7

I am trying to implement HMAC authentication using the code given here: http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/.

I integrated this code inside my ASP.NET web forms application. I created a folder named "HMACAPI" and added the controllers and filters inside it. I also installed all the required Nuget packages. This is how I am implementing my service methods:

[HMACAuthentication]
[RoutePrefix("api/forms")]
public class FormsController : ApiController
{
    [Route("")]
    public IHttpActionResult Get()
    {
        ClaimsPrincipal principal = Request.GetRequestContext().Principal as ClaimsPrincipal;

        var Name = ClaimsPrincipal.Current.Identity.Name;

        return Ok("test");
    }

    [Route("")]
    public IHttpActionResult Post(string order)
    {
        return Ok(order);
    }
}

This is my route configuration for the API:

GlobalConfiguration.Configure(APIWebFormsProject.API.WebApiConfig.Register);

But when I use client.PostAsJsonAsync(), it's showing Method Not Allowed error. I tried various SO questions but none of their answers are helping.

What I tried:

  1. Removed WebDAV module.

  2. Added [HttpPost] attribute to post method.

I am using "http://localhost:56697/api/forms/" URL to access the API. But I also tried "http://localhost:56697/api/forms" and "http://localhost:56697/api/forms/test".

UPDATE

As suggested by Obsidian Phoenix I was able to run it without [HMACAuthentication] attribute. But I want to implement this with HMAC authentication. So, what can be the reasons for this?

Improve this question
10
  • you need to use GlobalConfiguration.Configuration.Routes.MapHttpRoute instead of RouteTable.Routes.MapHttpRoute Commented Oct 10, 2015 at 16:25
  • @MethodMan I tried that. Still not working. And sorry I typed it incorrectly. It's Method Not Allowed error. Commented Oct 10, 2015 at 16:32
  • Just a check, do you have 'config.MapHttpAttributeRoutes();' as a part of your route configurations. 'config' here is 'HttpConfiguration' in your WebApiConfig Commented Oct 10, 2015 at 16:56
  • @singsuyash yes I already did that. Commented Oct 10, 2015 at 17:04
  • 1
    Can you add sample code detailing your client side calls to the API? Commented Oct 14, 2015 at 8:00

3 Answers 3

Reset to default
3

I guess your problem with sending HTTP POST to the endpoint (api/forms) and there is nothing to do with HMACAuth attribute, right?

If this is the case then do not sent Order as String, it should be as an POCO object containing string property, something as the below should work:

public class OrderModel
{
    public string Order { get; set; }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I tried this and also tried your original code. But in both the cases I am getting "Task was cancelled" error.
I just found out its working without HMAC attribute. But I want to use HMAC in my app. What can I do?
3
+25

You are missing a [FromBody] attribute on your method.

In order to use client.PostAsJsonAsync(url, "test"), your method signature should look like this:

[Route("")]
public IHttpActionResult Post([FromBody] string order)
{
    return Ok(order);
}

Likewise, passing a POCO object:

[Route("")]
public IHttpActionResult Post([FromBody] OrderModel order)
{
    return Ok(order);
}
Improve this answer

5 Comments

I tried it but its still giving A task was cancelled.
Does it still do it if you remove the hmac attribute?
Actually its working without HMAC attribute. But I want to use HMAC authentication.
Sure. I just wanted to narrow down the issue. I'll take another look later
Thank you. I will wait for ur answer and mark it if it solves the problem. :)
0

Finally, I solved this. I didn't expected that this will be a solution.

I changed the port and used Local IIS server instead of Visual Studio Development Server. Although I was using IIS before I asked the question but I think port changing solved the issue.

Well, thanks everyone for your efforts in solving my problem. Because of all your answers and comments I was able to come to this solution. :)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.