c# code access unauthorized

frederic.gaillard

Hello,

The JS code below allows me to create a new case:

But when I want to translate it into my C# application, I probably miss one step because I receive un unauthorized acces:

var environmentContent = "application/json";
            var currentDate = DateTimeOffset.UtcNow;
            var content = new StringContent(serializedElement);
            var contentLength = Uri.EscapeUriString(serializedElement).Length;

            var dataToSign = "(request-target): post /v2/cases\n" +
                                "host: rms-world-check-one-api-pilot.thomsonreuters.com\n" +
                                "date: " + currentDate + "\n" +
                                "content-type: " + environmentContent + "\n" +
                                "content-length: " + contentLength + "\n" +
                                content;

            var provider = new System.Security.Cryptography.HMACSHA256(Convert.FromBase64String(this.WorldCheckConfiguration.ApiSecret));
            var hash = provider.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));
            var hmac = Convert.ToBase64String(hash);
            var authorisation = "Signature keyId=\"" + this.WorldCheckConfiguration.ApiKey + 
                            "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + 
                            hmac + "\"";

            this.HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(environmentContent));
            this.HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("basic", authorisation);
            this.HttpClient.DefaultRequestHeaders.Date = currentDate;          

            var url = this.WorldCheckConfiguration.ApiBaseUrl + "cases";
            var response = await this.HttpClient.PostAsync(url, content);

Find more posts tagged with

c#

world-check-one

world-check

Accepted answers

frederic.gaillard

Don't you have the same example as JS for Postman, but in C#?

All comments

prabhjyot.mandla

@frederic.gaillard,

Can you please share the request and the response headers of the failed request?

frederic.gaillard

RequestUri: https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases

RequestContent:

{

"groupId": "5nzbfkdmfcqy1fdst06q9j07c",

"entityType": "INDIVIDUAL",

"providerTypes": [

"WATCHLIST"

],

"name": "Frederic John Doe",

"nameTransposition": true,

"secondaryFields": []

}

And response (unauthorized):

prabhjyot.mandla

@frederic.gaillard,

Could you please share the request and response details in the below format, so that we may investigate?

Request headers :

Date: Fri, 05 Feb 2021 03:44:19 GMT
Content-Type: application/json
Authorization: Signature keyId="XXXX-XXXXX-XXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="RhiHURoE/NC+98L97Q+gZClcPqKRVJtAhB4dae/u+0w="
Content-Length: 524

Response headers :

Date: Wed, 10 Feb 2021 09:12:14 GMT

frederic.gaillard

Ok, sorry.

Request headers:

Date: {15.02.2021 09:45:24 +00:00}

Authorization: Signature keyId="61bf9346-7996-493b-851c-6ecd8c22bfa6",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="y530hl3Z9bii+rLs2A9Z6OlBWlGvGad3s6V2D/BkmZQ="

Accept: {application/json }

Content-Length: 342

Response headers

Date: {15.02.2021 09:46:05 +00:00}

prabhjyot.mandla

Can you please adjust the system clock time? It appears that the clock time difference between the request and response is over 30 seconds. The allowed time difference is of 30 seconds and as per Network Time Protocol for the authentication. Once adjusted, please try again.

If it still fails after adjusting the clock, please share the latest request and the response headers.

frederic.gaillard

Request headers:

Date: {15.02.2021 11:56:31 +00:00}

Authorization: Signature keyId="61bf9346-7996-493b-851c-6ecd8c22bfa6",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="m/nfY4f0GjpJbitiEWxQwyGubU+c7VQ6Y9DLh8jIE44="

Accept: {application/json }

Content-Length: 342

Response headers

Date: {15.02.2021 11:56:32 +00:00}

prabhjyot.mandla

@frederic.gaillard,

Can you please share the dataToSign format which you are using to form the hmac?

frederic.gaillard

With the typed variables

frederic.gaillard

Don't you have the same example as JS for Postman, but in C#?

@frederic.gaillard,

Can we have a quick call to investigate on the cause of 401 error? I will drop you an email separately. Please revert back to the email.

Hi @prabhjyot.mandla

Could you please help the client with the follow-up question below?

prabhjyot.mandla

The issue has been resolved after sharing the sample code requests in C#.

Nevertheless, it would be nice to know what the solution was as I am getting the same issue after copying your C# Sample code (which uses WebRequest not HttpClient). My Postman call works but the C# doesn't. So if you could tell us what the issue was we might be able to avoid it too.

Quick Links