C3rd

C# WebRequest: Headers pitfall
Posted: 4 Jun 2020, 6:36am - Thursday

I have written my own WebRequest wrapper and it took me ages why I am getting a response of bad request. Hours of debugging, I realize that I have overwritten my Content-Type header with my Authentication-Authorization entries.

the issue:

            WebRequest request = WebRequest.Create(url);
            request.Method = method_request;
            request.ContentType = "application/x-www-form-urlencoded";
            /**
             * dont add content-type header on authenticate
             */
            if (!url.Contains("/authenticate"))
            {
                WebHeaderCollection whc = new WebHeaderCollection();
                whc.Add("Auth-username", authorizationEntity.getUsername());
                whc.Add("Auth-session-key", authorizationEntity.getSessionKey());
                request.Headers = whc;
            }

            if (method_request.ToUpper() == "POST")
            {
                Stream stream = request.GetRequestStream();
                byte[] postArray = Encoding.UTF8.GetBytes(flatten_post_data);
                stream.Write(postArray, 0, postArray.Length);
                stream.Close();
            }

            string Result;
            try
            {
                Console.WriteLine(request.Headers.ToString());
                StreamReader sr = new StreamReader(request.GetResponse().GetResponseStream());
                Result = sr.ReadToEnd();
            } catch(WebException e)
            {
                Console.WriteLine(e.Message);
                Result = "[]";
            }

the correct approach:

            WebRequest request = WebRequest.Create(url);
            request.Method = method_request;
            /**
             * dont add content-type header on authenticate
             */
            if (!url.Contains("/authenticate"))
            {
                WebHeaderCollection whc = new WebHeaderCollection();
                whc.Add("Auth-username", authorizationEntity.getUsername());
                whc.Add("Auth-session-key", authorizationEntity.getSessionKey());
                request.Headers = whc;
            }
            request.ContentType = "application/x-www-form-urlencoded";

            if (method_request.ToUpper() == "POST")
            {
                Stream stream = request.GetRequestStream();
                byte[] postArray = Encoding.UTF8.GetBytes(flatten_post_data);
                stream.Write(postArray, 0, postArray.Length);
                stream.Close();
            }

            string Result;
            try
            {
                Console.WriteLine(request.Headers.ToString());
                StreamReader sr = new StreamReader(request.GetResponse().GetResponseStream());
                Result = sr.ReadToEnd();
            } catch(WebException e)
            {
                Console.WriteLine(e.Message);
                Result = "[]";
            }

So that's it. lesson learn! LOL

Back to list
Categories