.Contains(httpMethod, StringComparer.InvariantCultureIgnoreCase))
request.Method = new HttpMethod(httpMethod);
}
return base.SendAsync(request, cancellationToken);
}
}
Now you just need to register your DelegatingHandler in Global.asax:
protected void Application_Start(object sender, EventArgs e)
{
GlobalConfiguration.Configuration.MessageHandlers.Add(new XHttpMethodDelegatingHandler());
...
}
This should do the trick.