Using POST when connecting to remote ASP.NET API Web Service

ASP.NET API Web Service web method calls can be modified to receive POST input. The reason is , sometimes we may need to pass sensitive information like password or other information. There are many ways to do this. Here is a new technique which I used.

=============

        [HttpPost] (This attribute is required to tell the WebMethod is a POST.)

        [ActionName("login")]
        public ManagerOutput getUserInfo(HttpRequestMessage inmessage) (The whole request is being used as input.)
        {
            ManagerOutput output = new ManagerOutput(); (This is the output the methos will send.)
            output.operation = "login";
            try
            {
                var theRequestBody = "";
                try
                {
                    theRequestBody = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(theRequestBody)); (The whole request can be passed in encoded 64 bit. Here it is being decoded. So the information sent is not visible easily.)
                    theRequestBody = inmessage.Content.ReadAsStringAsync().Result; (This is where the message content (body) is extracted from the request string.)
                }
                catch(Exception ex)
                {
                    throw new Exception("Error in ReadAsStringAsync." + ex.ToString());
                }
                if (theRequestBody == null)
                   throw new Exception("theRequestBody is null");
                ModelUserPin objModelUserPin = new ModelUserPin();
                try
                {
                    objModelUserPin = new System.Web.Script.Serialization.JavaScriptSerializer().Deserialize<ModelUserPin>(theRequestBody); (This is where JavaScript JSON content is converted to CSharp class. Here the class name is ModelUserPin.)
                }
                catch (Exception ex)
                {
                    throw new Exception("Error in JavaScriptSerializer." + ex.ToString());
                }
 
                // Add more business logic here.

                //return Newtonsoft.Json.JsonConvert.SerializeObject(output); (If required the CSharp class can be converted to JSON string.)

                return output; (When returning the results , the whole CSharp class is sent out.)
            }
            catch (Exception ex)
            {
                output.status = "ERROR: " + ex.ToString();
                //return Newtonsoft.Json.JsonConvert.SerializeObject(output);
                return output;
            }
        }

 =============

When calling this function from the JavaScript side, this is the code to use.

=======

this.validateUser = function (username, pin) {

    console.log('validateUser');

    var bodyContent  = Base64.encode( JSON.stringify({ "userId": username, "userPin": pin }) ); (This is where the request is encoded.)

    var url = urlBase + loginUserURl;

    $.ajax({

        url: url,

        type: 'POST',

        dataType: 'json',

        timeout: 60000,

        data: bodyContent,

        contentType: 'application/json; charset=utf-8', (This content type is important. Then only the JavaScript will encode the csharp class coming from the Web Service. Else the control will goto error: instead of success:)

        error: function (errData) {

            validateUserFailedCallback(errData);

        },

        success: function (data) {

            validateUserCallback(data);

        }

    });

};

Here is the value for Base64 used in the code above.

// Create Base64 Object

var Base64 = { _keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", encode: function (e) { var t = ""; var n, r, i, s, o, u, a; var f = 0; e = Base64._utf8_encode(e); while (f < e.length) { n = e.charCodeAt(f++); r = e.charCodeAt(f++); i = e.charCodeAt(f++); s = n >> 2; o = (n & 3) << 4 | r >> 4; u = (r & 15) << 2 | i >> 6; a = i & 63; if (isNaN(r)) { u = a = 64 } else if (isNaN(i)) { a = 64 } t = t + this._keyStr.charAt(s) + this._keyStr.charAt(o) + this._keyStr.charAt(u) + this._keyStr.charAt(a) } return t }, decode: function (e) { var t = ""; var n, r, i; var s, o, u, a; var f = 0; e = e.replace(/[^A-Za-z0-9\+\/\=]/g, ""); while (f < e.length) { s = this._keyStr.indexOf(e.charAt(f++)); o = this._keyStr.indexOf(e.charAt(f++)); u = this._keyStr.indexOf(e.charAt(f++)); a = this._keyStr.indexOf(e.charAt(f++)); n = s << 2 | o >> 4; r = (o & 15) << 4 | u >> 2; i = (u & 3) << 6 | a; t = t + String.fromCharCode(n); if (u != 64) { t = t + String.fromCharCode(r) } if (a != 64) { t = t + String.fromCharCode(i) } } t = Base64._utf8_decode(t); return t }, _utf8_encode: function (e) { e = e.replace(/\r\n/g, "\n"); var t = ""; for (var n = 0; n < e.length; n++) { var r = e.charCodeAt(n); if (r < 128) { t += String.fromCharCode(r) } else if (r > 127 && r < 2048) { t += String.fromCharCode(r >> 6 | 192); t += String.fromCharCode(r & 63 | 128) } else { t += String.fromCharCode(r >> 12 | 224); t += String.fromCharCode(r >> 6 & 63 | 128); t += String.fromCharCode(r & 63 | 128) } } return t }, _utf8_decode: function (e) { var t = ""; var n = 0; var r = c1 = c2 = 0; while (n < e.length) { r = e.charCodeAt(n); if (r < 128) { t += String.fromCharCode(r); n++ } else if (r > 191 && r < 224) { c2 = e.charCodeAt(n + 1); t += String.fromCharCode((r & 31) << 6 | c2 & 63); n += 2 } else { c2 = e.charCodeAt(n + 1); c3 = e.charCodeAt(n + 2); t += String.fromCharCode((r & 15) << 12 | (c2 & 63) << 6 | c3 & 63); n += 3 } } return t } }

=======

Also when debugging / testing the code , make sure to POST to http site and not to a https (SSL) site. If you attempt to POST from http to https , it will abort and throw error. It will not even POST.
 

Hope the tips mentioned here, helps you in your project.

Thanks
Adam