I am not sending cookies in my HTTP request, even if turned off for httpclient still doesn't work. And when testing with postman can't see any way to turn them off, I can clear them, but this still doesn't resolve problem....
UPDATE: after checking server logs I found the below:
2025-01-03 18:48:16.938 +01:00 [WRN] The required antiforgery header value "RequestVerificationToken" is not present. 2025-01-03 18:48:16.938 +01:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
So indicates antiforgery is causing it to fail - so why? and what do I need to change to get it working?
I have been trying to resolve this all day so below is summary of what has been done.
1 ) For testing this I am working with an abp solution created from scratch with abp studio configured as below:
2 ) This has been uploaded to my hosting and is working fine, via website directly and via swagger I can view and add books to the book store
3 ) Using below method in VB I can connect to the API and retrieve book information - this is using cookie and anti-forgery e.g. method primarily for browser scenarios so not a solution I want to use for my VB.NET winforms app but does at least show I can connect okay and API is working
' working method but this uses the Cookie + Anti-Forgery which is Primarily for Browser Scenarios
Private Async Sub btnLoginWeb_Click(sender As Object, e As EventArgs) Handles btnLoginWeb.Click
' 1) Set up a handler with CookieContainer to store auth cookies
Dim handler As New HttpClientHandler() With {
.UseCookies = True,
.CookieContainer = New CookieContainer()
}
Using client As New HttpClient(handler)
' The base URL of your application
client.BaseAddress = New Uri("https://pcassist-testing.premiumasp.net/")
' 2) GET the login page to retrieve the anti-forgery token
Dim loginPageResponse As HttpResponseMessage = Await client.GetAsync("Account/Login")
If Not loginPageResponse.IsSuccessStatusCode Then
MessageBox.Show($"Failed to load login page. Status: {loginPageResponse.StatusCode}")
Return
End If
Dim loginPageHtml As String = Await loginPageResponse.Content.ReadAsStringAsync()
' 3) Parse out __RequestVerificationToken from the HTML
Dim tokenValue As String = ExtractAntiForgeryToken(loginPageHtml)
If String.IsNullOrEmpty(tokenValue) Then
MessageBox.Show("Could not find __RequestVerificationToken in login page HTML.")
Return
End If
' 4) Build the form data that your site expects for login
' Adjust the field names (e.g., "UsernameOrEmailAddress", "Password")
' to exactly match what the login form uses.
Dim loginForm As New Dictionary(Of String, String) From {
{"__RequestVerificationToken", tokenValue},
{"UsernameOrEmailAddress", "admin"}, ' or your real username
{"Password", "REMOVED"}, ' or your real password
{"RememberMe", "false"}
}
' 5) POST the login form
Dim loginContent As New FormUrlEncodedContent(loginForm)
Dim loginResponse As HttpResponseMessage = Await client.PostAsync("Account/Login", loginContent)
Dim loginResponseBody As String = Await loginResponse.Content.ReadAsStringAsync()
If loginResponse.IsSuccessStatusCode Then
' 6) Now the CookieContainer has the session/auth cookie
' Let's call the protected endpoint using the same client
Dim dataResponse As HttpResponseMessage = Await client.GetAsync("api/app/book")
Dim dataResponseBody As String = Await dataResponse.Content.ReadAsStringAsync()
If dataResponse.IsSuccessStatusCode Then
MessageBox.Show("Protected data: " & dataResponseBody)
Else
MessageBox.Show($"API call failed. Status: {dataResponse.StatusCode}, Body: {dataResponseBody}")
End If
Else
MessageBox.Show($"Login failed. Status: {loginResponse.StatusCode}, Body: {loginResponseBody}")
End If
End Using
End Sub`
4 ) I then tried using below method to retrieve the token - not sure if this is correct as perhaps uses identityserver rather than openiddict but with code below and within postman I can retrieve a token okay - so assume this means I have something setup correctly!???.....
Private Async Sub btnGetToken_Click(sender As Object, e As EventArgs) Handles btnGetToken.Click
' 1) Define your token endpoint (commonly /connect/token with ABP + IdentityServer)
Dim tokenUrl As String = "https://pcassist-testing.premiumasp.net/connect/token"
' 2) Build up the form fields as per Resource Owner Password Flow
' Adjust the client_id, client_secret, scope, and credentials to your ABP config
Dim formData As New Dictionary(Of String, String) From {
{"grant_type", "password"},
{"client_id", "MyDesktopApp"}, ' or your actual client_id
{"client_secret", "removed*"}, ' or your actual client_secret
{"scope", "offline_access clienttest2"}, ' or "offline_access MyProject" if you also want a refresh token
{"username", "admin"}, ' ABP username
{"password", "removed*"} ' ABP password
}
' 3) Use FormUrlEncodedContent for x-www-form-urlencoded
Using content As New FormUrlEncodedContent(formData)
Dim response = Await client.PostAsync(tokenUrl, content)
Dim responseString = Await response.Content.ReadAsStringAsync()
If response.IsSuccessStatusCode Then
' 4) Deserialize the JSON to get the access token
Dim tokenObj = JsonConvert.DeserializeObject(Of TokenResponse)(responseString)
If tokenObj IsNot Nothing AndAlso Not String.IsNullOrEmpty(tokenObj.access_token) Then
bearerToken = tokenObj.access_token
' 5) Set the Authorization header for future requests
client.DefaultRequestHeaders.Authorization =
New AuthenticationHeaderValue("Bearer", bearerToken)
MessageBox.Show("Token retrieved & set in HttpClient Authorization header!")
Else
MessageBox.Show("Token response did not contain an access_token.")
End If
Else
MessageBox.Show($"Error: {response.StatusCode}{vbCrLf}{responseString}")
End If
End Using
End Sub
5 ) BUT if I then try to create a new book using this token either via my vb.net code (below) or via postman i get an error
The result from code below seems to be returning the HTML of the login page so it is like it is ignoring the token?
In postman it gives me a 400 bad request error
Private Async Sub btnSendData_Click(sender As Object, e As EventArgs) Handles btnSendData.Click
If String.IsNullOrEmpty(bearerToken) Then
MessageBox.Show("No token set! Click 'Get Token' first.")
Return
End If
' testing only
'For Each header In client.DefaultRequestHeaders
' Debug.WriteLine($"Header: {header.Key} = {String.Join(", ", header.Value)}")
'Next
Dim apiUrl As String = "https://pcassist-testing.premiumasp.net/api/app/book"
Dim bookData = New With {
.name = "my test book 6",
.publishDate = "2025-01-03"
}
Dim jsonBody As String = JsonConvert.SerializeObject(bookData)
Using content As New StringContent(jsonBody, Encoding.UTF8, "application/json")
Dim postResponse = Await client.PostAsync(apiUrl, content)
Dim resultString = Await postResponse.Content.ReadAsStringAsync()
MessageBox.Show($"Status: {postResponse.StatusCode}{vbCrLf}{resultString}")
End Using
End Sub
So what am I missing here?
Using code from sample console app you provided I get Unauthorized exception
Can't get it working, tried choosing native for the step your screen shot doesn't show, and replicated all other settings, but testing from postman fails.
Also you have MyProjectName appearing under scopes, I don't have name of my project here, so how do I add it, what are the settings needed to do so?
Your screenshots above look different than I am seeing on latest ABP as I also have a dropdown box titled ApplicatonType which can be set to Web or Native - so can you update your response to suit latest released version of ABP as per information I provided in initial post - thanks
Thank you very much, that is most helpful.
Could you possibly expand further as to how from a vb.net or even c# winforms app how I then firstly authenticate and then GET information or POST new information - using your sample CRUD books as an example
Hi
I need to be able to access the API's of my ABP website from a VB.NET WinForms application, and I want to do it correctly and securely.
So hoping for some guidance as can't find any tutorials or sample apps to help me.
I have created a sample solution with the sample CRUD pages (book store) to use to learn more
Do i need to include OpenIddict in my project or not?
How do I securely connect to the API from my app, what config do I need to do in the app (if any) first and how do I then access for example a list of books and add a new book?
Anything else you need me to answer to allow a complete response please let me know as I am running out of questions already and only been using it a short while!
Thank you (and happy new year!)
I can confirm it now runs without an error :)
Okay, I am using LeptonX in my project
