Owin.Security.OAuth don't fire ValidateClientRedirectUri - asp.net

I made a web .net application in C#. I started from the ASP.NET Web application (.NET Framework) template project in Visual Studio.
I added the Owin.Security.OAuth library and I implemented the service provider in my code.
When I run the application with IIS Express it works well. When I try to run the application in the remote IIS server, when I try the login it fails on the authorization phase.
The application got 2 areas (AMSCetra and GestDrivMe) with their controllers and views, and a HomeController (the project default controller) with an Index api method that redirect to the specific areas index.
I tried to debug the difference between local and remote behaviour.
When i work in local IIS Express, the chain of requests to my application is a little different:
call Login method of my AccountController, that redirect to "/" after the account authentication and after getting roles
call OnAuthorization method of my AuthorizeAttribute (the AuthorizationContext's controller's request point to the area's file /AMScetra/AMSCetra)
call AuthorizeCore method of my AuthorizeAttribute (HttpContextBase parameter's request is for the same location of the point 2) and the user is Authenticated and "InRole"
call the specific area's controller Index api method (AMSCetraController.Index)
invoke the ValidateClientRedirectUri method of my AuthProvider (override of the OAuthAuthorizationServerProvider method). Here calls the context Validated method (the context's request is for the HomeController's Index - "https://localhost:44375/")
call Authorize method of my AccountController, that invoke the AuthenticationManager.SignIn(identity) method and returns an EmptyResult
call the HomeController Index (i don't now why) that redirect to the specific Area Index - "~/AMSCetra/AMSCetra/Index" (seems unuseful but in local it works)
call for a second time OnAuthorization method (request is for "/AMSCetra/AMSCetra/Index" as the previous redirection suggest)
call for a second time AuthorizationCore method (HttpContextBase parameter's request is for the same location of the point 8)
call for a second time the specific area's controller Index api method (AMSCetraController.Index)
I can't understand why the AMSCetraController Index is called two times, or why the application needs to call the HomeController Index after, but I can postpone 'cause it works well (in local IIS Express) and it happen only after the login.
But when I publish on the remote IIS, the calls chain skip point 5 (ValidateClientRedirectUri) and at point 6 (Authorize) the chains end, and a blank page is shown with the uri "http://XXX.XXX.XXX.XXX/Account/Authorize?client_id=web&response_type=token&state=".
I tried to debug the low level Owin library to understand the problem, but I don't know how debug a referenced DLL without PDB files. I tried to understand how the library works on the GitHub source code, but it's not the same.
Seems that is involved the Javascript's Knockout library, and a js method called Sammy, but as before I can't debug that source code, but only my code (indifferently in local or in remote).
I can't understand why IIS Express works well but remote IIS server don't, I already tried to force the MachineKey in my solution and in the remote IIS server, but it doesn't resolve.

Related

Restful Web API from Browser

I am using ASP.NET MVC 4 WEB API to create a Restful API service. This is my first go at it, so if you feel I am taking a wrong approach please feel free to correct.
I want to create a rest API (only & not a website, the consumer of the api can decide where they want to consume it), in the past I have used Restful WCF service to achieve this.
I have created a new ASP.NET MVC 4 Web Application and chose the WebAPI project template. I have added a controller class 'CatalogueController.cs' the purpose is on Get() operation I want to return the Catalogue list. The CatalogueDo contains only one property 'Service' of type string.
[System.Web.Http.HttpGet()]
public HttpResponseMessage Get()
{
return Request.CreateResponse(HttpStatusCode.OK, Catalogue);
}
When I run the application the browser loads with the URL http://localhost:5502/ resource not found, if I add the controller name http://localhost:5502/Catalogue/ the browser pops open a notepad with,
[{"Service":"Exchange"},{"Service":"Holidays"}]
The data is correct but
the browser keeps showing resource not found and after my request has been served the URL changes to http://localhost:5502/.
Question,
Am I doing something wrong? Should the response that pops up in the
notepad not be shown as xml in the browser it self?
Why does the controller name get removed from the URL once the request has been served?
Is it at all possible to invoke this REST service from Excel or Power Pivot?

Thinktecture.IdentityModel.45, Routing, wants to invoke identity controller

I'm trying to use Thinktecture.IdentityModel.45 for authentication in ASP.NET Web API.
I'm trying to get the Basic Authentication to work. And have downloaded the source and got the sample to work. (JsBasicAuth).
We have Web API in the same project as a MVC application. And when the test client calls ~/api/identity all handlers and authorization work. But then the framework (web api) tries to invoke a controller called "identity" and the call fails.
{"Message":"No HTTP resource was found that matches the request URI 'http://localhost/app/api/identity'.","MessageDetail":"No type was found that matches the controller named 'identity'."}
Do I need to exclude /identity /token from the routing? What am I missing?
I now discovered the Common project in the sample solution. There is a IdentityController there. And I didn't have that in my own project. Now it works! :)

How Do I Get RouteData Values from a Web Service in .Net 4.0

I am trying to extract an id number from a URL using a web service so that it can be used as a parameter for a where clause in a select statement that produces data from a database based on the id number of a record. That data will then be passed back to the page to populate an element in a jQuery modal popup widow.
Everything works fine with a static id number (ex: string postid = "120"), but I don't know how to get the id number from the URL. I'm using Routing in .Net 4 and the method for accessing Routing in pages does not work in a web service. In pages I just do stuff like var id = RouteData.Values["id"]; and that gets the id, but when i did it in a web service I got an error:
CS0120: An object reference is required for the non-static field,
method, or property 'System.Web.Routing.RouteData.Values.get'
Summary:
I have web service accessed form a details page where I want to get RouteData for the page making the request. I want to do this just as easily as I can on a page using RouteData.Values which is just as easy as the now the obsolete Request.Querystring.
Now I am more confused because although I could easily add a new route for the web service I don't know I would call that using jQuery Ajax because of the webservice.asmx/webmethod syntax.
Right now I have URL: "../webservices/googlemaps.asmx/GetGoogleMap" in my jQuery Ajax, but that is not a real URL. It only exists in jQuery somewhere and the way to call the service using just JavaScript is no a real URL either, its webservice.webmethod() which in this case would be googlemaps.GetGoogleMap().
I will try registering a route for webservices/googlemaps.asmx/GetGoogleMap/postid, but I doubt it will work because GetGoogleMap is not a directory or a querystring.
Get current http request and use RequestContext property to get request context - it has current routing data. For example,
var id = HttpContext.Current.Request.RequestContext.RouteData.Values["id"];
In case of WCF based web service, make sure that service is participating in ASP.NET pipeline (see ASP.NET Compatibility)
EDIT: Sorry for misleading answer - the above will not work unless web service url is registered in routing engine. However, it may not solve your issue of retrieving the id - what kind of service implementation are you using? Are you making a GET request or POST request? Typically, web service handler (asmx) or WCF pipeline should convert GET/POST parameters to method parameters. Post your web service code and how you invoke it.

Can I get information about the IIS7 virtual directory from Application_Start?

I have 3 IIS7 virtual directories which point to the same physical directory. Each one has a unique host headers bound to it and each one runs in its own app pool. Ultimately, 3 instances of the same ASP.NET application.
In the Application_Start event handler of global.asax I would like to identify which instance of the application is running (to conditionally execute some code). Since the Request object is not available, I cannot interrogate the current URL so I would like to interrogate the binding information of the current virtual directory?
Since the host header binding is unique for each site, it would allow me to identify which application instance is starting up. Does anyone know how to do this or have a better suggestion?
When a request is made, and just prior to the HttpApplication instance being created, ASP.NET initializes core objects such as HttpContext, HttpRequest and HttpResponse which means they will exist when you get to the Application_Start event in Global.asax. Thus, in Application_Start, you can get the requesting url like so:
var url = this.Context.Request.Url;

How do I get the host domain name in ASP .NET without using HttpContext.Current.Request?

I've got an ASP .Net application running on IIS7. I'm using the current url that the site is running under to set some static properties on a class in my application. To do this, I'm getting the domain name using this (insde the class's static constructor):
var host = HttpContext.Current.Request.Url.Host;
And it works fine on my dev machine (windows XP / Cassini). However, when I deploy to IIS7, I get an exception: "Request is not available in this context".
I'm guessing this is because I'm using this code in the static constructor of an object, which is getting executed in IIS before any requests come in; and Cassini doesn't trigger the static constructor until a request happens. Now, I didn't originally like the idea of pulling the domain name from the Request for this very reason, but it was the only place I found it =)
So, does anyone know of another place that I can get the host domain name? I'm assuming that ASP .Net has got to be aware of it at some level independent of HttpRequests, I just don't know how to access it.
The reason that the domain is in the request is...that's what's being asked for. For example these are a few stackexchange sites from http://www.stackexchangesites.com/:
http://community.ecoanswers.com
http://www.appqanda.com
http://www.irosetta.com/
If you ping them, you'll see they all point to the same IP/Web Server and be served by the same app (or multiple apps in this case, but the example holds if it was one big one)...but the application doesn't know which one until a host header comes in with the request asking the server for that site. Each request may be to a different domain...so the application doesn't know it.
If however it doesn't change, you could store it as an appSetting in the web.config.
Use global.asax or write a HttpModule and subscribe to start request events. You will have the request passed into your event handler.
Use this instead:
HttpRuntime.AppDomainAppVirtualPath
Or if you want the physical path:
HttpRuntime.AppDomainAppPath
For further reading:
http://weblogs.asp.net/reganschroder/archive/2008/07/25/iis7-integrated-mode-request-is-not-available-in-this-context-exception-in-application-start.aspx

Resources