ASP.Net Core 2.1/WebAPI app: “HTTP 404 not found” calling a REST url with [Authorize]
up vote
2
down vote
favorite
I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).
Here is the controller for the REST API I'm trying to invoke:
...
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;
public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}
// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...
Here is my controller for Login:
...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;
public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}
I can log in (http://localhost:5000/Login
) OK, the response is "User logged in."
When I browse to http://localhost:5000/api/ManageCar
, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
, and I never hit the controller.
If I comment out [Authorize]
, then http://localhost:5000/api/ManageCar
works OK.
Q: What am I missing?
Q: More important, what is a good way to troubleshoot the problem?
Q: What (if any) additional information should I provide?
Thank you in advance!
UPDATE:
Prior to calling
http://localhost:5000/api/ManageCar
, I first log in (successfully).
Here is what I see in Edge > Developer Tools > Network:
Name Protocol Method Result Content type Received Time Initiator
https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
<= Login: OK
https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
<= ManageCars (GET@1): OK
https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
<= ManageCars (GET@2 - 302 redirect to REST API): OK
https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
<= ManageCars (GET@3 - 404: not found): FAILS
- Console:
HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
(XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
CLARIFICATION FOR Tân Nguyễn's RESPONSE:
- I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.
- The API has a "GET" method,
/api/ManageCar
. If I call with without [Authorize], it works. - I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.
- If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET
/api/ManageCar
... it DOESN'T go directly to my controller for "/api/ManageCar". - Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/
- I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".
- Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.
UPDATE
I still haven't resolved the problem - I'm still getting HTTP 404 with
[Authorize]
, and it works without[Authorize]
Both my AccountController and ManageCarController have the same path:
[Route("api/[controller]/[action])]' and
[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.
I enabled "Trace" logging in my
appsettings.json
. Here is a summary of the output of the failed API call:
Console log:
- Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
Request finished in 81.994ms 302
- Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
AuthenticationScheme: Identity.Application was successfully authenticated.
The request path /Account/Login does not match a supported file type
The request path does not match the path filter
Request finished in 31.9471ms 404
SUMMARY:
a) request to "ManageCar" redirects to AccountController => OK
b) AccountController gets the request => OK
c) Q: Does AccountController authenticate the request?
<= it *seems* to ("successfully authenticated"...)
d) Q: What do "match a supported file type" or "match the path filter" mean?
What can I do about them?
c# asp.net-core asp.net-web-api2 identity
add a comment |
up vote
2
down vote
favorite
I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).
Here is the controller for the REST API I'm trying to invoke:
...
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;
public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}
// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...
Here is my controller for Login:
...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;
public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}
I can log in (http://localhost:5000/Login
) OK, the response is "User logged in."
When I browse to http://localhost:5000/api/ManageCar
, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
, and I never hit the controller.
If I comment out [Authorize]
, then http://localhost:5000/api/ManageCar
works OK.
Q: What am I missing?
Q: More important, what is a good way to troubleshoot the problem?
Q: What (if any) additional information should I provide?
Thank you in advance!
UPDATE:
Prior to calling
http://localhost:5000/api/ManageCar
, I first log in (successfully).
Here is what I see in Edge > Developer Tools > Network:
Name Protocol Method Result Content type Received Time Initiator
https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
<= Login: OK
https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
<= ManageCars (GET@1): OK
https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
<= ManageCars (GET@2 - 302 redirect to REST API): OK
https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
<= ManageCars (GET@3 - 404: not found): FAILS
- Console:
HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
(XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
CLARIFICATION FOR Tân Nguyễn's RESPONSE:
- I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.
- The API has a "GET" method,
/api/ManageCar
. If I call with without [Authorize], it works. - I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.
- If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET
/api/ManageCar
... it DOESN'T go directly to my controller for "/api/ManageCar". - Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/
- I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".
- Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.
UPDATE
I still haven't resolved the problem - I'm still getting HTTP 404 with
[Authorize]
, and it works without[Authorize]
Both my AccountController and ManageCarController have the same path:
[Route("api/[controller]/[action])]' and
[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.
I enabled "Trace" logging in my
appsettings.json
. Here is a summary of the output of the failed API call:
Console log:
- Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
Request finished in 81.994ms 302
- Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
AuthenticationScheme: Identity.Application was successfully authenticated.
The request path /Account/Login does not match a supported file type
The request path does not match the path filter
Request finished in 31.9471ms 404
SUMMARY:
a) request to "ManageCar" redirects to AccountController => OK
b) AccountController gets the request => OK
c) Q: Does AccountController authenticate the request?
<= it *seems* to ("successfully authenticated"...)
d) Q: What do "match a supported file type" or "match the path filter" mean?
What can I do about them?
c# asp.net-core asp.net-web-api2 identity
2
Your login method only accepts an HTTPPOST
but a redirect will be aGET
request.
– DavidG
Nov 20 at 1:23
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
Q: If all I needed was an[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
– FoggyDay
Nov 20 at 1:39
1
Try to specify auth schema by changing attribute to[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations
– Ivvan
Nov 20 at 11:42
1
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).
Here is the controller for the REST API I'm trying to invoke:
...
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;
public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}
// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...
Here is my controller for Login:
...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;
public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}
I can log in (http://localhost:5000/Login
) OK, the response is "User logged in."
When I browse to http://localhost:5000/api/ManageCar
, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
, and I never hit the controller.
If I comment out [Authorize]
, then http://localhost:5000/api/ManageCar
works OK.
Q: What am I missing?
Q: More important, what is a good way to troubleshoot the problem?
Q: What (if any) additional information should I provide?
Thank you in advance!
UPDATE:
Prior to calling
http://localhost:5000/api/ManageCar
, I first log in (successfully).
Here is what I see in Edge > Developer Tools > Network:
Name Protocol Method Result Content type Received Time Initiator
https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
<= Login: OK
https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
<= ManageCars (GET@1): OK
https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
<= ManageCars (GET@2 - 302 redirect to REST API): OK
https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
<= ManageCars (GET@3 - 404: not found): FAILS
- Console:
HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
(XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
CLARIFICATION FOR Tân Nguyễn's RESPONSE:
- I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.
- The API has a "GET" method,
/api/ManageCar
. If I call with without [Authorize], it works. - I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.
- If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET
/api/ManageCar
... it DOESN'T go directly to my controller for "/api/ManageCar". - Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/
- I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".
- Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.
UPDATE
I still haven't resolved the problem - I'm still getting HTTP 404 with
[Authorize]
, and it works without[Authorize]
Both my AccountController and ManageCarController have the same path:
[Route("api/[controller]/[action])]' and
[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.
I enabled "Trace" logging in my
appsettings.json
. Here is a summary of the output of the failed API call:
Console log:
- Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
Request finished in 81.994ms 302
- Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
AuthenticationScheme: Identity.Application was successfully authenticated.
The request path /Account/Login does not match a supported file type
The request path does not match the path filter
Request finished in 31.9471ms 404
SUMMARY:
a) request to "ManageCar" redirects to AccountController => OK
b) AccountController gets the request => OK
c) Q: Does AccountController authenticate the request?
<= it *seems* to ("successfully authenticated"...)
d) Q: What do "match a supported file type" or "match the path filter" mean?
What can I do about them?
c# asp.net-core asp.net-web-api2 identity
I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).
Here is the controller for the REST API I'm trying to invoke:
...
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;
public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}
// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...
Here is my controller for Login:
...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;
public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}
I can log in (http://localhost:5000/Login
) OK, the response is "User logged in."
When I browse to http://localhost:5000/api/ManageCar
, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
, and I never hit the controller.
If I comment out [Authorize]
, then http://localhost:5000/api/ManageCar
works OK.
Q: What am I missing?
Q: More important, what is a good way to troubleshoot the problem?
Q: What (if any) additional information should I provide?
Thank you in advance!
UPDATE:
Prior to calling
http://localhost:5000/api/ManageCar
, I first log in (successfully).
Here is what I see in Edge > Developer Tools > Network:
Name Protocol Method Result Content type Received Time Initiator
https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
<= Login: OK
https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
<= ManageCars (GET@1): OK
https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
<= ManageCars (GET@2 - 302 redirect to REST API): OK
https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
<= ManageCars (GET@3 - 404: not found): FAILS
- Console:
HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
(XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar
CLARIFICATION FOR Tân Nguyễn's RESPONSE:
- I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.
- The API has a "GET" method,
/api/ManageCar
. If I call with without [Authorize], it works. - I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.
- If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET
/api/ManageCar
... it DOESN'T go directly to my controller for "/api/ManageCar". - Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/
- I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".
- Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.
UPDATE
I still haven't resolved the problem - I'm still getting HTTP 404 with
[Authorize]
, and it works without[Authorize]
Both my AccountController and ManageCarController have the same path:
[Route("api/[controller]/[action])]' and
[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.
I enabled "Trace" logging in my
appsettings.json
. Here is a summary of the output of the failed API call:
Console log:
- Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
Request finished in 81.994ms 302
- Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
AuthenticationScheme: Identity.Application was successfully authenticated.
The request path /Account/Login does not match a supported file type
The request path does not match the path filter
Request finished in 31.9471ms 404
SUMMARY:
a) request to "ManageCar" redirects to AccountController => OK
b) AccountController gets the request => OK
c) Q: Does AccountController authenticate the request?
<= it *seems* to ("successfully authenticated"...)
d) Q: What do "match a supported file type" or "match the path filter" mean?
What can I do about them?
c# asp.net-core asp.net-web-api2 identity
c# asp.net-core asp.net-web-api2 identity
edited Nov 23 at 5:13
asked Nov 20 at 1:20
FoggyDay
7,09221321
7,09221321
2
Your login method only accepts an HTTPPOST
but a redirect will be aGET
request.
– DavidG
Nov 20 at 1:23
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
Q: If all I needed was an[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
– FoggyDay
Nov 20 at 1:39
1
Try to specify auth schema by changing attribute to[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations
– Ivvan
Nov 20 at 11:42
1
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12
add a comment |
2
Your login method only accepts an HTTPPOST
but a redirect will be aGET
request.
– DavidG
Nov 20 at 1:23
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
Q: If all I needed was an[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
– FoggyDay
Nov 20 at 1:39
1
Try to specify auth schema by changing attribute to[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations
– Ivvan
Nov 20 at 11:42
1
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12
2
2
Your login method only accepts an HTTP
POST
but a redirect will be a GET
request.– DavidG
Nov 20 at 1:23
Your login method only accepts an HTTP
POST
but a redirect will be a GET
request.– DavidG
Nov 20 at 1:23
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
Q: If all I needed was an
[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?– FoggyDay
Nov 20 at 1:39
Q: If all I needed was an
[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?– FoggyDay
Nov 20 at 1:39
1
1
Try to specify auth schema by changing attribute to
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations– Ivvan
Nov 20 at 11:42
Try to specify auth schema by changing attribute to
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations– Ivvan
Nov 20 at 11:42
1
1
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
accepted
I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].
If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.
Thanks.
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
add a comment |
up vote
1
down vote
If I understand you meant correctly, the problem may come from 2 things:
- You're trying to access to
/api/ManageCar
without login. The attribute[Authorize]
means: This controller/action requires login before assigning to.
That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar
You can check the path, there are 2 parts:
The first part is:
/Account/Login
. This is the url of the login page.
The second part is:
?ReturnUrl=%2Fapi%2FManageCar
. We can understand it like:?ReturnUrl=/api/ManageCar
because%2F
stands for/
. This parameter query string means: after login successful, the request will be redirected to/api/ManaCar
.
- The second problem may be: In the
Get
method, you're setting it as a GET method via using[HttpGet]
. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.
- The second problem may be: In the
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
If you're using jquery, after login successful, you can try to make a GET request like this:
$.get('/api/ManageCar').done(function (data) {
console.log(data);
});
Or changing [HttpGet]
attribute to [HttpPost]
attribute:
$.post('/api/ManageCar').done(function (data) {
console.log(data);
});
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think aboutCookie
. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].
If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.
Thanks.
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
add a comment |
up vote
1
down vote
accepted
I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].
If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.
Thanks.
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].
If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.
Thanks.
I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].
If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.
Thanks.
answered Nov 20 at 10:31
MNF
36228
36228
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
add a comment |
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18
1
1
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21
add a comment |
up vote
1
down vote
If I understand you meant correctly, the problem may come from 2 things:
- You're trying to access to
/api/ManageCar
without login. The attribute[Authorize]
means: This controller/action requires login before assigning to.
That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar
You can check the path, there are 2 parts:
The first part is:
/Account/Login
. This is the url of the login page.
The second part is:
?ReturnUrl=%2Fapi%2FManageCar
. We can understand it like:?ReturnUrl=/api/ManageCar
because%2F
stands for/
. This parameter query string means: after login successful, the request will be redirected to/api/ManaCar
.
- The second problem may be: In the
Get
method, you're setting it as a GET method via using[HttpGet]
. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.
- The second problem may be: In the
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
If you're using jquery, after login successful, you can try to make a GET request like this:
$.get('/api/ManageCar').done(function (data) {
console.log(data);
});
Or changing [HttpGet]
attribute to [HttpPost]
attribute:
$.post('/api/ManageCar').done(function (data) {
console.log(data);
});
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think aboutCookie
. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18
add a comment |
up vote
1
down vote
If I understand you meant correctly, the problem may come from 2 things:
- You're trying to access to
/api/ManageCar
without login. The attribute[Authorize]
means: This controller/action requires login before assigning to.
That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar
You can check the path, there are 2 parts:
The first part is:
/Account/Login
. This is the url of the login page.
The second part is:
?ReturnUrl=%2Fapi%2FManageCar
. We can understand it like:?ReturnUrl=/api/ManageCar
because%2F
stands for/
. This parameter query string means: after login successful, the request will be redirected to/api/ManaCar
.
- The second problem may be: In the
Get
method, you're setting it as a GET method via using[HttpGet]
. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.
- The second problem may be: In the
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
If you're using jquery, after login successful, you can try to make a GET request like this:
$.get('/api/ManageCar').done(function (data) {
console.log(data);
});
Or changing [HttpGet]
attribute to [HttpPost]
attribute:
$.post('/api/ManageCar').done(function (data) {
console.log(data);
});
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think aboutCookie
. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18
add a comment |
up vote
1
down vote
up vote
1
down vote
If I understand you meant correctly, the problem may come from 2 things:
- You're trying to access to
/api/ManageCar
without login. The attribute[Authorize]
means: This controller/action requires login before assigning to.
That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar
You can check the path, there are 2 parts:
The first part is:
/Account/Login
. This is the url of the login page.
The second part is:
?ReturnUrl=%2Fapi%2FManageCar
. We can understand it like:?ReturnUrl=/api/ManageCar
because%2F
stands for/
. This parameter query string means: after login successful, the request will be redirected to/api/ManaCar
.
- The second problem may be: In the
Get
method, you're setting it as a GET method via using[HttpGet]
. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.
- The second problem may be: In the
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
If you're using jquery, after login successful, you can try to make a GET request like this:
$.get('/api/ManageCar').done(function (data) {
console.log(data);
});
Or changing [HttpGet]
attribute to [HttpPost]
attribute:
$.post('/api/ManageCar').done(function (data) {
console.log(data);
});
If I understand you meant correctly, the problem may come from 2 things:
- You're trying to access to
/api/ManageCar
without login. The attribute[Authorize]
means: This controller/action requires login before assigning to.
That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar
You can check the path, there are 2 parts:
The first part is:
/Account/Login
. This is the url of the login page.
The second part is:
?ReturnUrl=%2Fapi%2FManageCar
. We can understand it like:?ReturnUrl=/api/ManageCar
because%2F
stands for/
. This parameter query string means: after login successful, the request will be redirected to/api/ManaCar
.
- The second problem may be: In the
Get
method, you're setting it as a GET method via using[HttpGet]
. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.
- The second problem may be: In the
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
If you're using jquery, after login successful, you can try to make a GET request like this:
$.get('/api/ManageCar').done(function (data) {
console.log(data);
});
Or changing [HttpGet]
attribute to [HttpPost]
attribute:
$.post('/api/ManageCar').done(function (data) {
console.log(data);
});
answered Nov 20 at 4:01
Foo
1
1
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think aboutCookie
. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18
add a comment |
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think aboutCookie
. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about
Cookie
. The cookie has not been set. So, after login successful, the request is still not authorized– Foo
Nov 20 at 6:18
@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about
Cookie
. The cookie has not been set. So, after login successful, the request is still not authorized– Foo
Nov 20 at 6:18
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384912%2fasp-net-core-2-1-webapi-app-http-404-not-found-calling-a-rest-url-with-autho%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Your login method only accepts an HTTP
POST
but a redirect will be aGET
request.– DavidG
Nov 20 at 1:23
@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30
Q: If all I needed was an
[HttpGet]
(I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?– FoggyDay
Nov 20 at 1:39
1
Try to specify auth schema by changing attribute to
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
. You are trying to authorize the web api using cookies, it may fails without additional configurations– Ivvan
Nov 20 at 11:42
1
Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12