Calls to webservices receiving ISP page content instead

DaveCarsonDaveCarson GBUniversity ✭✭✭

I found an interesting scenario today and wondered how others are handling it - or are aware of it.

I have an Android app which calls out to a 3rd party webservice which returns some XML which I then parse and process. Some of this XML is very trivial, i.e. just a root element and a couple of child elements - no DTD or even XML headers. However, Insights is reporting errors with these calls - not for everyone but a significant number of users are affected.

So, with the last release I added the returned data to the Insights report and was surprised to see the content of an ISP portal page, i.e. html for a 'please login' page which is not part of the 3rd party system. ISP pages include the like of BT and Wifinity as well as hotspots for caravan parks and shopping centers.

Obviously I was expecting some specific XML but for some reason the device has connected to a network that requires additional authentication before allowing the request.

So, how to 'we' handle this scenario?

Posts

  • DaveCarsonDaveCarson GBUniversity ✭✭✭
    edited September 2015

    Ok - I've reproduced this by configuring my router to block access to the webservice URL - it returns a 'Blocked' page instead. Running the app now throws an exception like the one that I'm seeing in Insights.

    Looking at the Response object I can see that the Content is that of the page (which will ultimatly cause the exception when it gets to my parsing methods). The StatusCode is 200 but the Server is that of the router, not the webservice so maybe I could use that to determine that the content didn't originate from the expected location.

    Edit: Can't use Server as it simply returns 'Apache' after a successful call to the webservice.

    I have found that if I use a HttpClientHandler with AllowAutoRedirect set to false I will get a Response with a StatusCode of 303 and a Location of the content (my router) so I could use that - but what is the best way to detect and mitigate this risk.

    `
    var handler = new HttpClientHandler()
    {
    AllowAutoRedirect = false
    };

     _client = new HttpClient(handler) { Timeout = TimeSpan.FromSeconds(15) };
    

    `

    I should also say that I am using the ConnectivityPlugin which is claiming that the site is reachable - which is clearly isn't. I'll need to raise an issue for that but in the meantime I can't really rely on what it's telling me.

Sign In or Register to comment.