asp.net web api2 - Exception for Request.Path when consuming Web Api 2 from Android -



asp.net web api2 - Exception for Request.Path when consuming Web Api 2 from Android -

i have web api 2 application created controllers uses authentication. written in .net using c#. consuming via android application. initial request works fine validate user , homecoming true. on 2nd url request calling method via web api 2 uses authentication work bombs out request.path exception message.

below android .java files in question.

httphelper class:

package com.example.helpers; import java.io.bufferedreader; import java.io.ioexception; import java.io.inputstreamreader; import java.util.list; import org.apache.http.httpentity; import org.apache.http.httpresponse; import org.apache.http.namevaluepair; import org.apache.http.client.clientprotocolexception; import org.apache.http.client.cookiestore; import org.apache.http.client.entity.urlencodedformentity; import org.apache.http.client.methods.httpget; import org.apache.http.client.methods.httppost; import org.apache.http.client.methods.httpurirequest; import org.apache.http.impl.client.abstracthttpclient; import org.apache.http.impl.client.basiccookiestore; import org.apache.http.impl.client.defaulthttpclient; import android.util.log; public abstract class httphelper { private final static string tag = "httphelper"; private final static string api_url = "http://10.0.2.2/application/api"; private static cookiestore scookiestore; public static string invokepost(string action, list<namevaluepair> params) { seek { string url = api_url + action + "/"; log.d(tag, "url is" + url); httppost httppost = new httppost(url); if (params != null && params.size() > 0) { httpentity entity = new urlencodedformentity(params, "utf-8"); httppost.setentity(entity); } homecoming invoke(httppost); } grab (exception e) { log.e(tag, e.tostring()); } homecoming null; } public static string invokepost(string action) { homecoming invokepost(action, null); } public static string invokeget(string action, list<namevaluepair> params) { seek { stringbuilder sb = new stringbuilder(api_url); sb.append(action); if (params != null) { (namevaluepair param : params) { sb.append("?"); sb.append(param.getname()); sb.append("="); sb.append(param.getvalue()); } } log.d(tag, "url is" + sb.tostring()); httpget httpget = new httpget(sb.tostring()); homecoming invoke(httpget); } grab (exception e) { log.e(tag, e.tostring()); } homecoming null; } public static string invokeget(string action) { homecoming invokeget(action, null); } private static string invoke(httpurirequest request) throws clientprotocolexception, ioexception { string result = null; defaulthttpclient httpclient = new defaulthttpclient(); // restore cookie if (scookiestore != null) { httpclient.setcookiestore((org.apache.http.client.cookiestore) scookiestore); } httpresponse response = httpclient.execute(request); stringbuilder builder = new stringbuilder(); bufferedreader reader = new bufferedreader(new inputstreamreader( response.getentity().getcontent())); (string s = reader.readline(); s != null; s = reader.readline()) { builder.append(s); } result = builder.tostring(); log.d(tag, "result ( " + result + " )"); // store cookie scookiestore = (cookiestore) ((abstracthttpclient) httpclient).getcookiestore(); homecoming result; } }

consuming code:

@override protected string doinbackground(string... arg0) { stringbuilder stringbuilder = new stringbuilder(); string authresult = httphelper.invokeget("<validate_user_via_web_api>"); string nextresult = httphelper.invokeget("<call_web_api_other_method>"); homecoming stringbuilder.tostring(); }

the value of scookiestore within httphelper class:

[[version: 0][name: .aspxauth][value: <long_string_of_numbers_and_characters>][domain: 10.0.2.2][path: /][expiry: null]]

this gets stored in scookiestore variable in httphelper class gets applied httpclient via setcookiestore.

and code web api 2. first 'validate_user_via_web_api' /api/account?username=&userpassword=:

using application.models; using microsoft.aspnet.identity; using microsoft.aspnet.identity.entityframework; using system; using system.collections.generic; using system.linq; using system.net; using system.net.http; using system.threading.tasks; using system.web.http; using system.web.security; namespace application.controllers { [routeprefix("api/account")] public class accountcontroller : apicontroller { private authrepository _repo = null; public accountcontroller() { _repo = new authrepository(); } public bool get(string username, string userpassword) { task<identityuser> iu = _repo.finduser(username, userpassword); if (iu != null) { formsauthentication.setauthcookie(username, false); homecoming true; } homecoming false; } [authorize(roles="application")] [route("register")] public async task<ihttpactionresult> register(usermodel usermodel) { string userid = ""; if (!modelstate.isvalid) { homecoming badrequest(modelstate); } identityresult result = await _repo.registeruser(usermodel); ihttpactionresult errorresult = geterrorresult(result); if (errorresult != null) { homecoming errorresult; } else { task<identityuser> iu = _repo.finduser(usermodel.username, usermodel.password); using (var context = new authcontext()) { var userstore = new userstore<identityuser>(context); var usermanager = new usermanager<identityuser>(userstore); userid = iu.result.id; result = await usermanager.addtoroleasync(userid, "users"); errorresult = geterrorresult(result); if (errorresult != null) { homecoming errorresult; } } } homecoming ok("userid:" + userid); } protected override void dispose(bool disposing) { if (disposing) _repo.dispose(); base.dispose(disposing); } private ihttpactionresult geterrorresult(identityresult result) { if (result == null) homecoming internalservererror(); if (!result.succeeded) { if (result.errors != null) { foreach (string error in result.errors) { modelstate.addmodelerror("", error); } } if (modelstate.isvalid) { homecoming badrequest(); } homecoming badrequest(modelstate); } homecoming null; } } }

the 'call_web_api_other_method' code example:

[authorize(roles="users")] [route("routinename")] public ihttpactionresult getapplicationmethod(string param1, string param2) { //rest of code... }

this 1 causing request.path error. when go url provided, without going first validating user authentication, bombs out instead of getting unauthorized message. url looks similar below , nil within url looks cause error thrown: http://hostname/application/api/data/getapplicationmethod?param1=param_value1&param2=param_value2. when go link straight via browser, authorization has been denied request message should without authenticating request.

putting [system.web.mvc.validateinput(false)] on given method still produces same error well. , httpruntime targetframework="2.0" error still gets thrown. wouldn't maintain these changes in place testing purposes.

handled exception message:

a potentially unsafe request.path value detected client (:)

<b> description: </b>an unhandled exception occurred during execution of current web request. please review stack trace more info error , originated in code. <br><br> <b> exception details: </b>system.web.httpexception: potentially unsafe request.path value detected client (:).<br><br> <b>source error:</b> <br><br> unhandled exception generated during execution of current web request. info regarding origin , location of exception can identified using exception stack trace below.<br> <b>stack trace:</b> <br><br> [httpexception (0x80004005): potentially unsafe request.path value detected client (:).] system.web.httprequest.validateinputifrequiredbyconfig() +12715107 system.web.pipelinestepmanager.validatehelper(httpcontext context) +166 <br> <b>version information:</b>&nbsp;microsoft .net framework version:4.0.30319; asp.net version:4.0.30319.34237

on android side, in invokeget , passing in url without encoding properly

change

httpget httpget = new httpget(sb.tostring());

to

httpget httpget = new httpget(urlencoder.encode(sb.tostring(), "utf-8"));

if using special characters in url, please see adding asp.net config exception

and, in invoke() method add together

request.addheader("host", "http://10.0.2.2");

before httpresponse response = httpclient.execute(request);

you may consider adding other headers depending on server expects.

android asp.net-web-api2

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more