Menu
I am trying to implement HMAC authentication using the code given here: http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/.
I integrated this code inside my ASP.NET web forms application. I created a folder named "HMACAPI" and added the controllers and filters inside it. I also installed all the required Nuget packages. This is how I am implementing my service methods:
[HMACAuthentication]
[RoutePrefix("api/forms")]
public class FormsController : ApiController
{
[Route("")]
public IHttpActionResult Get()
{
ClaimsPrincipal principal = Request.GetRequestContext().Principal as ClaimsPrincipal;
var Name = ClaimsPrincipal.Current.Identity.Name;
return Ok("test");
}
[Route("")]
public IHttpActionResult Post(string order)
{
return Ok(order);
}
}
This is my route configuration for the API:
GlobalConfiguration.Configure(APIWebFormsProject.API.WebApiConfig.Register);
But when I use client.PostAsJsonAsync(), it's showing Method Not Allowed error. I tried various SO questions but none of their answers are helping.
What I tried:
Removed WebDAV module.
Added [HttpPost] attribute to post method.
I am using "http://localhost:56697/api/forms/" URL to access the API. But I also tried "http://localhost:56697/api/forms" and "http://localhost:56697/api/forms/test".
UPDATE
As suggested by Obsidian Phoenix I was able to run it without [HMACAuthentication] attribute. But I want to implement this with HMAC authentication. So, what can be the reasons for this?
792
If you don't need to use WebDAV, then the easiest and the best way to fix "405 method not allowed" issue is to remove WebDAV from your system. You can easily get this done in "Turn Windows Features On or Off" simply un-ticking the checkbox.
You can customize how Web API handles exceptions by writing an exception filter. An exception filter is executed when a controller method throws any unhandled exception that is not an HttpResponseException exception.
I guess your problem with sending HTTP POST to the endpoint (api/forms) and there is nothing to do with HMACAuth attribute, right?
If this is the case then do not sent Order as String, it should be as an POCO object containing string property, something as the below should work:
public class OrderModel
{
public string Order { get; set; }
}
You are missing a [FromBody] attribute on your method.
In order to use client.PostAsJsonAsync(url, "test"), your method signature should look like this:
[Route("")]
public IHttpActionResult Post([FromBody] string order)
{
return Ok(order);
}
Likewise, passing a POCO object:
[Route("")]
public IHttpActionResult Post([FromBody] OrderModel order)
{
return Ok(order);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
