How to consume WebAp2 without any authentication in C#

时间:2016-07-11 20:37:04

标签: c# asp.net asp.net-mvc asp.net-web-api

Dearl All I am new to WebAPI2. I want to consume data from a function in JSON format but throwing error StatusCode: 403, ReasonPhrase: 'ModSecurity Action'. I can consume directly from browser but can not from HttpClient. No security implemented.

Working perfect on local server but above error throws on remote shared server. APIURL. http://api.owncircles.com/api/Circles/Education/Questions/getAns/2012460157

API Function Code.

[HttpGet()]
[AllowAnonymous]
[Route("~/api/Circles/Education/Questions/getAns/{quesID}")]
public IHttpActionResult getAns(string quesID)
{
    IQuestions objQuestion = Questions.getInatance();
    var qtn = objQuestion.getAns(quesID);
    return Json(qtn);
}

Client Side

[AllowAnonymous]
public async Task<ActionResult> checkAns(string id)
{
    string url = common.apiURL + "Circles/Education/Questions/getAns/"+id;
    //HttpClient client = new HttpClient(new HttpClientHandler() {UseDefaultCredentials = true });
    HttpClient client = new HttpClient();

    // client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(Constants.));  
    // client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("");  
    // client.DefaultRequestHeaders.Authorization = null;
    client.BaseAddress = new Uri(url);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    ent_QuestionsDetails Questions = null;
    var response = await client.GetAsync(url);
    if (response.IsSuccessStatusCode)
    {
        Questions = response.Content.ReadAsAsync<ent_QuestionsDetails>().Result;
    }
    OC.Models.mod_Questions objModel = new OC.Models.mod_Questions();
    objModel.questionID = Questions.questionID;
    objModel.questions = Questions.questions;
    objModel.questionOptions = Questions.questionOptions;
    return View(objModel);
}

1 个答案:

答案 0 :(得分:1)

It seems its your user agent, when this is omitted the request is rejected. If you mimic the chrome user agent value in the header the request will succeed. Here is a self contained working example:

Note that this example does not use await/async as it was tested in a console app

using (HttpClient client = new HttpClient())
{
    client.BaseAddress = new Uri("http://api.owncircles.com/");
    client.DefaultRequestHeaders.Clear();
    client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
    client.DefaultRequestHeaders.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36");

    var result = client.GetAsync("api/Circles/Education/Questions/getAns/2012460157").Result;

    if(result.IsSuccessStatusCode)
        Console.Write(result.Content.ReadAsStringAsync().Result);
    else
        Console.Write("fail");
}

That being said I do not know what kind of check you have API server side on the user agent that it would reject a request.

相关问题
最新问题