HttpClient setting boundary with content-type

34k views Asked by At

I am using javascript to communicate with a third party service. As part of their authentication process they need the "multipart/form" body of the post message including an image to be encrypted in md5, this is added to a string including the date, and a few other things and then a HMAc/SHA1 run on it. So in the end they have the multipart body, the date and the authentication hash in order to authenticate and then read the image.

This works fine for all mobile devices except for windowsPhone .. (I know, a problem with IE... who would have thought?). their httpwebrequest does not include a 'Date' header .. so no authentication. This means that I have to go native for windows phone and use the newly released httpclient code in C#. Now I am a C# noob so this is possibly where the easy solution is. I have gotten the authentication to work by passing pretty much everything to c# and just doing the post using c# but they cannot read the body because the only way I have found to send the boundary is when defining the content as multipartformDatacontent and sending the content that way changes the body so the authentication failes.

my javascript is something like:

var boundary = "------------ThIs_Is_tHe_bouNdaRY_";
var part1Array = [];
var part1 = "--"+boundary + "\r\n"+
    "Content-Disposition: form-data; name=\"image\"\r\n"+
    "Content-Type: image/jpg\r\n"+
    "\r\n";
var part3Array = [];
var part3 = "\r\n" + boundary +"--";
for(var p1=0; p1<part1.length; p1++){
    part1Array.push(part1.charCodeAt(p1));
}
for(var p3=0; p3<part3.length; p3++){
    part3Array.push(part3.charCodeAt(p3));
}
var bodyContent = part1Array.concat(imageArray,part3Array);

//hash this

var authMessage = bodyContentHash +"\n"+ contentType +"\n"+ todayString +"\n"+ pathandstuff;
// -hmac -sha1 -base64

and the c# is:

HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, path);

request.Headers.Date = DateTime.ParseExact(todaydate, "ddd',' dd MMM yyyy HH:mm:ss 'GMT'", new CultureInfo("en-US"), DateTimeStyles.AssumeUniversal);
request.Headers.Add("Accept", "application/json; charset=utf-8");
request.Headers.Add("Authorization", auth);

byte[] body = Convert.FromBase64String(bodyData);
request.Content = new ByteArrayContent(body);
request.Content.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data");
request.Content.Headers.Add("boundary", "------------ThIs_Is_tHe_bouNdaRY_");

HttpResponseMessage response = client.SendAsync(request).Result;
string resultCode = response.StatusCode.ToString();
string responseBodyAsText = await response.Content.ReadAsStringAsync();

This pretty much works.. the body content is correct as are the headers .. all except the content type header which should be:

request.Content.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data, boundary=------------ThIs_Is_tHe_bouNdaRY_");

Except that this throws a System.FormatException error.

3

There are 3 answers

4
user553838 On BEST ANSWER

with HttpClient

 request.Content.Headers.Add("ContentType", "multipart/form-data, boundary=------------ThIs_Is_tHe_bouNdaRY_");

you can use HttpWebRequest

 myHttpWebRequest.Date = DateTime.Now;
 myHttpWebRequest.ContentType = "multipart/form-data, boundary=------------ThIs_Is_tHe_bouNdaRY_";
0
Buzzrick On

We solved this by manually clearing and re-adding the content type without validation it seems that the MediaTypeHeaderValue() class doesn't like the boundary tags.

instead of using :

content.Headers.ContentType = new MediaTypeHeaderValue("multipart/form-data; boundary=----FLICKR_MIME_20140415120129--");

we did the following:

content.Headers.Remove("Content-Type");
content.Headers.TryAddWithoutValidation("Content-Type", "multipart/form-data; boundary=----FLICKR_MIME_20140415120129--");

Once we made this change it all worked correctly.

(Note that this is on WinRT if that makes any difference)

1
arik On

I post my code here, maybe this will help anyone else struggling as I did, on my case this works and upload a file to my account (not a banking but a secure cloud file product)

 public  string UploadFile(string endpointUrl, string filePath, string accessToken)
    {

        FileStream fs = null;
        Stream rs = null;
        string result = "";
        try
        {

            string uploadFileName = System.IO.Path.GetFileName(filePath);

            fs = new FileStream(filePath, FileMode.Open, FileAccess.Read);

            var request = (HttpWebRequest)WebRequest.Create(endpointUrl);
            request.Method = WebRequestMethods.Http.Post;
            request.AllowWriteStreamBuffering = false;
            request.SendChunked = true;
            String CRLF = "\r\n"; // Line separator required by multipart/form-data.        
            long timestamp = DateTimeOffset.Now.ToUnixTimeSeconds();

            string boundary = timestamp.ToString("x");
            request.ContentType = "multipart/form-data; boundary=" + boundary;

            request.Headers.Add("Authorization", "Bearer " + accessToken);                             

            long bytesAvailable = fs.Length;
            long maxBufferSize = 1 * 1024 * 1024;


            rs = request.GetRequestStream();
            byte[] buffer = new byte[50];
            int read = 0;

            byte[] buf = Encoding.UTF8.GetBytes("--" + boundary + CRLF);
            rs.Write(buf, 0, buf.Length);

            buf = Encoding.UTF8.GetBytes("Content-Disposition: form-data; name=\"body\"; filename=\"" + uploadFileName + "\"" + CRLF);                
            rs.Write(buf, 0,buf.Length);

            buf = Encoding.UTF8.GetBytes("Content-Type: application/octet-stream;" + CRLF);
            rs.Write(buf, 0, buf.Length);

            buf = Encoding.UTF8.GetBytes(CRLF);
            //writer.append("Content-Type: application/octet-stream;").append(CRLF);
            rs.Write(buf, 0, buf.Length);
            rs.Flush();


            long bufferSize = Math.Min(bytesAvailable, maxBufferSize);
            buffer = new byte[bufferSize];
            while ((read = fs.Read(buffer, 0, buffer.Length)) != 0)
            {
                rs.Write(buffer, 0, read);
            }
            buf = Encoding.UTF8.GetBytes(CRLF);                
            rs.Write(buf, 0, buf.Length);
            rs.Flush();


            // End of multipart/form-data.
            buffer = Encoding.UTF8.GetBytes("--" + boundary + "--" + CRLF);
            rs.Write(buffer, 0, buffer.Length);

            using (var response = request.GetResponse())
            using (var responseStream = response.GetResponseStream())
            using (var reader = new StreamReader(responseStream))
            {

                result = reader.ReadToEnd();
            }
        }
        catch (Exception e)
        {
            result = e.InnerException != null ? e.InnerException.Message : e.Message;  
        }

        return result;
    }