locked
Accessing WebApi with HMAC authentication in C# RRS feed

  • Question

  • User-1670253754 posted

    Hi,

    I am going through some problem in accessing WebApi. Secnario is on my side i need to access api's method 'GetDetails'(https://localhost/api/GetDetails) from my coding, but api is protected with HMAC authentication. I have key and id which is required for authentication. How can i call to that api?

    Thursday, May 21, 2015 5:17 AM

Answers

  • User1644755831 posted

    Hello MohitJ18,

    You could Implement a HTTPClient Custom Handler. HTTPClient allows you to create custom message handler which get created and added to the request message handlers chain, handler will allow you to write out custom logic. In this logic you need to build the hash and set in the Authorization header before firing the request to the back-end API.

    Please follow this tutorial which explains how to achieve this on both client and server side.

    Secure ASP.NET Web API using API Key Authentication – HMAC Authentication

    Hope this helps.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 22, 2015 2:45 AM
  • User1644755831 posted

    Hello MohitJ18,

    I don't think your api key is of base64string. It's pretty easy to recognize a Base64 string, as it will only be composed of characters 'A'..'Z', 'a'..'z', '0'..'9', '+', '/' and it is often padded at the end with up to three '=', to make the length a multiple of 4.

    Ask the api provider or see their documentation on which encryption they used to generate the key and how to send it to server.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 28, 2015 1:31 AM

All replies

  • User1644755831 posted

    Hello MohitJ18,

    You could Implement a HTTPClient Custom Handler. HTTPClient allows you to create custom message handler which get created and added to the request message handlers chain, handler will allow you to write out custom logic. In this logic you need to build the hash and set in the Authorization header before firing the request to the back-end API.

    Please follow this tutorial which explains how to achieve this on both client and server side.

    Secure ASP.NET Web API using API Key Authentication – HMAC Authentication

    Hope this helps.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 22, 2015 2:45 AM
  • User-1670253754 posted

    Hi Krunal,

    Thanks for the link you provided, it was really helpful, i tried the same example. It worked fine.

    Now , i want to access real API whose key and id i have. I made same slight changes like as i want that method as GET so:

     HttpResponseMessage response = await client.GetAsync(apiBaseAddress);

    And in CustomDelegateHandler class in SendAsync() i have my key as:

    string APIKey="Y}WEQle.`ueja2Lutp8aP;iu=j<rOdHcP|LZst0ntJtb+{Tuz,ndHx22#(NudYaE";

    when i try to convert to base64

     var secretKeyByteArray = Convert.FromBase64String(APIKey);

    it shows me error like: "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "

    So kindly suggest me what should i do in this situation.

    Wednesday, May 27, 2015 10:11 AM
  • User1644755831 posted

    Hello MohitJ18,

    I don't think your api key is of base64string. It's pretty easy to recognize a Base64 string, as it will only be composed of characters 'A'..'Z', 'a'..'z', '0'..'9', '+', '/' and it is often padded at the end with up to three '=', to make the length a multiple of 4.

    Ask the api provider or see their documentation on which encryption they used to generate the key and how to send it to server.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 28, 2015 1:31 AM
  • User-1670253754 posted

    Thanks for the help.

    Wednesday, June 3, 2015 9:49 AM