Visual Studio debugging WebApi

Question

I have written a WebApi project in VS2013. I have also written an MVC4 application to test it in VS2013 on the same machine.

I run the WebApi project in VS2013, it uses localhost:49494 as server:port I then run the test project in VS2013, it uses localhost:49319 as server:port.

I calling a route in my WebApi from my test project, I get a response of 401 (Unauthorized). I AM NOT using the Authorize attribute on my WebApi functions. I do not send WWW-Authenticate header from my test project either.

Why would I get this? I just don't understand it. When I run the URL for the WebApi call in the browser, I get the desired result.

This is the HTML calling the MVC4 action:

<!DOCTYPE html>
<html>
    <head>
        <title>Webinar Registration Test </title>
    </head>
    <body>
        <div class="document">
        <form name="LoginForm" action="/Home/WBLogin" method="post">
            <input type="submit" value="Login" />
        </form>
        </div>
    </body>
</html>

This is the MVC4 Action method that calls the WebApi:

public ActionResult WBLogin()
{
    string uri = "http://localhost:49494/api/Webinar/WBLogin";
    AuthModel auth = new AuthModel();
    HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
    request.Accept = "application/json";
    request.Method = "GET";
    try
    {
        var response = request.GetResponse();

        //the following lines duplicate the response stream so we can read it for
        //deserialization and also re-read it and write it out.

        using (MemoryStream ms = new MemoryStream())
        {
            var stream = response.GetResponseStream();
            stream.CopyTo(ms);
            ms.Position = 0;
            stream.Close();

            DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(ResponseDirectLogin));
            var deserialized = (ResponseDirectLogin)ser.ReadObject(ms);
            auth.OauthToken = deserialized.AccessToken;
            auth.OrganizerKey = deserialized.OrganizerKey;
        }
    }
    catch (WebException e)
    {
        if (e.Response != null) {
            using (var sr = new StreamReader(e.Response.GetResponseStream()))
                ViewBag.Error = sr.ReadToEnd();
        }
        else
        {
            ViewBag.Error = String.Concat("Message: ", e.Message, " Status: ", e.Status);
        }
    }
    Registrant User = new Registrant();
    User.OauthToken = auth.OauthToken;
    User.OrganizerKey = auth.OrganizerKey;                              
    User.WebinarKey = "9999999999999999999";
    return RedirectToAction("WBRegister", "Home", User);
}

This is the WebApi method:

public class WebinarController : ApiController
{

    [HttpGet, Route("api/Webinar/WBLogin")]
    public IHttpActionResult WBLogin()
    {
        // The Login Model contains the Login credentials for our GTW account
        LoginModel lg = new LoginModel();

        // first we need to create the uri for the web request
        string uri = String.Format("https://api.citrixonline.com/oauth/access_token?grant_type=password&user_id={0}&password={1}&client_id={2}",
                         lg.UserId, lg.Password, lg.APIKey);

        // then the request to login is created and sent. From the response
        // we need to store at least the access token and the organizer key
        // to use for further calls

        HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
        request.Accept = "application/json";
        request.ContentType = "application/json";

        try
        {
            var response = request.GetResponse();

            //the following lines duplicate the response stream so we can read it for
            //deserialization and also re-read it and write it out.

            using (MemoryStream ms = new MemoryStream())
            {
                var stream = response.GetResponseStream();
                stream.CopyTo(ms);
                ms.Position = 0;
                stream.Close();

                DataContractJsonSerializer ser = new DataContractJsonSerializer(typeof(ResponseDirectLogin));
                var deserialized = (ResponseDirectLogin)ser.ReadObject(ms);
                LoginResponse lr = new LoginResponse();
                lr.OauthToken = deserialized.AccessToken;
                lr.OrganizerKey = deserialized.OrganizerKey;
                string json_result = JsonConvert.SerializeObject(lr);
                return Ok(json_result);
            }
        }
        catch (WebException e)
        {
            using (var sr = new StreamReader(e.Response.GetResponseStream()))
            {
                LoginErrorResponse ler = new LoginErrorResponse();
                ler.Message = sr.ReadToEnd();
                string json_result = JsonConvert.SerializeObject(ler);
                return BadRequest(json_result);
            }
        }
    }

    // other methods here...

}

Answer 1

It was a certificate issue. My sysadmin had to install their certificate on our server to allow this.

Answer 2

I have a strong feeling it is a global filter somewhere. Check the App_Start\FilterConfig.cs and make sure you are not appending an AuthorizeAttribute.