CODEWITHSUNDEEP
asp.net-mvcasp.net-web-api
stpdevi
stpdevi

Reputation: 1114

HTTPS is required for security reason for Authenticate user

I am writing the service for Authenticate user using webapi service in asp.net mvc4, This service is used in mobile app when the user login the using mobile app the Authenticate should be happen and I had written code for encrypted and decrypted here followed article http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API error:

HTTPS is required for security reason.

Below error is displaying.

When check in browser or fiddler it's displaying the same error.

public static void Register(HttpConfiguration config)
    {
 TokenInspector tokenInspector = new TokenInspector() { InnerHandler = new  
    HttpControllerDispatcher(config) };


        config.Routes.MapHttpRoute(
            name: "Authentication",
            routeTemplate: "api/User/{id}",
            defaults: new { controller = "User" }
        );

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional },
            constraints: null,
            handler: tokenInspector
        );
        config.MessageHandlers.Add(new HTTPSGuard()); 

    }

Upvotes: 0

Views: 385

Answers (1)

djikay
djikay

Reputation: 10648

As it happens, I'm currently working on a project inspired by the same CodeProject article that you mentioned, so I'm intimately familiar with how it works.

The error you're getting simply means that you need to use HTTPS (not HTTP) to access your api. So, something like: https://localhost:port/api/values. In order to do that, simply using https as your URI scheme is not enough. You need to generate a self-signed certificate (or use a real one if one is available for you) and then attach it to your host -- IIS or self-hosting have different steps to achieve this. There are various websites that can help you complete these steps; this question seems to have a very comprehensive explanation.

If you don't care about HTTPS, then remove the HTTPSGuard message handler from your code and the last line in your Register function where it's being added to the MessageHandlers pipeline.

Upvotes: 1

Related Questions