RestSharp - Retrieving Authorization token from POSTed response

Question

I am trying to pass username and password to the following URL :

https://maxcvservices.dnb.com/rest/Authentication

According to the documentation the user_id and password must be passed as headers with the keys: x-dnb-user, x-dnb-pwd respectively.

I thus far have the following code which seems to work but I am unable to retrieve the auth token returned by the response object:

public static void Main (string[] args)
{
    var client = new RestClient ("https://maxcvservices.dnb.com/rest/Authentication");
    var request = new RestRequest (Method.POST);
    request.AddHeader("x-dnb-user", myEmail);
    request.AddHeader("x-dnb-pwd", myPassword);
    IRestResponse resp = client.Execute(request);
    var content = resp.Content;
    Console.WriteLine (resp.StatusDescription);
    Console.WriteLine (resp.StatusCode);
}

When I try printing the content I get a blank line but what I am actually expecting is the auth token that is returned by the service. A couple of things I think I am doing in the code (but not sure), is passing the userid and password as headers in the POST request which is what is required. The token is returned as the value of the 'Authorization' field in the response object. I was wondering how I might print the token. Also the statusDescription,statusCode both print OK which tells me I have the correct request but am unable to locate the auth token in the response. Any help would be much appreciated in guiding me on how to access the auth token in the Authorization field of the returned POST response.

Answer 1

So you're trying to get the HttpHeader values for Authorization from the IRestResponse object?

You could use e.g. use LINQ for that:

var authroizationHeaderFromResponse = resp.Headers.FirstOrDefault(h => h.Name == "Authorization");

            if (authroizationHeaderFromResponse != null)
            {
                Console.WriteLine(authroizationHeaderFromResponse.Value);
            }

Which yields

INVALID CREDENTIALS

You assume that if the response status code is 200 - OK, then there must be a response body accompanying it.

Does the documentation specifically state that you should expect a token in the response body in return?

The D&B developers could send a 200 - OK response with no response body if they want, or they can add their serialized token (JSON, XML etc) elsewhere, e.g. in a header field.

An example of this can be seen in this code from an ASP.NET Web API returning a response from a successful PUT

if (result.Success)
{
    var dto = Mapper.Map<TEntity, TDto>(result.Data as TEntity);

    var response = Request.CreateResponse(HttpStatusCode.Created, dto);
    var uri = Url.Link("DefaultApi", new {id = dto.Id});
    response.Headers.Location = new Uri(uri);

    return response;
}

This would return a 200 - OK with a serialized object (result.Data) in the response body, but there's nothing wrong with me changing the following

var response = Request.CreateResponse(HttpStatusCode.Created, dto);

To something like

var response = Request.CreateResponse(HttpStatusCode.Created);

That way you would still get a 200 - OK response, but without a response body. This of course is against the recommendations of the HTTP/1.1 Standard for PUT verbs, but it would still work.

I could even do this for giggles

throw new HttpResponseException(HttpStatusCode.Created);

And you would still get a 200 - OK response. Somewhat evil, but possible.

I would suggest trying to fetching data from another resource with the x-dnb-user and x-dnb-pwd header fields set, and check if a response body is returned then. Perhaps D&B was inspired by Basic Authentication when implementing these header fields, and as such require them to be present in every request?

It's worth a try.

Let me know how that works out.

Answer 2

Look in the Headers collection of IRestResponse. It will probably be there rather than the content.

Hth Oli

Answer 3

It could be that the AUTHTOKEN comes back with the cookies, as this is a common approach.

In this case, you'll need to attach a CookieContanier to your IRestClient, then this container will store the cookies. Provided you use the same client for subsequent requests, that auth cookie will let you in.

private CookieContainer _cookieJar;

...    

_cookieJar = new CookieContainer();
_client.CookieContainer = _cookieJar;

You can then inspect the container after a request

_client.PostAsync(MyRequest, (r, h) =>
{
   r.Cookies... // inspect em