web api query - 401 error
-
Dear all, When I call 'api/values', it only allows me login as 'full' user details, but if a login as 'trial' user login details, it throws a 401 error. I would like to ask, if I am missing something in the queries in the user class below or the basicAuthn class:
protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
AuthenticationHeaderValue authValue = request.Headers.Authorization;if (authValue == null || authValue.Scheme != BasicAuthResponseHeaderValue) { return Unauthorized(request); } string\[\] credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authValue.Parameter)).Split(new\[\] { ':' }); if (credentials.Length != 2 || string.IsNullOrEmpty(credentials\[0\]) || string.IsNullOrEmpty(credentials\[1\])) { //return Unauthorized(request); var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("access denied")), }; } ClaimRole user = repository.trial(credentials\[0\], credentials\[1\]); ClaimRole user2 = repository.unlim(credentials\[0\], credentials\[1\]); if (user == null || user2 == null) { var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("access denied")), }; } else { IPrincipal principal = new GenericPrincipal(new GenericIdentity(user.Username, BasicAuthResponseHeaderValue), new string\[\] { user.role }); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; } return base.SendAsync(request, cancellationToken); }User Class
public ClaimRole trial(string username, string password)
{
var query = (from s in db.subs
join u in db.user on s.sUID equals u.uID
where s.sExpiryDate >= DateTime.Now &&
u.uUsername == username &&
u.uPassword == password
select u).FirstOrDefault();if (query != null) { // Build a user and add the ap -
Dear all, When I call 'api/values', it only allows me login as 'full' user details, but if a login as 'trial' user login details, it throws a 401 error. I would like to ask, if I am missing something in the queries in the user class below or the basicAuthn class:
protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
AuthenticationHeaderValue authValue = request.Headers.Authorization;if (authValue == null || authValue.Scheme != BasicAuthResponseHeaderValue) { return Unauthorized(request); } string\[\] credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authValue.Parameter)).Split(new\[\] { ':' }); if (credentials.Length != 2 || string.IsNullOrEmpty(credentials\[0\]) || string.IsNullOrEmpty(credentials\[1\])) { //return Unauthorized(request); var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("access denied")), }; } ClaimRole user = repository.trial(credentials\[0\], credentials\[1\]); ClaimRole user2 = repository.unlim(credentials\[0\], credentials\[1\]); if (user == null || user2 == null) { var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("access denied")), }; } else { IPrincipal principal = new GenericPrincipal(new GenericIdentity(user.Username, BasicAuthResponseHeaderValue), new string\[\] { user.role }); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; } return base.SendAsync(request, cancellationToken); }User Class
public ClaimRole trial(string username, string password)
{
var query = (from s in db.subs
join u in db.user on s.sUID equals u.uID
where s.sExpiryDate >= DateTime.Now &&
u.uUsername == username &&
u.uPassword == password
select u).FirstOrDefault();if (query != null) { // Build a user and add the apI guess the problem is here:
ClaimRole user = repository.trial(credentials[0], credentials[1]);
ClaimRole user2 = repository.unlim(credentials[0], credentials[1]);
if (user == null || user2 == null)If the user does not have BOTH the trial and unlim priviledges, you send the Access Denied message. Use
&&isntead of||. -
I guess the problem is here:
ClaimRole user = repository.trial(credentials[0], credentials[1]);
ClaimRole user2 = repository.unlim(credentials[0], credentials[1]);
if (user == null || user2 == null)If the user does not have BOTH the trial and unlim priviledges, you send the Access Denied message. Use
&&isntead of||.Thank you so much for your response and help. I am sorry to inform, that i have tried using the '&&' operator but I am still getting the same 401 error, when logging in using full query user details. i would like to ask, if their is certain parameter and method, i should be looking into while debugging the code. I really appreciated your help. please advise. Many thanks.
-
Thank you so much for your response and help. I am sorry to inform, that i have tried using the '&&' operator but I am still getting the same 401 error, when logging in using full query user details. i would like to ask, if their is certain parameter and method, i should be looking into while debugging the code. I really appreciated your help. please advise. Many thanks.
then test those two repository.trail / repository.unlim functions. At least one of them has a bug.
-
then test those two repository.trail / repository.unlim functions. At least one of them has a bug.
Thank you for your feedback. i am stuck on little status code issue, regarding this long problem. When I debug the full and trial repository, while login as 'trail' user, 'resp' variable below is highlighted as red with a 404 status code, but on the fiddler testing environment, it displays the url as 401 unauthorized issue.
ClaimRole user = repository.trial(credentials\[0\], credentials\[1\]); ClaimRole user2 = repository.full(credentials\[0\], credentials\[1\]); if (user == null || user2 == null) { var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("access denied")), }; **}**// this bracket is highlighted while debugging through which the local window shows 404 status code else {resp -- {StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.StringContent, Headers:Hence I am little unclear, which error to look into. if you get time, could you please advice on any material i should look into or concentrate on. Many thanks for your time and help.