Moving to Server...Wrong Contents

Topics: Web Api
Sep 24, 2011 at 12:23 AM

After developing, actually switching a WCF REST Service to use WCF Web Apis on my development machine I decided to put it on a server. The exact same calls from my test Connection Client using the server has different return types in the content of the messages. I'm guessing either an old piece of configuration from the WCF REST service is messing things up or an assembly didn't make it to the server. I've been trying to figure it out without any success. Any pointers?

An exampel of what happens, we have a call for an image file. The return type for the method is Stream. When run on the dev box it returns a png file... When run on the server I get:   

<?xml version=\"1.0\" encoding=\"utf-8\"?><Stream xsi:nil=\"true\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"/>

I expected bytes...

I tried playing with the accept headers and that had no effect.

help!

Thanks,

\ ^ / i l l

 

Sep 24, 2011 at 3:52 AM

Never mind, it turned out to be a security issue within my code. Apparently setting:

WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;

does not work anymore. I was counting on that and instead I got empty messages as replies.

What is the appropriate way to handle a StatusCode reply with the Web Api?

Thanks...

 

Sep 24, 2011 at 3:20 PM

In Web API you have two ways to set the status code from an operation:

1) You can return an HttpResponseMessage (or HttpResponseMessage<T>) where you can set the status code

2) You can throw an HttpResponseException which allows you to just set the status code or pass in an entire response setting whatever property you wish.

Henrik

From: WillTartak [email removed]
Sent: Friday, September 23, 2011 20:52
To: Henrik Frystyk Nielsen
Subject: Re: Moving to Server...Wrong Contents [wcf:273678]

From: WillTartak

Never mind, it turned out to be a security issue within my code. Apparently setting:

WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;

does not work anymore. I was counting on that and instead I got empty messages as replies.

What is the appropriate way to handle a StatusCode reply with the Web Api?

Thanks...

Sep 24, 2011 at 3:29 PM
Edited Sep 24, 2011 at 3:31 PM

Hi Henrik,

Neither one of those seems to be working for me. If I set the status code to Unauthorized and return that response from my method it still returns a 404 message. If I throw an exception using HttpResponseException(response) where response already is set with a status code and message, I get an error saying: "The response message returned by the Response property of this exception should be immediately returned to the client.  No further handling of the request message is required."

 

In VS that stops execution with a break at the next line in my code, usually a }.

thoughts?

My method signature is:

public HttpResponseMessage GetFile(HttpRequestMessage req, string leagueName, string seasonYearStart, string teamName, string fileName)

Coordinator
Sep 24, 2011 at 6:21 PM

Turn off break on all errors and try again.

Glenn

Sep 24, 2011 at 7:23 PM
Edited Sep 24, 2011 at 7:27 PM

Hi Glenn,

Thank you for the input...I want to feel like an idiot over not doing that but then I realized I'd never had to do that before. <shrug>

I tried it and at least the code continued to run. Unfortunately, I am not getting what I expect. I expected a 401 error and instead I am getting a 404 error. Here is the relevant code:

HttpResponseMessage result = new HttpResponseMessage();


if (!SecurityHelper.IsUserAuthenticated(req)){
				
result.StatusCode = HttpStatusCode.Unauthorized;
throw new HttpResponseException(result);
				
}

 

 

I know I should move SecurityHelper to an Operation Handler but it should still work in this circumstance, no? This should return a 401, no?

 

Thanks...

 

 

 

 

 

 

 

 

Coordinator
Sep 27, 2011 at 7:28 AM

Hi Will

Yes it should return a 401. Have you put a breakpoint on where you are throwing the response to see that it is getting hit? If the answer is yes, and there is nothing else in the pipeline changing the status, then please send us repro.

That aside, HttpResponseException I believe is overloaded so you can just pass the status code in it's constructor rather than having to construct a response message (if you don't need it).

Thanks. 

Sep 27, 2011 at 3:34 PM

This may not be the problem you're having but when I expected a 401 and was getting a 404 instead it was because I was hosting the api in an empty MVC project it was trying to redirect to a non existent ~/Account/LogOn action.  I commented that out of my web.config file and started getting the 401 I expected.

Sep 29, 2011 at 5:13 PM

Hi Glen,

Thanks for the additional input. A breakpoint confirms that the code is being called. I've tried the following and none of them return an Unauthorized message.

// result.StatusCode = HttpStatusCode.Unauthorized;
// throw new HttpResponseException(result);
throw new HttpResponseException(HttpStatusCode.Unauthorized);

I've tried each separately. result in this case is an HttpResponseMessage. The only item I have in the pipeline is an ApiKeyVerificationChannel on the request. I've added nothing else to the pipeline. At some point I'll move the Authorization code to the pipeline but I don't need to spend time on that right now. :)

I'll pare down my project and send you a repro sometime next week, hopefully that is ok. Just for completeness, this is a Class Library project that started life as a WCF 4 REST Service and has been converted to Web Api. It is running as an Azure Web Role but neither MVC nor webforms are involved beyond configuration. By that I mean this project does not serve web pages, there are references to ASP.net in the web.config file and the routing engine used for MVC is involved in Global.asax but nothing else dealing with web pages has been used.

Thanks,

\ ^ / i l l