current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
stack overflow careers
Sign up ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free.
up vote 4 down vote favorite
2

I am trying to implement HMAC authentication using the code given here: http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/.

I integrated this code inside my ASP.NET web forms application. I created a folder named "HMACAPI" and added the controllers and filters inside it. I also installed all the required Nuget packages. This is how I am implementing my service methods:

[HMACAuthentication]
[RoutePrefix("api/forms")]
public class FormsController : ApiController
{
    [Route("")]
    public IHttpActionResult Get()
    {
        ClaimsPrincipal principal = Request.GetRequestContext().Principal as ClaimsPrincipal;

        var Name = ClaimsPrincipal.Current.Identity.Name;

        return Ok("test");
    }

    [Route("")]
    public IHttpActionResult Post(string order)
    {
        return Ok(order);
    }
}

This is my route configuration for the API:

GlobalConfiguration.Configure(APIWebFormsProject.API.WebApiConfig.Register);

But when I use client.PostAsJsonAsync(), it's showing Method Not Allowed error. I tried various SO questions but none of their answers are helping.

What I tried:

  1. Removed WebDAV module.

  2. Added [HttpPost] attribute to post method.

I am using "http://localhost:56697/api/forms/" URL to access the API. But I also tried "http://localhost:56697/api/forms" and "http://localhost:56697/api/forms/test".

share|improve this question

This question has an open bounty worth +50 reputation from Aishwarya Shiva ending in 18 hours.

This question has not received enough attention.
    
you need to use GlobalConfiguration.Configuration.Routes.MapHttpRoute instead of RouteTable.Routes.MapHttpRoute – MethodMan Oct 10 at 16:25
    
@MethodMan I tried that. Still not working. And sorry I typed it incorrectly. It's Method Not Allowed error. – Aishwarya Shiva Oct 10 at 16:32
    
Just a check, do you have 'config.MapHttpAttributeRoutes();' as a part of your route configurations. 'config' here is 'HttpConfiguration' in your WebApiConfig – singsuyash Oct 10 at 16:56
    
@singsuyash yes I already did that. – Aishwarya Shiva Oct 10 at 17:04
1  
Can you add sample code detailing your client side calls to the API? – Obsidian Phoenix Oct 14 at 8:00

2 Answers 2

up vote 2 down vote

You are missing a [FromBody] attribute on your method.

In order to use client.PostAsJsonAsync(url, "test"), your method signature should look like this:

[Route("")]
public IHttpActionResult Post([FromBody] string order)
{
    return Ok(order);
}

Likewise, passing a POCO object:

[Route("")]
public IHttpActionResult Post([FromBody] OrderModel order)
{
    return Ok(order);
}
share|improve this answer
    
I tried it but its still giving A task was cancelled. – Aishwarya Shiva Oct 13 at 18:42
    
Does it still do it if you remove the hmac attribute? – Obsidian Phoenix Oct 13 at 18:43
    
Actually its working without HMAC attribute. But I want to use HMAC authentication. – Aishwarya Shiva Oct 13 at 19:17
    
Sure. I just wanted to narrow down the issue. I'll take another look later – Obsidian Phoenix Oct 13 at 19:26
    
Thank you. I will wait for ur answer and mark it if it solves the problem. :) – Aishwarya Shiva Oct 13 at 19:43
up vote 2 down vote

I guess your problem with sending HTTP POST to the endpoint (api/forms) and there is nothing to do with HMACAuth attribute, right?

If this is the case then do not sent Order as String, it should be as an POCO object containing string property, something as the below should work:

public class OrderModel
{
    public string Order { get; set; }
}
share|improve this answer
    
I tried this and also tried your original code. But in both the cases I am getting "Task was cancelled" error. – Aishwarya Shiva Oct 12 at 8:15
    
I just found out its working without HMAC attribute. But I want to use HMAC in my app. What can I do? – Aishwarya Shiva Oct 13 at 19:20

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.