0

I'm coming to .net web api from a JavaScript background, and I'm trying to make a proxy to help with a cross domain JSON request. I'm GETing from a server I don't control the source code for, so I can't configure CORS directly. Likewise, it doesn't speak JSONP.

So two questions as I try to get my head around Web API:

1) Is Httpclient the right tool for this job? (if not, what is?)

2) If httpclient IS the right tool, what is an absolute bare bones httpclient config so I can test this out? Not worried about throwing exceptions or anything else other than just GETing API data and feeding it to a jQuery client.

I guess one other piece of information that would be nice would be building username / password authentication into the http request.

Any help is much appreciated, as are links to any good blogs / tutorials / etc that might help as an introduction to this sort of thing. I've watched several today alone, and I'm still not able to get a basic http request going on the server side without resorting to cutting / pasting other people's code.

Thanks in advance!

** EDIT - To make this question a bit more clear, what I'm trying to test is 1) Can the proxy connect to the third party server, which involves authentication via a username and password 2) Can the proxy then respond to the jQuery client request with the JSON data it received from the third party server.

Thanks to all who have taken the time to respond.

Matt West
  • 1,376
  • 1
  • 12
  • 18
  • If it is just testing GET, why not use Fiddler or Postman Chrome Plug-In? Both offer Basic Authentication. – Win Dec 17 '14 at 01:22
  • It's not so much testing get, as testing to see if I can get the proxy working, which involves authenticating on the third-party server. I'm definitely new to building APIs, I just found Fiddler the other day, and its a great tool. – Matt West Dec 17 '14 at 06:15

2 Answers2

1

HttpClient seems to be ok in this job.

About the minimal config- it depends on what the third party expects. In most cases would work out-of-the-box, but there always may be some minor tweaks like headers and/or auth code.

I have just found some blog entry where some author shows how to test such a proxy and shows the proxy code too. Please see: http://www.davidbreyer.com/programming/2014/10/11/create-fake-responses-to-rest-service-calls-in-c/

You can find info about sending credentials here: How to use credentials in HttpClient in c#?

HTH

EDIT:

this sample code should work (copied from blog above and modified):

public class Proxy
{
    public async Task<ExampleDto> GetExample(int id)
    {
        var client=new HttpClient();
        //set some auth here
        //set other headers
        var response = client.GetAsync(
             string.Format("/api/restserviceexample/{0}", id))
                .Result.Content.ReadAsAsync<ExampleDto>();

        return await response;
    }
}

It's so simple that you can just run it and see if the other server responds. If not, you can play with headers - since all the session info and user auth info are sent using ookies and/or headers, all you have to do is to see how it's made with regular browser and then fake it on the server. Probably best tool for this job will be Fiddler.

However - there is one thing to consider. If the other service has special method for authorization (other than passing credentials with each request) the whole thing becomes tricky, since your proxy should perform authorization using their service, then store their auth cookie on the server or propagate them to the browser and attach them with all next requests.

Community
  • 1
  • 1
cyberhubert
  • 203
  • 1
  • 9
  • Thanks for the link. Actually what I'm trying to test is 1) if the proxy server can connect to the third-party server, which involves authentication to avoid a 401, and then if the proxy can hand that data off to the jQuery client (which I suspect will be the easy part.) – Matt West Dec 17 '14 at 06:19
  • note that this only proxies the content. it won't include headers (cookies, cache control, etc) or errors. a true proxy is much more complicated and httpclient doesn't make it easy – Robert Levy Dec 17 '14 at 14:41
  • yes, you have to set them 'by hand' or develop something more generic. Since all this info is sent using headers and request statuses, it should be not too hard to forward them to the client with some clever name prefix convention. Then have them back from client and put into the request. I know HttpClient may not be ideal solution for this, but can you suggest something better? – cyberhubert Dec 17 '14 at 14:55
  • Awesome, I'll try this out and then play around with it a bit based on what kind of responses I'm seeing from the server. – Matt West Dec 17 '14 at 16:07
0

First, you don't need ASP.NET with C# if you really want minimal. .NET has great http handling without ASP. Check out classes like HttpListener, HttpListenerContext, HttpListenerRequest, etc... Yes, you'll have to write some boilerplate as your application, but these classes are pretty good. See among others:

http://www.codeproject.com/script/Articles/ViewDownloads.aspx?aid=599978

Second, if you want user & password, I'd checkout using oauth authentication so you don't have to deal with them directly. Google Plus, Windows Live, Facebook, etc... all have similar OAuth 2.0 APIs for that. See among others:

http://msdn.microsoft.com/en-us/library/dn659750.aspx
https://developers.google.com/+/web/signin/server-side-flow
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2
Erik Eidt
  • 23,049
  • 2
  • 29
  • 53
  • Thanks for the links! It's actually the third-party server that my proxy has to authenticate with. Sorry, my question could have been more clear on that. I appreciate you taking the time to answer and I'll check out those links. – Matt West Dec 17 '14 at 06:17