ASP.Net Core 2.1/WebAPI app: “HTTP 404 not found” calling a REST url with [Authorize]











up vote
2
down vote

favorite












I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).



Here is the controller for the REST API I'm trying to invoke:



...
[Authorize]
[Route("api/[controller]")]
[ApiController]

public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;

public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}

// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...


Here is my controller for Login:



...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;

public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}

[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}


I can log in (http://localhost:5000/Login) OK, the response is "User logged in."



When I browse to http://localhost:5000/api/ManageCar, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar, and I never hit the controller.



If I comment out [Authorize], then http://localhost:5000/api/ManageCar works OK.



Q: What am I missing?



Q: More important, what is a good way to troubleshoot the problem?



Q: What (if any) additional information should I provide?



Thank you in advance!





UPDATE:




  1. Prior to calling http://localhost:5000/api/ManageCar, I first log in (successfully).



  2. Here is what I see in Edge > Developer Tools > Network:



    Name    Protocol    Method  Result  Content type    Received    Time    Initiator
    https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
    <= Login: OK
    https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
    <= ManageCars (GET@1): OK
    https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
    <= ManageCars (GET@2 - 302 redirect to REST API): OK
    https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
    <= ManageCars (GET@3 - 404: not found): FAILS
    - Console:
    HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
    (XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar





CLARIFICATION FOR Tân Nguyễn's RESPONSE:




  1. I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.

  2. The API has a "GET" method, /api/ManageCar. If I call with without [Authorize], it works.

  3. I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.

  4. If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET /api/ManageCar ... it DOESN'T go directly to my controller for "/api/ManageCar".

  5. Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/

  6. I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".

  7. Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.




UPDATE




  1. I still haven't resolved the problem - I'm still getting HTTP 404 with [Authorize], and it works without [Authorize]


  2. Both my AccountController and ManageCarController have the same path: [Route("api/[controller]/[action])]' and[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.



  3. I enabled "Trace" logging in my appsettings.json. Here is a summary of the output of the failed API call:



    Console log:
    - Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
    Request finished in 81.994ms 302
    - Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
    AuthenticationScheme: Identity.Application was successfully authenticated.
    The request path /Account/Login does not match a supported file type
    The request path does not match the path filter
    Request finished in 31.9471ms 404
    SUMMARY:
    a) request to "ManageCar" redirects to AccountController => OK
    b) AccountController gets the request => OK
    c) Q: Does AccountController authenticate the request?
    <= it *seems* to ("successfully authenticated"...)
    d) Q: What do "match a supported file type" or "match the path filter" mean?
    What can I do about them?











share|improve this question




















  • 2




    Your login method only accepts an HTTP POST but a redirect will be a GET request.
    – DavidG
    Nov 20 at 1:23












  • @DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
    – FoggyDay
    Nov 20 at 1:30










  • Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
    – FoggyDay
    Nov 20 at 1:39






  • 1




    Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
    – Ivvan
    Nov 20 at 11:42






  • 1




    Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
    – Ivvan
    Nov 20 at 12:12















up vote
2
down vote

favorite












I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).



Here is the controller for the REST API I'm trying to invoke:



...
[Authorize]
[Route("api/[controller]")]
[ApiController]

public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;

public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}

// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...


Here is my controller for Login:



...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;

public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}

[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}


I can log in (http://localhost:5000/Login) OK, the response is "User logged in."



When I browse to http://localhost:5000/api/ManageCar, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar, and I never hit the controller.



If I comment out [Authorize], then http://localhost:5000/api/ManageCar works OK.



Q: What am I missing?



Q: More important, what is a good way to troubleshoot the problem?



Q: What (if any) additional information should I provide?



Thank you in advance!





UPDATE:




  1. Prior to calling http://localhost:5000/api/ManageCar, I first log in (successfully).



  2. Here is what I see in Edge > Developer Tools > Network:



    Name    Protocol    Method  Result  Content type    Received    Time    Initiator
    https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
    <= Login: OK
    https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
    <= ManageCars (GET@1): OK
    https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
    <= ManageCars (GET@2 - 302 redirect to REST API): OK
    https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
    <= ManageCars (GET@3 - 404: not found): FAILS
    - Console:
    HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
    (XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar





CLARIFICATION FOR Tân Nguyễn's RESPONSE:




  1. I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.

  2. The API has a "GET" method, /api/ManageCar. If I call with without [Authorize], it works.

  3. I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.

  4. If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET /api/ManageCar ... it DOESN'T go directly to my controller for "/api/ManageCar".

  5. Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/

  6. I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".

  7. Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.




UPDATE




  1. I still haven't resolved the problem - I'm still getting HTTP 404 with [Authorize], and it works without [Authorize]


  2. Both my AccountController and ManageCarController have the same path: [Route("api/[controller]/[action])]' and[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.



  3. I enabled "Trace" logging in my appsettings.json. Here is a summary of the output of the failed API call:



    Console log:
    - Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
    Request finished in 81.994ms 302
    - Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
    AuthenticationScheme: Identity.Application was successfully authenticated.
    The request path /Account/Login does not match a supported file type
    The request path does not match the path filter
    Request finished in 31.9471ms 404
    SUMMARY:
    a) request to "ManageCar" redirects to AccountController => OK
    b) AccountController gets the request => OK
    c) Q: Does AccountController authenticate the request?
    <= it *seems* to ("successfully authenticated"...)
    d) Q: What do "match a supported file type" or "match the path filter" mean?
    What can I do about them?











share|improve this question




















  • 2




    Your login method only accepts an HTTP POST but a redirect will be a GET request.
    – DavidG
    Nov 20 at 1:23












  • @DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
    – FoggyDay
    Nov 20 at 1:30










  • Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
    – FoggyDay
    Nov 20 at 1:39






  • 1




    Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
    – Ivvan
    Nov 20 at 11:42






  • 1




    Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
    – Ivvan
    Nov 20 at 12:12













up vote
2
down vote

favorite









up vote
2
down vote

favorite











I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).



Here is the controller for the REST API I'm trying to invoke:



...
[Authorize]
[Route("api/[controller]")]
[ApiController]

public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;

public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}

// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...


Here is my controller for Login:



...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;

public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}

[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}


I can log in (http://localhost:5000/Login) OK, the response is "User logged in."



When I browse to http://localhost:5000/api/ManageCar, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar, and I never hit the controller.



If I comment out [Authorize], then http://localhost:5000/api/ManageCar works OK.



Q: What am I missing?



Q: More important, what is a good way to troubleshoot the problem?



Q: What (if any) additional information should I provide?



Thank you in advance!





UPDATE:




  1. Prior to calling http://localhost:5000/api/ManageCar, I first log in (successfully).



  2. Here is what I see in Edge > Developer Tools > Network:



    Name    Protocol    Method  Result  Content type    Received    Time    Initiator
    https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
    <= Login: OK
    https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
    <= ManageCars (GET@1): OK
    https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
    <= ManageCars (GET@2 - 302 redirect to REST API): OK
    https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
    <= ManageCars (GET@3 - 404: not found): FAILS
    - Console:
    HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
    (XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar





CLARIFICATION FOR Tân Nguyễn's RESPONSE:




  1. I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.

  2. The API has a "GET" method, /api/ManageCar. If I call with without [Authorize], it works.

  3. I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.

  4. If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET /api/ManageCar ... it DOESN'T go directly to my controller for "/api/ManageCar".

  5. Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/

  6. I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".

  7. Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.




UPDATE




  1. I still haven't resolved the problem - I'm still getting HTTP 404 with [Authorize], and it works without [Authorize]


  2. Both my AccountController and ManageCarController have the same path: [Route("api/[controller]/[action])]' and[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.



  3. I enabled "Trace" logging in my appsettings.json. Here is a summary of the output of the failed API call:



    Console log:
    - Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
    Request finished in 81.994ms 302
    - Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
    AuthenticationScheme: Identity.Application was successfully authenticated.
    The request path /Account/Login does not match a supported file type
    The request path does not match the path filter
    Request finished in 31.9471ms 404
    SUMMARY:
    a) request to "ManageCar" redirects to AccountController => OK
    b) AccountController gets the request => OK
    c) Q: Does AccountController authenticate the request?
    <= it *seems* to ("successfully authenticated"...)
    d) Q: What do "match a supported file type" or "match the path filter" mean?
    What can I do about them?











share|improve this question















I'm working through a "hello world" tutorial on Asp.Net Core. I'm using WebApi (not MVC).



Here is the controller for the REST API I'm trying to invoke:



...
[Authorize]
[Route("api/[controller]")]
[ApiController]

public class ManageCarController : ControllerBase
{
private IMapper mapper;
private ApplicationDbContext dbContext;

public ManageCarController(IMapper mapper, ApplicationDbContext dbContext)
{
this.mapper = mapper;
this.dbContext = dbContext;
}

// GET api/values
[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}
...


Here is my controller for Login:



...
[Authorize]
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly ILogger _logger;

public AccountController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
ILogger<AccountController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}

[TempData]
public string ErrorMessage { get; set; }
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync
(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
var msg = "User logged in.";
return Ok(msg);
}
}
// If we got this far, something failed, redisplay form
return BadRequest("Fail to login with this account");
}


I can log in (http://localhost:5000/Login) OK, the response is "User logged in."



When I browse to http://localhost:5000/api/ManageCar, it redirects here and gives me an HTTP 404: https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar, and I never hit the controller.



If I comment out [Authorize], then http://localhost:5000/api/ManageCar works OK.



Q: What am I missing?



Q: More important, what is a good way to troubleshoot the problem?



Q: What (if any) additional information should I provide?



Thank you in advance!





UPDATE:




  1. Prior to calling http://localhost:5000/api/ManageCar, I first log in (successfully).



  2. Here is what I see in Edge > Developer Tools > Network:



    Name    Protocol    Method  Result  Content type    Received    Time    Initiator
    https://localhost:44342/Account/Login HTTP/2 POST 200 application/json 9.31 s XMLHttpRequest
    <= Login: OK
    https://localhost:44342/Account/Login HTTPS GET 200 (from cache) 0 s
    <= ManageCars (GET@1): OK
    https://localhost:44342/api/ManageCar HTTP/2 GET 302 0 B 97.43 ms XMLHttpRequest
    <= ManageCars (GET@2 - 302 redirect to REST API): OK
    https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar HTTP/2 GET 404 0 B 16.77 ms XMLHttpRequest
    <= ManageCars (GET@3 - 404: not found): FAILS
    - Console:
    HTTP 404: NOT FOUND - The server has not found anything matching the requested URI (Uniform Resource Identifier).
    (XHR)GET - https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar





CLARIFICATION FOR Tân Nguyễn's RESPONSE:




  1. I have a REST API, written in C# using Asp.Net Core 2.1 + Web API.

  2. The API has a "GET" method, /api/ManageCar. If I call with without [Authorize], it works.

  3. I'm "securing" the API with Asp.Net Core Identity. The URL is '/Account/Login'. It needs to use POST (to pass username and password). That works, too.

  4. If I annotate "ManageCar" with [Authorize], and then log in (successfully), then THEN GET /api/ManageCar ... it DOESN'T go directly to my controller for "/api/ManageCar".

  5. Instead, it goes to "/Account/Login" (I'm already logged in, the result is HTTP 200), then redirects to "https://localhost:44342/Account/Login?ReturnUrl=%2Fapi%2FManageCar"/

  6. I should be able to do a POST for my login, and a GET for my (now authenticated) query - it should "just work".

  7. Unfortunately, I don't know what Asp.Net is doing "behind the scenes" ... and I don't know what's causing the problem, or how to fix it.




UPDATE




  1. I still haven't resolved the problem - I'm still getting HTTP 404 with [Authorize], and it works without [Authorize]


  2. Both my AccountController and ManageCarController have the same path: [Route("api/[controller]/[action])]' and[Route("api/[controller])]`, respectively. I can still log in successfully, I still get HTTP 404 when I try to read the "Cars" list.



  3. I enabled "Trace" logging in my appsettings.json. Here is a summary of the output of the failed API call:



    Console log:
    - Request starting HTTP/1.1 GET http://localhost:63264/api/ManageCar
    Request finished in 81.994ms 302
    - Request starting HTTP/1.1 GET http://localhost:63264/Account/Login?ReturnUrl=%2Fapi%2FManageCar
    AuthenticationScheme: Identity.Application was successfully authenticated.
    The request path /Account/Login does not match a supported file type
    The request path does not match the path filter
    Request finished in 31.9471ms 404
    SUMMARY:
    a) request to "ManageCar" redirects to AccountController => OK
    b) AccountController gets the request => OK
    c) Q: Does AccountController authenticate the request?
    <= it *seems* to ("successfully authenticated"...)
    d) Q: What do "match a supported file type" or "match the path filter" mean?
    What can I do about them?








c# asp.net-core asp.net-web-api2 identity






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 5:13

























asked Nov 20 at 1:20









FoggyDay

7,09221321




7,09221321








  • 2




    Your login method only accepts an HTTP POST but a redirect will be a GET request.
    – DavidG
    Nov 20 at 1:23












  • @DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
    – FoggyDay
    Nov 20 at 1:30










  • Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
    – FoggyDay
    Nov 20 at 1:39






  • 1




    Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
    – Ivvan
    Nov 20 at 11:42






  • 1




    Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
    – Ivvan
    Nov 20 at 12:12














  • 2




    Your login method only accepts an HTTP POST but a redirect will be a GET request.
    – DavidG
    Nov 20 at 1:23












  • @DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
    – FoggyDay
    Nov 20 at 1:30










  • Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
    – FoggyDay
    Nov 20 at 1:39






  • 1




    Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
    – Ivvan
    Nov 20 at 11:42






  • 1




    Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
    – Ivvan
    Nov 20 at 12:12








2




2




Your login method only accepts an HTTP POST but a redirect will be a GET request.
– DavidG
Nov 20 at 1:23






Your login method only accepts an HTTP POST but a redirect will be a GET request.
– DavidG
Nov 20 at 1:23














@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30




@DavidG: I successfully logged in with a POST before calling the API. I'm updating my post with the network calls I got from Edge > Developer Tools.
– FoggyDay
Nov 20 at 1:30












Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
– FoggyDay
Nov 20 at 1:39




Q: If all I needed was an [HttpGet] (I'm new to Asp.Net Core - don't disbelieve you), then how exactly would I do it? Could you give me a "response" that points me in the right direction?
– FoggyDay
Nov 20 at 1:39




1




1




Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
– Ivvan
Nov 20 at 11:42




Try to specify auth schema by changing attribute to [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]. You are trying to authorize the web api using cookies, it may fails without additional configurations
– Ivvan
Nov 20 at 11:42




1




1




Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12




Generally, PasswordSignInAsync is used for cookie authentication, if you have only web api, maybe you need to move to the JWT tokens
– Ivvan
Nov 20 at 12:12












2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].



If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.



Thanks.






share|improve this answer





















  • I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
    – FoggyDay
    Nov 23 at 5:18






  • 1




    It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
    – FoggyDay
    Nov 26 at 5:21


















up vote
1
down vote













If I understand you meant correctly, the problem may come from 2 things:




  1. You're trying to access to /api/ManageCar without login. The attribute [Authorize] means: This controller/action requires login before assigning to.


That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar



You can check the path, there are 2 parts:




  • The first part is: /Account/Login. This is the url of the login page.



  • The second part is: ?ReturnUrl=%2Fapi%2FManageCar. We can understand it like: ?ReturnUrl=/api/ManageCar because %2F stands for /. This parameter query string means: after login successful, the request will be redirected to /api/ManaCar.




    1. The second problem may be: In the Get method, you're setting it as a GET method via using [HttpGet]. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.






[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}




If you're using jquery, after login successful, you can try to make a GET request like this:



$.get('/api/ManageCar').done(function (data) {
console.log(data);
});


Or changing [HttpGet] attribute to [HttpPost] attribute:



$.post('/api/ManageCar').done(function (data) {
console.log(data);
});





share|improve this answer





















  • Thank you. Let me explain the problem differently: See my updates above.
    – FoggyDay
    Nov 20 at 4:29










  • @FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
    – Foo
    Nov 20 at 6:18











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384912%2fasp-net-core-2-1-webapi-app-http-404-not-found-calling-a-rest-url-with-autho%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].



If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.



Thanks.






share|improve this answer





















  • I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
    – FoggyDay
    Nov 23 at 5:18






  • 1




    It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
    – FoggyDay
    Nov 26 at 5:21















up vote
1
down vote



accepted










I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].



If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.



Thanks.






share|improve this answer





















  • I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
    – FoggyDay
    Nov 23 at 5:18






  • 1




    It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
    – FoggyDay
    Nov 26 at 5:21













up vote
1
down vote



accepted







up vote
1
down vote



accepted






I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].



If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.



Thanks.






share|improve this answer












I think that is a problem of routing, can you verify your routes.
do you notice that the two controllers have two routes every one
[Route("[controller]/[action]")] and [Route("api/[controller]")].



If your routes are OK, you should check your authentication mechanism.
How do you check if user is authenticated and how to redirect because you don't need to be redirected to your login method in every Api method if you are already authenticated.



Thanks.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 20 at 10:31









MNF

36228




36228












  • I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
    – FoggyDay
    Nov 23 at 5:18






  • 1




    It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
    – FoggyDay
    Nov 26 at 5:21


















  • I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
    – FoggyDay
    Nov 23 at 5:18






  • 1




    It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
    – FoggyDay
    Nov 26 at 5:21
















I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18




I'm new to "routing", and there's much I still don't understand. For example, Q: why exactly does Asp.Net Core invoke my AccountController just because of [Authorize]? I didn't explicitly specify that anywhere; it's "implicit". Q: Do I need to do "something else" in my AccountController for this to work?
– FoggyDay
Nov 23 at 5:18




1




1




It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21




It's working now. I tried many, many things but, unfortunately, I don't know exactly "what fixed it". It definitely had to do with "routing". Thank you for your help.
– FoggyDay
Nov 26 at 5:21












up vote
1
down vote













If I understand you meant correctly, the problem may come from 2 things:




  1. You're trying to access to /api/ManageCar without login. The attribute [Authorize] means: This controller/action requires login before assigning to.


That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar



You can check the path, there are 2 parts:




  • The first part is: /Account/Login. This is the url of the login page.



  • The second part is: ?ReturnUrl=%2Fapi%2FManageCar. We can understand it like: ?ReturnUrl=/api/ManageCar because %2F stands for /. This parameter query string means: after login successful, the request will be redirected to /api/ManaCar.




    1. The second problem may be: In the Get method, you're setting it as a GET method via using [HttpGet]. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.






[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}




If you're using jquery, after login successful, you can try to make a GET request like this:



$.get('/api/ManageCar').done(function (data) {
console.log(data);
});


Or changing [HttpGet] attribute to [HttpPost] attribute:



$.post('/api/ManageCar').done(function (data) {
console.log(data);
});





share|improve this answer





















  • Thank you. Let me explain the problem differently: See my updates above.
    – FoggyDay
    Nov 20 at 4:29










  • @FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
    – Foo
    Nov 20 at 6:18















up vote
1
down vote













If I understand you meant correctly, the problem may come from 2 things:




  1. You're trying to access to /api/ManageCar without login. The attribute [Authorize] means: This controller/action requires login before assigning to.


That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar



You can check the path, there are 2 parts:




  • The first part is: /Account/Login. This is the url of the login page.



  • The second part is: ?ReturnUrl=%2Fapi%2FManageCar. We can understand it like: ?ReturnUrl=/api/ManageCar because %2F stands for /. This parameter query string means: after login successful, the request will be redirected to /api/ManaCar.




    1. The second problem may be: In the Get method, you're setting it as a GET method via using [HttpGet]. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.






[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}




If you're using jquery, after login successful, you can try to make a GET request like this:



$.get('/api/ManageCar').done(function (data) {
console.log(data);
});


Or changing [HttpGet] attribute to [HttpPost] attribute:



$.post('/api/ManageCar').done(function (data) {
console.log(data);
});





share|improve this answer





















  • Thank you. Let me explain the problem differently: See my updates above.
    – FoggyDay
    Nov 20 at 4:29










  • @FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
    – Foo
    Nov 20 at 6:18













up vote
1
down vote










up vote
1
down vote









If I understand you meant correctly, the problem may come from 2 things:




  1. You're trying to access to /api/ManageCar without login. The attribute [Authorize] means: This controller/action requires login before assigning to.


That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar



You can check the path, there are 2 parts:




  • The first part is: /Account/Login. This is the url of the login page.



  • The second part is: ?ReturnUrl=%2Fapi%2FManageCar. We can understand it like: ?ReturnUrl=/api/ManageCar because %2F stands for /. This parameter query string means: after login successful, the request will be redirected to /api/ManaCar.




    1. The second problem may be: In the Get method, you're setting it as a GET method via using [HttpGet]. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.






[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}




If you're using jquery, after login successful, you can try to make a GET request like this:



$.get('/api/ManageCar').done(function (data) {
console.log(data);
});


Or changing [HttpGet] attribute to [HttpPost] attribute:



$.post('/api/ManageCar').done(function (data) {
console.log(data);
});





share|improve this answer












If I understand you meant correctly, the problem may come from 2 things:




  1. You're trying to access to /api/ManageCar without login. The attribute [Authorize] means: This controller/action requires login before assigning to.


That's why it redirected to the path: /Account/Login?ReturnUrl=%2Fapi%2FManageCar



You can check the path, there are 2 parts:




  • The first part is: /Account/Login. This is the url of the login page.



  • The second part is: ?ReturnUrl=%2Fapi%2FManageCar. We can understand it like: ?ReturnUrl=/api/ManageCar because %2F stands for /. This parameter query string means: after login successful, the request will be redirected to /api/ManaCar.




    1. The second problem may be: In the Get method, you're setting it as a GET method via using [HttpGet]. That means this method can only be assigned to via using GET method. So, if you're trying to make a POST request, it would not work.






[HttpGet]
public IEnumerable<CarViewModel> Get()
{
IEnumerable<CarViewModel> list =
this.mapper.Map<IEnumerable<CarViewModel>>(this.dbContext.cars.AsEnumerable());
return list;
}




If you're using jquery, after login successful, you can try to make a GET request like this:



$.get('/api/ManageCar').done(function (data) {
console.log(data);
});


Or changing [HttpGet] attribute to [HttpPost] attribute:



$.post('/api/ManageCar').done(function (data) {
console.log(data);
});






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 20 at 4:01









Foo

1




1












  • Thank you. Let me explain the problem differently: See my updates above.
    – FoggyDay
    Nov 20 at 4:29










  • @FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
    – Foo
    Nov 20 at 6:18


















  • Thank you. Let me explain the problem differently: See my updates above.
    – FoggyDay
    Nov 20 at 4:29










  • @FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
    – Foo
    Nov 20 at 6:18
















Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29




Thank you. Let me explain the problem differently: See my updates above.
– FoggyDay
Nov 20 at 4:29












@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18




@FoggyDay Sorry for late, my mom needs help :) In your case, I can only think about Cookie. The cookie has not been set. So, after login successful, the request is still not authorized
– Foo
Nov 20 at 6:18


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53384912%2fasp-net-core-2-1-webapi-app-http-404-not-found-calling-a-rest-url-with-autho%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Wiesbaden

Marschland

Dieringhausen