Search code examples
c#.netazurexamarinazure-app-service-envrmnt

Azure App Service - Custom Authentication - HTTP Verb not allowed


I followed this tutorial to enable authentication in my Xamarin.Forms App: https://adrianhall.github.io/develop-mobile-apps-with-csharp-and-azure/chapter2/custom/

A test with Postman (as described in the tutorial) went succesfully. The token returned.

When i call this from my C# code...

LoginAsync("custom", Newtonsoft.Json.Linq.JObject.FromObject(auth));

I got an error like:

Method not allowed. HTTP Verb not allowed

I found out that the Azure SDK sends a POST and GET request when calling LoginAsync. So i changed this...

[HttpPost, Route(".auth/login/custom")]
        public IHttpActionResult Post([FromBody]CPM.Arda.Mobile.Freelancer.Backend.DataObjects.Recruitment.Custom.PromoterAuthRequest promoterAuth)

to this...

[HttpPost, HttpGet, Route(".auth/login/custom")]
        public IHttpActionResult Post([FromBody]CPM.Arda.Mobile.Freelancer.Backend.DataObjects.Recruitment.Custom.PromoterAuthRequest promoterAuth)

The HTTP Verb error is gone but the following error occurs:

 Operation=ReflectedHttpActionDescriptor.ExecuteAsync, Exception=System.NullReferenceException: Object reference not set to an instance of an object.
   at CPM.Arda.Mobile.Freelancer.Backend.Controllers.Custom.CustomAuthController.Post(PromoterAuthRequest promoterAuth)
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Tracing.ITraceWriterExtensions.<TraceBeginEndAsyncCore>d__18`1.MoveNext()
2017-07-11T10:39:50  PID[9680] Error       Operation=ApiControllerActionInvoker.InvokeActionAsync, Exception=System.NullReferenceException: Object reference not set to an instance of an object.
   at CPM.Arda.Mobile.Freelancer.Backend.Controllers.Custom.CustomAuthController.Post(PromoterAuthRequest promoterAuth)
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)

I'm really confused. No available tutorial for this topic seems to work out of the box.


Solution

  • I found out that the Azure SDK sends a POST and GET request when calling LoginAsync.

    AFAIK, the mobile app backend would force https, and if you send request with http, then you would get a 302 status code as follows:

    enter image description here

    As this issue mentioned, redirecting from http -> https causes the http verb to GET.

    Change the mobile app Uri with Https when you init the MobileServiceClient, your code would work as expected.

    enter image description here