Getting Bad Request when requesting JWT in web API from Xamarin Forms

Multi tool use
Multi tool use


Getting Bad Request when requesting JWT in web API from Xamarin Forms



So I made a web API that authenticates with JSON Web Tokens, however, I haven't been able to authenticate using the HttpClient from my xamarin forms application. The odd thing is that I can connect without any problem on a console application that I made for testing, and both the console application and the xamarin forms app use almost exactly the same code.



The code in the console app is like this:


public static async Task<AutenticacionModel> PostCredentialsAsync(string UserName, string Password)
{
HttpClient cliente = new HttpClient();
cliente.BaseAddress = new Uri("http://172.25.1.53:9891");
HttpResponseMessage response = new HttpResponseMessage();
string _result = String.Empty;
try
{
string Path = cliente.BaseAddress + "oauth/secreto";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, Path);
string autenticacion = "username=" + UserName + "&password=" + Password + "&grant_type=password";
request.Content = new StringContent(autenticacion, Encoding.UTF8, "application/x-www-form-urlencoded");
response = await cliente.SendAsync(request);
response.EnsureSuccessStatusCode();
_result = await response.Content.ReadAsStringAsync();
}
catch (Exception ex)
{
// something to do
}
return response.Content != null ? JsonConvert.DeserializeObject<AutenticacionModel>(_result) : new AutenticacionModel();
}



And the code in the Xamarin Forms:


public async Task<AutenticacionDTO> GetUsuario(string email, string clave)
{
string JSONAutenticacion;
HttpResponseMessage response = new HttpResponseMessage();

try
{
var client = new HttpClient();

client.BaseAddress = new Uri(GlobalSetting.UrlWebApi);
string Path = client.BaseAddress + "oauth/secreto";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, Path);
string autenticacion = "username=" + email + "&password=" + clave + "&grant_type=password";
request.Content = new StringContent(autenticacion, Encoding.UTF8, "application/x-www-form-urlencoded");
response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
JSONAutenticacion = await response.Content.ReadAsStringAsync();
}
catch (Exception ex)
{
string sss = ex.ToString();
return null;
}
return response.Content != null ? JsonConvert.DeserializeObject<AutenticacionDTO>(JSONAutenticacion) : new AutenticacionDTO();
}



When I use postman to connect to the web API that I have hosted in my local IIS, there's no problem, same with the console application. But whenever I try to connect with the Xamarin Forms App I get a 400 Bad Request response.



The code that makes the Jwt work goes like this:


public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin });
Seguridad _Seguridad = new fovissste.bll.Seguridad();
LoginDTO Usuario = _Seguridad.Login(context.UserName, context.Password).FirstOrDefault();

if (Usuario == null)
{
context.SetError("invalid_grant", "Usuario o contraseña incorrectos");
return;
}

ClaimsIdentity oauthIdentity = new ClaimsIdentity(new ApplicationUser(context.UserName, "JWT"), new { new Claim(ClaimTypes.Role, "Publico") });
var ticket = await Task.Run(() => new AuthenticationTicket(oauthIdentity, null));
context.Validated(ticket);
}



Can anybody help? Is this an issue with Xamarin Forms? I truly require some comments because I honestly can't see what I'm missing. I've read other posts in this site that suggest that it can be an issue of enabling remote requests on IIS or a CORS issue but I think that's handled in this line: context.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin });


context.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin });





Strange, all code seems the same. Try using a tool like Fiddler or Charles to see what is going over the line in each case. That might help figuring out what is going on.
– Gerald Versluis
Jul 3 at 6:21





@GeraldVersluis I had the same idea, but I couldnt configure fiddler to capture my requests, at least I put a filter that indicates "Show only the following hosts" : localhost:9891; but the sessions aren't captured in fiddler
– gerardo flores
Jul 3 at 18:03





Are you running from an emulator or device? In case of a device you should set the device's proxy to your machine where Fiddler is running. On an emulator it normally should just work unless you're using HTTPS
– Gerald Versluis
Jul 3 at 18:06





@GeraldVersluis I'm running from device. Thank you I'll research how to set the proxy in the Android
– gerardo flores
Jul 3 at 18:54





However, it's working now. I don't know exactly what I changed, I simply copied/pasted the code from the console application. Could it have been network related?
– gerardo flores
Jul 3 at 18:55




1 Answer
1



Try the following code:


using (var client = new HttpClient())
{
client.BaseAddress = new Uri("http://172.25.1.53:9891");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

string autenticacion = "?username=" + email + "&password=" + clave + "&grant_type=password";
HttpResponseMessage response = await client.PostAsync(client.BaseAddress + "oauth/secreto", new StringContent(autenticacion, Encoding.UTF8, "application/x-www-form-urlencoded"));

response.EnsureSuccessStatusCode();

string JSONAutenticacion = await response.Content.ReadAsStringAsync();
}



What is the value of Path after this line?


Path


string Path = client.BaseAddress + "oauth/secreto";



Also try to add this line before using (var client... :


using (var client...


System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;



Changed


HttpResponseMessage response = await client.PostAsync(client.BaseAddress + autenticacion, new StringContent(autenticacion));



to


HttpResponseMessage response = await client.PostAsync(client.BaseAddress + "oauth/secreto", new StringContent(autenticacion, Encoding.UTF8, "application/x-www-form-urlencoded"));





didn't work. I must send the request as "application/x-www-form-urlencoded"
– gerardo flores
Jul 3 at 18:04







By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

cFRi7Oheaj1dm6st69ZPQylUxBobcW 7er8CKg8Wee1agwIw7EO HVw
-
DoBsQojqliu0LqOegDZz5,G2l,1,oC,qwo,2b8nxRVmu,zFKLDGqTA K6OeRixwQTgTsJBNmpACY

Popular posts from this blog

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma...
Read more

Do graphics cards have individual ID by which single devices can be distinguished?

Do graphics cards have individual ID by which single devices can be distinguished? I have several graphics cards of the same manufacturer and same model and I want to distinguish them not only by the pcie socket they reside in but by some individual value I can read from the hardware. Is there such value and if so what would it be called and how could I access it? Right now I'm using modern nvidia cards (10xx series) and nvidia inspector.but I'd prefer if there was any value that was also applicable to amd. I have programming and scripting knowledge. I am running Windows 10 1 Answer 1 This is a powershell example to pull information from video cards. The DeviceID is supposed to be unique but only if the manufacturer supports Windows Display Driver Model (WDDM). (I copied this directly from docs.microsoft.com) $strComputer = "." $colItems = get-wmiobject -class "Win32_VideoC...
Read more

Create weekly swift ios local notifications

Create weekly swift ios local notifications I can create daily notifications but not weekly ones using swift 3 ios 10 User Notifications framework. Daily works fine but when I add in the .weekday parameter it doesn't send me a notification. The code is: for i in 1 ... 7 { let center = UNUserNotificationCenter.current(); let content = UNMutableNotificationContent(); content.title = "Title"; content.body = "content"; content.sound = UNNotificationSound.default(); var dateComponents = DateComponents(); dateComponents.weekday = i; // hours is 00 to 11 in string format if (daynight == "am") { dateComponents.hour = Int(hours); } else { dateComponents.hour = Int(hours)! + 12; } // mins is 00 to 59 in string format dateCom...
Read more