0

I am writing the service for Authenticate user using webapi service in asp.net mvc4, This service is used in mobile app when the user login the using mobile app the Authenticate should be happen and I had written code for encrypted and decrypted here followed article http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API error:

HTTPS is required for security reason.

Below error is displaying.

When check in browser or fiddler it's displaying the same error.

public static void Register(HttpConfiguration config)
    {
 TokenInspector tokenInspector = new TokenInspector() { InnerHandler = new  
    HttpControllerDispatcher(config) };


        config.Routes.MapHttpRoute(
            name: "Authentication",
            routeTemplate: "api/User/{id}",
            defaults: new { controller = "User" }
        );

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional },
            constraints: null,
            handler: tokenInspector
        );
        config.MessageHandlers.Add(new HTTPSGuard()); 

    }
Erik Philips
  • 53,428
  • 11
  • 128
  • 150
stpdevi
  • 1,114
  • 3
  • 15
  • 36

1 Answers1

1

As it happens, I'm currently working on a project inspired by the same CodeProject article that you mentioned, so I'm intimately familiar with how it works.

The error you're getting simply means that you need to use HTTPS (not HTTP) to access your api. So, something like: https://localhost:port/api/values. In order to do that, simply using https as your URI scheme is not enough. You need to generate a self-signed certificate (or use a real one if one is available for you) and then attach it to your host -- IIS or self-hosting have different steps to achieve this. There are various websites that can help you complete these steps; this question seems to have a very comprehensive explanation.

If you don't care about HTTPS, then remove the HTTPSGuard message handler from your code and the last line in your Register function where it's being added to the MessageHandlers pipeline.

Community
  • 1
  • 1
djikay
  • 10,450
  • 8
  • 41
  • 52
  • hi thanks for response here I geeting another error while testing Certificate 'CN=WebAPI-Token' not found. in CryptographyHelperclass – stpdevi Jun 04 '14 at 04:21
  • when I am running this makecert -sr LocalMachine -ss My sha1 -n CN=WebAPI-Token -sk y exchange -pe it's shwing to many parameters – stpdevi Jun 04 '14 at 04:41
  • `sk` and `y` should be together, i.e. `sky`. – djikay Jun 04 '14 at 06:52
  • fine I create using below http://blog.pluralsight.com/selfcert-create-a-self-signed-certificate-interactively-gui-or-programmatically-in-net link – stpdevi Jun 04 '14 at 06:54
  • one more doubt if I host this code in iis is that cerfication will work ? – stpdevi Jun 04 '14 at 06:55
  • I've only tried self-hosting on OWIN, but it should work on IIS as well. It's probably even easier, as long as you enter the certificate in the IIS settings. `makecert` should work well for generating the certificate, I've not tried the tool you linked, but that should be fine too, I guess. – djikay Jun 04 '14 at 07:02
  • Also, StartSSL have a free certificate option, if you want something a little more "official" than a self-signed certificate. I've not tried it myself though. – djikay Jun 04 '14 at 07:06
  • if you have an idea about encrypt please help me here?http://stackoverflow.com/questions/24030873/how-to-authencticate-the-encrypt-password-with-input-password-value – stpdevi Jun 04 '14 at 07:08
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/55109/discussion-between-stpdevi-and-djikay). – stpdevi Jun 05 '14 at 06:59