Results 1 to 12 of 12

Thread: HttpWebRequest with BASIC Authorization

  1. #1

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    HttpWebRequest with BASIC Authorization

    I am having a hard time getting this POST to work.

    First - this is a CURL command that someone gave me to SEND A TEXT message...

    Code:
    curl -X POST https://app.xxxxxxx.com/api/v3/xxxxxxxx 
         -H "accept: application/json"
         -H "authorization: Basic YTA1MThkNjZkYm...azNhamNod0VRUGRhdk1aZw==" 
         -H "Content-Type: application/json" 
         -d "{\"sms\": {\"body\": \"TEST\",\"phone_numbers\": [\"1112223333\"]}}"
    And this is the code in VB .Net attempting the same POST.

    Code:
        Function sendRequest(apikey As String, url As String, actionttype As String, actionstring As String) As String
    
            Dim postString As String = actionstring ' postXml.Declaration.ToString & postXml.ToString
    
            Dim urlString As String = url.Replace("Action", actionttype)
    
            Dim request As HttpWebRequest = DirectCast(WebRequest.Create(urlString), HttpWebRequest)
            request.Method = "POST"
            request.AllowWriteStreamBuffering = False
            request.PreAuthenticate = True
            request.Headers.Add("Authorization", "Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==")
            request.Accept = "application/json"
            request.ContentType = "application/json"
            request.ContentLength = postString.Length
            request.KeepAlive = True
    
            Dim outputstream As Stream = request.GetRequestStream()   '<<<< ****** blows up here
            Dim postBytes As Byte() = Encoding.ASCII.GetBytes(postString)
            outputstream.Write(postBytes, 0, postBytes.Length)
    
            Dim response As WebResponse = request.GetResponse()
            Dim datastream As Stream = response.GetResponseStream()
            Dim datareader As StreamReader = New StreamReader(datastream)
            Dim textstring As String = datareader.ReadToEnd()
    
            outputstream.Close()
            response.Close()
    
            Return textstring
        End Function
    Error I get is: {"The underlying connection was closed: An unexpected error occurred on a send."}

    Anyone have experience with BASIC Authentication?

    I think that the token I'm using that works for the other person, is somehow specific to when they used an api_key and secret to get that token from a "test" website for checking out how the API works.

    I think I need to use the api key and secret to get my own token.

    But then again, they say this token they got over 24 hours ago is still working. And it's even still working after they used the key and secret to get a new token.

    TIA!

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  2. #2
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: HttpWebRequest with BASIC Authorization

    I wonder if there's something else encoded in the token that makes it source specific - like mac address or ip address... or.... shrug... something. See if you can get your own token and if that works. If it does, then it's picking something out of the client to make it unique or something to prevent token sharing, which sounds extremely picky.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  3. #3
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: HttpWebRequest with BASIC Authorization

    First thing first.
    Does it works on let's say postman?
    Make sure it works. I have a sample at the office but I'm not sure it encrypt the token. If I have time tomorrow and you haven't found a solution yet I'll give it a look.
    Also this line:
    request.Headers.Add("Authorization", "Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==")
    Maybe it's 100% legit but why do I get tziizzzzss when looking at it... Basic and also the key with a space?...OK, maybe...

    Edit.
    Well I'll be...Stupid forms trying to imitate web. Anyhow
    Have a look here also.
    https://learn.microsoft.com/en-us/do...r?view=net-7.0
    Last edited by sapator; Apr 19th, 2023 at 01:09 PM.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  4. #4
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: HttpWebRequest with BASIC Authorization

    Quote Originally Posted by sapator View Post
    First thing first.
    Does it works on let's say postman?
    Make sure it works. I have a sample at the office but I'm not sure it encrypt the token. If I have time tomorrow and you haven't found a solution yet I'll give it a look.
    Also this line:
    request.Headers.Add("Authorization", "Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==")
    Maybe it's 100% legit but why do I get tziizzzzss when looking at it... Basic and also the key with a space?...OK, maybe...

    Edit.
    Well I'll be...Stupid forms trying to imitate web. Anyhow
    Have a look here also.
    https://learn.microsoft.com/en-us/do...r?view=net-7.0
    1) No, postman does not encrypt the token. It should just take what you pass as the authorization and pass it right along. That's how it works with our bearer tokens ...
    2) Yes, that header is correct. It translates to:
    Code:
    Authorization:Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==
    You need to tell it what kind of authorization you're using, None, Bearer, Basic, etc ... followed by the token (if needed).

    I suspect the token is bad in some regard. Although it should be throwing a 403 error if it is, and not just some message.
    Is there an HTTP Error code that it is returning along with the message? Or just the message by itself?


    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  5. #5
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: HttpWebRequest with BASIC Authorization

    Quote Originally Posted by techgnome View Post
    1) No, postman does not encrypt the token. It should just take what you pass as the authorization and pass it right along. That's how it works with our bearer tokens ...
    2) Yes, that header is correct. It translates to:
    Code:
    Authorization:Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==
    You need to tell it what kind of authorization you're using, None, Bearer, Basic, etc ... followed by the token (if needed).

    I suspect the token is bad in some regard. Although it should be throwing a 403 error if it is, and not just some message.
    Is there an HTTP Error code that it is returning along with the message? Or just the message by itself?


    -tg
    I was referring on vb encrypting the token not postman, I mean that I do not use an encryption at the office just the token on the database.

    So I'm having a look here.
    You might want to try the basics
    So in your code as I see it, loose some stuff in the code and try this:


    Code:
            Dim postString As String = actionstring ' postXml.Declaration.ToString & postXml.ToString
    
            Dim urlString As String = url.Replace("Action", actionttype)
            Dim request As HttpWebRequest = DirectCast(WebRequest.Create(urlString), HttpWebRequest)
            request.Method = "POST"              
            request.Headers.Add("Authorization", "Basic YTA1MThkNj.....hamNod0VRUGRhdk1aZw==")
            request.Accept = "application/json"
            request.ContentType = "application/json"              
            Dim outputstream As Stream = request.GetRequestStream()
    Also what urlString value is?
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  6. #6

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: HttpWebRequest with BASIC Authorization

    It's the .Net version that the website is using on the backend IIS server.

    When I create a test app with:

    Assembly System.Net.Requests, Version=5.0.0.0,

    Things run fine.

    The website is using either .Net 2 or 3

    I'm sure upgrading that will cause a ton of other issues.

    Is it possible to put code up on IIS that runs a newer version of .Net? How would I even go about that?

    [edit] the server only goes up to .Net 4.5 right now [/edit]
    Last edited by szlamany; Apr 20th, 2023 at 02:54 PM.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  7. #7
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: HttpWebRequest with BASIC Authorization

    I'm not sure I understood the problem.
    The Authorization can run on 4.5 as per microsoft and I'm guessing by request you mean WebRequest:
    https://learn.microsoft.com/en-us/do...tframework-4.5
    OR on 2.0
    https://learn.microsoft.com/en-us/do...tframework-2.0

    I don't think IIS will complain for your version and even if so, you can alter the call on IIS and let it do your 5.0 or 7.0 or whatever version in the server.
    But again not sure about the issue. Anyhow it should not matter, if it works on postman it would probably work on lower versions as doing a post should be a common protocol.
    Have a look here:
    https://www.codeproject.com/Articles...C-A-walkthroug
    I'm not sure about Json tho.I think you need 3.5 framework.
    Anyhow if the website is using .net 2 it's so ancient I would be inclined to change it.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  8. #8

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: HttpWebRequest with BASIC Authorization

    I've got fiddler downloaded and the call that works goes to the URL as app.xxx.com:443

    and the one that does not work has the same app.xxx.com, just without the :443.

    So this comes down to a .Net library handing SSL and TLS differently?

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  9. #9

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: HttpWebRequest with BASIC Authorization

    Getting a bit further along now...

    Moved to an older PC, with .Net 4.5 installed...

    Now get the error: "The request was aborted. Could not create SSL/TLS secure channel."

    At least I have a better error message to debug with now...

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  10. #10
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: HttpWebRequest with BASIC Authorization

    Yeah that is better.
    To my understanding an SSL would run on https not http (correct me if I'm wrong) , so the port should be 4443 .
    There is a setting on Visual studio but is it only for Web Api. You go to project properties and on the properties windows there is a field called SSL Enable . Do you see that?
    Edit. No it can also go to 443, my bad...I'm thinking it over...
    Last edited by sapator; Apr 21st, 2023 at 08:42 AM.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  11. #11
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,763

    Re: HttpWebRequest with BASIC Authorization

    OK.
    2 options.
    If possible you need to enable the SSL/TLS . If it is an newer server version, then it probably have closed the old 1.0 SSL/TLS for the sake of 1.2 .
    However enabling 1.0 will diminish your security.

    If you can figure out this, it's SSL agnostic but requires a certificate.

    Code:
       Dim authResult As AuthenticationResult = Nothing
       Dim app As IConfidentialClientApplication = ConfidentialClientApplicationBuilder.Create("xx).WithAuthority("xxx").WithCertificate(certX509).Build()
       authResult = app.AcquireTokenForClient({$"https://azurexxx"}).ExecuteAsync().Result()
       Dim httpClient = New HttpClient
       httpClient.DefaultRequestHeaders.Authorization = New AuthenticationHeaderValue("Bearer", authResult.AccessToken)
       Dim response As HttpResponseMessage = httpClient.PostAsync(...
    However this is for MS graph so I get the token from https://graph.microsoft.com/.default , I don't know how to create a valid token myself.
    Last edited by sapator; Apr 21st, 2023 at 09:47 AM.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  12. #12

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: HttpWebRequest with BASIC Authorization

    I went down the ms graph path a few months ago and ran into this same TLS hell (and simply never succeeded in that attempt)...I need to upgrade my web app to .Net 5.0 very soon - going to be a long, long weekend.

    Right now, for this client server, sending this POST outside that network, they are going to set some registry bits to "1" to allow .Net 3.5 to work. We already did this at a prior client site last October - steps found under this link. Hoping it works here.

    https://learn.microsoft.com/en-us/do...rogramming/tls

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width