Link to home
Start Free TrialLog in
Avatar of Buropro-Citation
Buropro-CitationFlag for Canada

asked on

error 1.1 400 Bad request idhttp delphi

Hi, I have a simple POST command that sends username and password, this works very well on all workstations that I have tried so far but not on my customer workstations.   Even though it worked for several months, now I get an error 1.1 400 bad request.    I'm not sure what could have changed, maybe some security settings on the server.    

If I use a wrong password or username I'm getting the response that authentification failed, so the POST command is working.    When username and password are good, there's some redirection done I suppose, that's when the error happens from what I can guess.

I'm using delphi XE, component tIdHTTP, here is my complete code (without the actual password):

var idhttp1 : tIdHttp;
JsonToSend: TStringStream;
sResponse : string;
begin
    idhttp1 := tidhttp.create(application);
    idhttp1.HandleRedirects := True;
    idHTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
    JsonToSend := TStringStream.Create('AccountNumber=852&Username=buroprostation&Password=xxxx');
    try
       sResponse := idHTTP1.Post('http://dprtweb.com/Account/LogOn/', JsonToSend);
    except
      on E: Exception do
        ShowMessage(e.Message);
    end;
end;
ASKER CERTIFIED SOLUTION
Avatar of Sinisa Vuk
Sinisa Vuk
Flag of Croatia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Buropro-Citation

ASKER

I'm not sure which browser is used when using a idhttp object, should I check cookies in all browsers?    All Workstation have this problem, do I check each individual Workstation or is there something to verify on the server?
If you be able to prepare one workstation then same steps should be reproduced to all others. Try Fiddler first on one....
I have installed fiddler, it does not show anything at all when I execute my software it only catch web traffic if it comes from a browser, not when it comes from my application.    Do I need to activate something in my application programmed in delphi with component tidhttp?
Fiddler makes proxy between app and wininet api. Because indy not use wininet - there is no entries in F. But if you set Indy to use Fiddler as a proxy:
  idHTTP1.ProxyParams.ProxyServer := '127.0.0.1';
  idHTTP1.ProxyParams.ProxyPort := 8888;
  sResponse := idHTTP1.Post('http://dprtweb.com/Account/LogOn/', JsonToSend);

Open in new window


... you can view transport....
I can now see Fiddler's log, thanks to the code you have submitted.

I have tried using fiddler at my customer's location, I'm getting a popup with the error message "incorrect formed request header.  missing colon in header #9 .ASPXAUTH=4769D431A9..."   There is many numbers after this part of the message.

From what I can see, the login work but I get this error just after.   What I don't get is why it works everywhere except there.   I have also tried to destroy the cookies in Google chrome like suggested but nothing has changed, I still have the error.

Is there something in particular in Fiddler's détails that would help you get more information to help me with this problem?
There are both Raw view for outgoing and incoming messages. If you know what is going on in behind... should be there....
But.... I wonder why you send login parameters in POST call. Better use single call:
idhttp1 := tidhttp.create(application);
    idhttp1.HandleRedirects := True;
    idHTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
    try
       sResponse := idHTTP1.Get('http://dprtweb.com/Account/LogOn/'+
          '?AccountNumber=852&Username=buroprostation&Password=xxxx');
    except
      on E: Exception do
        ShowMessage(e.Message);
    end;

Open in new window

I have tried to use a single get command like suggested, I get a result saying that the authentification failed.

I'll take a look at the raw information on fiddler and compare to my result here on my workstation, maybe I'll see a difference.
The authentification failure occurs on the second part of the code which is not detailed here, this part get product information via a json post but it only works if the first step (login) worked.

Here is the command line:
vChaine := '{"ProductNo":"' + trim('12426') + '"}';
idHTTP1.Request.ContentEncoding := 'gzip';
JsonToSend := TStringStream.Create(vChaine);
sResponse := idHTTP1.Post('http://dprtweb.com/Search/GetProductsByAjax', JsonToSend);
Maybe, better idea is to use delphi rest client by fabriciocolombo - should simplify json/post/get part....
I have compared the raw information from the headers and the request, they are the same from as the ones on my a computer.   The only thing I'm noticing is this message in "headers", "cookies" tab, there is this message:

Request sent 0 bytes of Cookie data:
Request sent 12 bytes of Cookie2 data:
$Version="1"

The problem seem to be on the cookies, I'm just not sure where to go from here.
Hmm, we are on the start again. Because indy use windows api behind ... think IE cookies should be cleared....
Already did, I have tried again this morning to delete all cookies on the server and start my application directly on the server this time but the error is still there.    My only option left is to take a look at delphi rest client as suggested and reprogram this from scratch.
One thing .... Check if username/password is correct and not against url definition. It is possible that some specific characters inside username/password broke rules for url. Problem can be solved using function like this...or this...
I have tried both functions, in the first the result is not recognized by idHTTP1.Post, the second give an error before returning a result.
Did you try something like this:
idhttp1 := tidhttp.create(application);
    idhttp1.HandleRedirects := True;
    idHTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
    JsonToSend := TStringStream.Create('AccountNumber=852&Username='+EncodeURIComponent(sUserName)+'&Password='+EncodeURIComponent(sPassword));
    try
       sResponse := idHTTP1.Post('http://dprtweb.com/Account/LogOn/', JsonToSend);
    except
      on E: Exception do
        ShowMessage(e.Message);
    end;

Open in new window

or just maybe:
 idhttp1 := tidhttp.create(application);
    idhttp1.HandleRedirects := True;
    idHTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
    JsonToSend := TStringStream.Create('AccountNumber=852&Username=buroprostation&Password=xxxx');
    try
       sResponse := idHTTP1.Post('http://dprtweb.com/Account/LogOn/', Utf8Encode(JsonToSend));
    except
      on E: Exception do
        ShowMessage(e.Message);
    end;

Open in new window

I have tried the two sample codes, first one says "unknown protocol" when I execute it.    The other one says that utf8encode can't be called with these arguments when compiling.
ahh, sorry, my mistake:
JsonToSend := TStringStream.Create(Utf8Encode('AccountNumber=852&Username=buroprostation&Password=xxxx'));
    try
       sResponse := idHTTP1.Post('http://dprtweb.com/Account/LogOn/', JsonToSend);
    except
      on E: Exception do
        ShowMessage(e.Message);
    end;

Open in new window


I mess up with TStringStream and String...