C#:即使在使用httpclient发送CSRF令牌后,仍获得403
我正在尝试从我的UWP应用程序向我们的后端系统发布有效负载。为此,我首先执行GET获取CSRF令牌,然后将其添加到POST请求的头中。在发布时,我仍然收到403禁止的错误 我正在用“失眠症”REST客户端进行交叉测试,通过执行单独的GET和POST请求,并将从GET获取的CSRF令牌提供给POST头,它工作正常 我是C#的新手,所以请原谅这些糟糕的编码标准 获取令牌C#:即使在使用httpclient发送CSRF令牌后,仍获得403,c#,uwp,csrf,dotnet-httpclient,C#,Uwp,Csrf,Dotnet Httpclient,我正在尝试从我的UWP应用程序向我们的后端系统发布有效负载。为此,我首先执行GET获取CSRF令牌,然后将其添加到POST请求的头中。在发布时,我仍然收到403禁止的错误 我正在用“失眠症”REST客户端进行交叉测试,通过执行单独的GET和POST请求,并将从GET获取的CSRF令牌提供给POST头,它工作正常 我是C#的新手,所以请原谅这些糟糕的编码标准 获取令牌 public async Task<string> GetCSRF() { using
public async Task<string> GetCSRF()
{
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
httpClient.DefaultRequestHeaders.Add("X-CSRF-TOKEN", "fetch");
HttpResponseMessage response = await httpClient.GetAsync(new Uri(_URI));
response.EnsureSuccessStatusCode();
if (response.Content == null)
return null;
String csrfToken = response.Headers.GetValues("X-CSRF-TOKEN").FirstOrDefault();
return csrfToken;
}
}
public async Task<string> SendChannelToSAP(UserStorage userStorage, string csrf)
{
string payloadJson;
string jsonResponse;
HttpResponseMessage response;
HttpContent content;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
payloadJson = JsonConvert.SerializeObject(userStorage);
content = new StringContent(payloadJson);
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
client.DefaultRequestHeaders.Add("x-csrf-token", csrf);
try
{
response = await client.PostAsync(_URI, content);
if (response.IsSuccessStatusCode)
{
jsonResponse = await response.Content.ReadAsStringAsync();
return jsonResponse;
//do something with json response here
}
else
{
return null;
}
}
catch (Exception e)
{
string error = e.GetBaseException().ToString();
//Could not connect to server
return null;
}
}
}
公共异步任务GetCSRF()
{
使用(HttpClient HttpClient=new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization=new AuthenticationHeaderValue(“基本”,Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
格式(“{0}:{1}”,userName.Text.ToUpper(),SAPpassword.Password));
httpClient.DefaultRequestHeaders.Add(“X-CSRF-TOKEN”,“fetch”);
HttpResponseMessage response=等待httpClient.GetAsync(新Uri(_Uri));
response.EnsureSuccessStatusCode();
if(response.Content==null)
返回null;
字符串csrfToken=response.Headers.GetValues(“X-CSRF-TOKEN”).FirstOrDefault();
返回csrfToken;
}
}
我收到了带有csrf令牌的以下标题
public async Task<string> GetCSRF()
{
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
httpClient.DefaultRequestHeaders.Add("X-CSRF-TOKEN", "fetch");
HttpResponseMessage response = await httpClient.GetAsync(new Uri(_URI));
response.EnsureSuccessStatusCode();
if (response.Content == null)
return null;
String csrfToken = response.Headers.GetValues("X-CSRF-TOKEN").FirstOrDefault();
return csrfToken;
}
}
public async Task<string> SendChannelToSAP(UserStorage userStorage, string csrf)
{
string payloadJson;
string jsonResponse;
HttpResponseMessage response;
HttpContent content;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
payloadJson = JsonConvert.SerializeObject(userStorage);
content = new StringContent(payloadJson);
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
client.DefaultRequestHeaders.Add("x-csrf-token", csrf);
try
{
response = await client.PostAsync(_URI, content);
if (response.IsSuccessStatusCode)
{
jsonResponse = await response.Content.ReadAsStringAsync();
return jsonResponse;
//do something with json response here
}
else
{
return null;
}
}
catch (Exception e)
{
string error = e.GetBaseException().ToString();
//Could not connect to server
return null;
}
}
}
- 响应.头{x-csrf-token:w1Id2Kn1r0d6EItk6vEi0g== 缓存控制:无存储,无缓存 sap元数据上次修改时间:2017年9月1日星期五10:57:07 GMT 数据服务版本:2.0 设置cookie:sap usercontext=sap client=100;path=/,MYSAPSSO2=ajqxmdmbabhtafmarqboaecavqqafqqqgacaiayayayayagadaamadabababababababababababababababababababacabacabacabacacacacacacacacacacacacabababababababababacabababababacacabababacacacacabababababacabababababababababacababababacabacabacababacababababababacababababababababacabababababacabababababacababababacababacabacabacabababacabababababababababababababababaW0BCQMxCwyjkozihVCNAQCBMBWGCSQGSIB3DQEJBTEPFW0xNZA5MDEYMDQ5MZHAMCMGSQGSIB3DQEJBDEWBB7SL8ST9P53T9SFU58STB3JTNFJAJBGCQHKJOOAQDBC8WLQIVALIIQKECOPJH7OXHA7OXWAHNTKR0A7DU7U5ZWJ1Q0CGG%3d;路径=/;域=.mindsetconsulting.com,SAP_SESSIONID(GW1 d 100=1bUbNWY0WY0-KlKbWYKbWYMJ0KWYK4;%3d;路径=/ 访问控制允许凭据:true 访问控制允许标头:* 访问控制允许来源:*.google.com 访问控制允许方法:* }System.Net.Http.Headers.HttpResponseHeaders
public async Task<string> GetCSRF()
{
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
httpClient.DefaultRequestHeaders.Add("X-CSRF-TOKEN", "fetch");
HttpResponseMessage response = await httpClient.GetAsync(new Uri(_URI));
response.EnsureSuccessStatusCode();
if (response.Content == null)
return null;
String csrfToken = response.Headers.GetValues("X-CSRF-TOKEN").FirstOrDefault();
return csrfToken;
}
}
public async Task<string> SendChannelToSAP(UserStorage userStorage, string csrf)
{
string payloadJson;
string jsonResponse;
HttpResponseMessage response;
HttpContent content;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
payloadJson = JsonConvert.SerializeObject(userStorage);
content = new StringContent(payloadJson);
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
client.DefaultRequestHeaders.Add("x-csrf-token", csrf);
try
{
response = await client.PostAsync(_URI, content);
if (response.IsSuccessStatusCode)
{
jsonResponse = await response.Content.ReadAsStringAsync();
return jsonResponse;
//do something with json response here
}
else
{
return null;
}
}
catch (Exception e)
{
string error = e.GetBaseException().ToString();
//Could not connect to server
return null;
}
}
}
public异步任务SendChannelToSAP(UserStorage UserStorage,string csrf)
{
字符串payloadJson;
字符串jsonResponse;
HttpResponseMessage响应;
http含量;
使用(var client=new HttpClient())
{
client.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(
“基本”,Convert.tobase64字符串(
System.Text.Encoding.ASCII.GetBytes(
格式(“{0}:{1}”,userName.Text.ToUpper(),SAPpassword.Password));
payloadJson=JsonConvert.SerializeObject(userStorage);
内容=新的StringContent(payloadJson);
content.Headers.ContentType=新的MediaTypeHeaderValue(“应用程序/json”);
client.DefaultRequestHeaders.Add(“x-csrf-token”,csrf);
尝试
{
response=wait client.PostAsync(_URI,content);
if(响应。IsSuccessStatusCode)
{
jsonResponse=await response.Content.ReadAsStringAsync();
返回jsonResponse;
//在这里对json响应执行一些操作
}
其他的
{
返回null;
}
}
捕获(例外e)
{
字符串错误=e.GetBaseException().ToString();
//无法连接到服务器
返回null;
}
}
}
我得到以下回应
- 响应{StatusCode:403,ReasonPhrase:'禁止',版本:1.1,内容:System.Net.Http.StreamContent,标题: { x-csrf-token:必需 设置cookie:sap usercontext=sap client=100;路径=/ 设置cookie:MYSAPSSO2=ajqxmdmbabhtafmarqboaecavqaqaqaqaqaqaqayxadamadababababaygawawadkamaxadiamazadgababababaaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaTEPFW0xNZA5MDEYMDM4MTBAMCMCGCSQGSIB3DQEJBDEWBBRSJQHRLPCSNXYJZSRQJ%2PROGO%2fg2TAJBgcqhkjOOAQDBC8wLQIUXjXws4bw63uLdWR%21NB9r9XUCD54CFQCH6y91A%21uKMzyfZEo7pvxjXys6zg%3d%3d;路径=/;域=.mindsetconsulting.com 设置cookie:SAP_SESSIONID_GW1_100=Zvfe5ueHO1md7_ybPcLEcnem3m6PVRHnvP4KDkBCwEk%3d;路径=/ 访问控制允许凭据:true 访问控制允许标头:* 访问控制允许来源:*.google.com 访问控制允许方法:* 内容长度:28 内容类型:文本/普通;字符集=utf-8 }}System.Net.Http.HttpResponseMessage
我发现了问题。我必须收集cookies和csrf令牌,并将这些cookies应用到实际的POST方法中。成功了 拿到饼干后再拿
Uri uri = new Uri(_URI);
_responseCookies = cookies.GetCookies(uri).Cast<Cookie>();
什么类型是HTTP
\u URI
(POST调用),请检查HTTPPOST<