I have security working fine in an application, except when a user tries to login with a '+' in their email.
The access token looks fine (when the email contains a + it looks like this):
Bearer 8BGpt_KkEp-_6U5tUdKqK1xLCQBaWzHcxDT9RRKkbzoF2fHCUNhRL3U-fpLdQIuSXm8RcTOH4ZY3a0UZH6-6IgXxx_ojgyL26179JovRm5xQSZD7ANxLvvdU3ubfcpzSr4tw-sza37UaJh7xDFB8eH0NA9Djt7Ik8Ebxdin7u-n76InCulRAV6xMWgXfF9bwoU8MsV3lrh_zhnxYGnx3O7QUNQ740NUJLHJYH12rBth16CA1AXSF86rA5rUB7vJ7yK09k_FJTifyuldTeFHJHsyscnEIQxGozbf3x1cmZowkiK4Q1r8W0M8uz25m8j_tuMrWawTqYJNZiTuI9afW38WWQ4BRLkQF7TwoMOgZQ-f1K_3W8Zy3x-OsKdQS4i9CapvKe1utCscZVroByvyD9SvpILGiZGTjGD_zCAm8KerMPT5GNOb07kPGV_167PHEXm0TGaJbCelb5gLgXbMXv3GxBQLnYIfPUXCBaKx4UFkY8kFMPs9MxFcGY81p67rfnjeswBZ3PW6fDFTf9U_I8g
However, when I try to send a secure request with this access token, I get the response:
status: 401 "{"Message":"Authorization has been denied for this request."}"
As said above, it works without any issue if I remove the plus. This seems to be a Wep API issue rather than an Angular issue.
I found that the methods encodeUrl and decodeUrl to not stop the space from being change to a plus. I have tried the following in the c# code to switch the space to a plus:
var registerEmail = model.email.Replace(' ', '+');
This is used in both the login and register actions.
Perhaps it is not possible to use a + in an email in OAuth in Web API 2?
1 Answers
Answers 1
It seems to be a bug in asp.net roles. I am not sure of a clear solution. However, for the time being, encoding the username as follows before storing it on register and when logging in:
public static class UsernameEncodingService { public static string returnEncodedUsername(string email) { var emailAsLower = email.ToLowerInvariant(); var encodedEmail = Base64Encode(emailAsLower); var encodedEmailWithoutEquals = encodedEmail.Replace("=", "213"); var encodedEmailWithoutPlus = encodedEmailWithoutEquals.Replace("+", "214"); return encodedEmailWithoutEquals; } private static string Base64Encode(string plainText) { var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText); return System.Convert.ToBase64String(plainTextBytes); } }
0 comments:
Post a Comment