Search code examples
c#restpost.net-8.0

POST fails with invalid or missing data

I am trying to send data to the endpoint described in https://leonardo.pgxc.pl/doc/direct_upload.html

Which fails with "invalid user data". I assume this can both indicate that the data is missing or invalid somehow. I am certain the user and pass is correct.

Using a service like https://reqbin.com/ works fine. The server then accept the user data, but fails on missing some file data, which is irrelevant for now. That is step two of this process, which fails on step none for me.

enter image description here

Trying to do the same from a console application written in C#, fails with "invalid user data"

await UploadFileAsync("d:\\User\\Downloads\\test.igc", "MYPASS", "MYUSER");

async Task UploadFileAsync(string filePath, string user, string pass)
{
    HttpClient client = new HttpClient();

    string igcData = File.ReadAllText(filePath);

    var url = "http://www.paraglidingforum.com/modules/leonardo/flight_submit.php";

    var formData = new Dictionary<string, string>
        {
            { "user", user },
            { "pass", pass }
        };

    var content = new FormUrlEncodedContent(formData);

    var response = await client.PostAsync(url, content);
    response.EnsureSuccessStatusCode();
    var responseContent = await response.Content.ReadAsStringAsync();

    Console.WriteLine($"Response: {responseContent}"); // >>Invalid user data
}

Since I can make it accept the user data through reqbin, I must somehow not set the correct properties in my form when sending from the console app, but I have tried all manner of variations without any luck. Always the same "invalid user data", which makes me think the server is not receiving it, since I am certain the id+pw are correct.

Edit: this html also accepts the user, and only fails on the file data missing.

<html >   
<body>
    <form action="https://www.paraglidingforum.com/modules/leonardo/flight_submit.php"  method="post"
   enctype="multipart/form-data" >
   
   user:      <input type="text" name="user" value="MYUSER">
      <br>
      pass: <input type="password" name="pass" value="MYPASS">
      <br>
     <input type="submit" value="Send">
    </form>  </body> </html>

Anything obvious I am doing wrong here?

Solution

  • If you send the request in, for example, Postman, you will see something like this:

    Postman

    So a POST request, which is redirected immediately to an https, however, a GET not a POST. A GET request won't be able to legitimately carry a body, so presumably doesn't have any credentials in, and so the authentication fails.

    If you just post directly to the https url, https://www.paraglidingforum.com/modules/leonardo/flight_submit.php, it avoids the redirection and works as expected.

    So, there's nothing wrong with the C# code, the URL is wrong. By default, an HttpClient will follow redirects via the AllowAutoRedirect property of the default handler.

    My knowledge of http redirects isn't great, but it's an instruction of where to go next. It would be an obvious security risk in the case of a POST request to automatically forward on the data it contained, which is why you cannot redirect a POST to another POST at a different url, and the redirect is followed up with a GET. In the case of this API, it still responds on the GET endpoint, but as you're sending it no credentials then (a GET request cannot send a body according to specs), the API responds as if you had sent none.