Ruby on rails P_X_FORWARDED_FOR“=>”192.168.14.21”、“HTTP_X_FORWARDED_HOST”=>“thorx64”、“HTTP_FORWARDED_SERVER”=>“thorx64”、“HTTP_CONNECTION”=>“Keep Alive”、“GATEWAY_INTERFACE”=>“CGI/1.2”、“SERVER_PORT”=>“80”、“查询字符串”=>,“SERVER_协议”=>“HTTP/1.1”、“rack.url方案”=>“HTTP”、“脚本名称”=>“/ror”、“REMOTE_ADDR”=>“0.351”、“异步回调”=>异步.close“=>”、“action\u dispatch.parameter\u filter”=>[:password]、“action\u dispatch.secret\u token”=>“A1EF5E037607D12742A040A0793DE973A5E68605CF087AD1BADEE6811687B82A0671B94DA2C4A9AF281A5485649E83D2F56F2838A4ACA8EEDBFC93B7”、“action\u dispatch.show异常”=>true、“action\u dispatch.remote\u ip=>127.0.0.1”机架会话“{},”rack.session.options“=>{:path=>”/”,:domain=>nil,:expire=>after=>nil,:secure=>false,:httponly=>true,:id=>nil},“rack.request.form\u input”=>>,“rack.request.form\u hash”=>{},“rack.request.form\u vars”=>,“action\u dispatch.request.path\u参数”=>{“},@_status=200,@_response=#“index”,“format”=>“json”},@method=“POST”、@fullpath=“/ror/login.json”>>,@_request=#“login”,“action”=>“index”,“format”=>“json”},@method=“POST”、@fullpath=“/ror/login.json”>,@#env={…},@lookup\u context=[:erb=:rjs,:builder,:rhtml,:rxml],:formats>[:html,:text,:js,:css,:ics,:csv,:xml,:rss,:atom,:yaml,:multipart\u form,:url\u encoded\u form,:json,:flv,:file,:image,:auto,:sourcefile,:sourceimage,:sourceimage,:sourceauto,:legacy,:edit],:locale=>[:de,:de]},@skip\u default\u locale=false,@frequed\u format=false,@view\u路径=[d:/Informer/company/latest/ror/app/views,d:/Informer/company/latest/ror/vendor/plugins/will分页/app/views,d:/Informer/company/latest/ror/vendor/plugins/views,d:/Informer/company/company/latest/ror/vendor/plugins/act_as_tree/app/view]>,@(action(name=“index”,@(response=“body=nil={},@)配置={},@(参数=“controller=”login“>”,{操作”=>“索引”、“格式”=>“json”}、@\u当前用户=nil>、“操作调度.请求.请求参数”=>{}、“框架请求.查询字符串”=>、“框架请求.查询哈希”=>{}、“操作调度.请求.查询参数”=>{}、“操作调度.请求.参数”=>{“控制器”=>“登录”,“操作”=>“索引”,“格式”=>“json”},“操作调度.请求.格式”=>[application/json],“rack.session.record”=>
好的, 经过更多的测试,我终于发现了问题: 我们在应用程序控制器中使用Ruby on rails P_X_FORWARDED_FOR“=>”192.168.14.21”、“HTTP_X_FORWARDED_HOST”=>“thorx64”、“HTTP_FORWARDED_SERVER”=>“thorx64”、“HTTP_CONNECTION”=>“Keep Alive”、“GATEWAY_INTERFACE”=>“CGI/1.2”、“SERVER_PORT”=>“80”、“查询字符串”=>,“SERVER_协议”=>“HTTP/1.1”、“rack.url方案”=>“HTTP”、“脚本名称”=>“/ror”、“REMOTE_ADDR”=>“0.351”、“异步回调”=>异步.close“=>”、“action\u dispatch.parameter\u filter”=>[:password]、“action\u dispatch.secret\u token”=>“A1EF5E037607D12742A040A0793DE973A5E68605CF087AD1BADEE6811687B82A0671B94DA2C4A9AF281A5485649E83D2F56F2838A4ACA8EEDBFC93B7”、“action\u dispatch.show异常”=>true、“action\u dispatch.remote\u ip=>127.0.0.1”机架会话“{},”rack.session.options“=>{:path=>”/”,:domain=>nil,:expire=>after=>nil,:secure=>false,:httponly=>true,:id=>nil},“rack.request.form\u input”=>>,“rack.request.form\u hash”=>{},“rack.request.form\u vars”=>,“action\u dispatch.request.path\u参数”=>{“},@_status=200,@_response=#“index”,“format”=>“json”},@method=“POST”、@fullpath=“/ror/login.json”>>,@_request=#“login”,“action”=>“index”,“format”=>“json”},@method=“POST”、@fullpath=“/ror/login.json”>,@#env={…},@lookup\u context=[:erb=:rjs,:builder,:rhtml,:rxml],:formats>[:html,:text,:js,:css,:ics,:csv,:xml,:rss,:atom,:yaml,:multipart\u form,:url\u encoded\u form,:json,:flv,:file,:image,:auto,:sourcefile,:sourceimage,:sourceimage,:sourceauto,:legacy,:edit],:locale=>[:de,:de]},@skip\u default\u locale=false,@frequed\u format=false,@view\u路径=[d:/Informer/company/latest/ror/app/views,d:/Informer/company/latest/ror/vendor/plugins/will分页/app/views,d:/Informer/company/latest/ror/vendor/plugins/views,d:/Informer/company/company/latest/ror/vendor/plugins/act_as_tree/app/view]>,@(action(name=“index”,@(response=“body=nil={},@)配置={},@(参数=“controller=”login“>”,{操作”=>“索引”、“格式”=>“json”}、@\u当前用户=nil>、“操作调度.请求.请求参数”=>{}、“框架请求.查询字符串”=>、“框架请求.查询哈希”=>{}、“操作调度.请求.查询参数”=>{}、“操作调度.请求.参数”=>{“控制器”=>“登录”,“操作”=>“索引”,“格式”=>“json”},“操作调度.请求.格式”=>[application/json],“rack.session.record”=>,ruby-on-rails,session-variables,Ruby On Rails,Session Variables,好的, 经过更多的测试,我终于发现了问题: 我们在应用程序控制器中使用保护\u免受伪造 因此,它有助于在我的logn控制器中设置skip\u before\u filter:verify\u authenticity\u token 但对我来说,这似乎是一个解决办法,我对此感觉不太好 我不是rails专业人士,但我想知道为什么我必须在第一个请求中发送一个令牌,它直接从我的httpwebrequest发送到登录控制器 编辑1: 有人知道如何正确处理这个问题的线索、解释或链接吗? 或者换句话说:由于
保护\u免受伪造
因此,它有助于在我的logn控制器中设置skip\u before\u filter:verify\u authenticity\u token
但对我来说,这似乎是一个解决办法,我对此感觉不太好
我不是rails专业人士,但我想知道为什么我必须在第一个请求中发送一个令牌,它直接从我的httpwebrequest
发送到登录控制器
编辑1:
有人知道如何正确处理这个问题的线索、解释或链接吗?
或者换句话说:由于我的登录控制器仅进行身份验证,因此从安全角度来看,禁用此控制器上的身份验证令牌是否可以
编辑2:
我找到了这个:。
但现在我需要知道如何获取令牌并将其存储在我的C#client中,以便在每次请求时重新发送它。或者根本不需要
public static void Authenticate()
{
Stream requestStream = null;
string loginUrl = Common.WindowAuthentication ? Common.PortalUrl + Common.IoiLoginWin : Common.PortalUrl + Common.IoiLogin;
var request = (HttpWebRequest)WebRequest.Create(loginUrl);
request.Method = WebRequestMethods.Http.Post;
request.AllowAutoRedirect = true;
request.CookieContainer = Common.Cookies;
request.Accept = @"*/*";
if (Common.WindowAuthentication)
{
if (Common.UserName.Length > 0)
{
string[] domainuser;
string username;
string domain;
if (Common.UserName.Contains("@"))
{
domainuser = Common.UserName.Split('@');
username = domainuser[0];
domain = domainuser[1];
}
else
{
domainuser = Common.UserName.Split('\\');
username = domainuser[1];
domain = domainuser[0];
}
var nc = new NetworkCredential(username, Common.Password, domain);
var cache = new CredentialCache();
cache.Add(request.RequestUri, "NTLM", nc);
request.Credentials = cache;
}
else
{
request.Credentials = CredentialCache.DefaultNetworkCredentials;
}
}
else
{
string payload = Common.ParmLogin + Common.UserName + "&" + Common.ParmPass + Common.Password;
StringBuilder urlEncoded = new StringBuilder();
Char[] reserved = { '?', '=', '&' };
byte[] byteBuffer;
if (payload != null)
{
int i = 0, j;
while (i < payload.Length)
{
j = payload.IndexOfAny(reserved, i);
if (j == -1)
{
urlEncoded.Append(HttpUtility.UrlEncode(payload.Substring(i, payload.Length - i)));
break;
}
urlEncoded.Append(HttpUtility.UrlEncode(payload.Substring(i, j - i)));
urlEncoded.Append(payload.Substring(j, 1));
i = j + 1;
}
byteBuffer = Encoding.UTF8.GetBytes(urlEncoded.ToString());
request.ContentLength = byteBuffer.Length;
requestStream = request.GetRequestStream();
requestStream.Write(byteBuffer, 0, byteBuffer.Length);
requestStream.Close();
}
else
{
request.ContentLength = 0;
}
if (Common.LogCommunicatin)
LogCommunication(loginUrl, payload);
}
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
if (response.StatusCode.ToString() == "OK") {
WebHeaderCollection c = response.Headers;
Common.SessionCookie = Common.Cookies.GetCookies(new Uri(loginUrl))["_ror_session"].Value;
if (Common.LogCommunicatin)
LogCommunication(loginUrl, "Cookie: " + Common.SessionCookie);
}
}
}
begin
cookies[:user] = { :value => user.strusername, :expires => 1.month.from_now }
session[:current_user_id] = user.id
session_record = request.env['rack.session.record']
session_record.update_attributes({
:username => user.strusername,
:client_ip => (request.env['HTTP_X_FORWARDED_FOR']||request.env['REMOTE_ADDR'])
})
rescue => e
end
{"SERVER_SOFTWARE"=>"thin 1.2.11 codename Bat-Shit Crazy", "SERVER_NAME"=>"thorx64", "rack.input"=>#<StringIO:0x9f4db08>, "rack.version"=>[1, 0], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>false, "rack.multiprocess"=>false, "rack.run_once"=>false, "REQUEST_METHOD"=>"GET", "REQUEST_PATH"=>"/ror/login.json", "PATH_INFO"=>"/login.json", "REQUEST_URI"=>"/ror/login.json", "HTTP_VERSION"=>"HTTP/1.1", "HTTP_HOST"=>"thorx64", "HTTP_ACCEPT"=>"image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*", "HTTP_ACCEPT_LANGUAGE"=>"de-DE", "HTTP_USER_AGENT"=>"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)", "HTTP_ACCEPT_ENCODING"=>"gzip, deflate", "HTTP_AUTHORIZATION"=>"NTLM TlRMTVNTUAADAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAABcKIogYBsR0AAAAPB3e6Q1YIzZ10PiKm2g/S6A==", "HTTP_COOKIE"=>"user=Administrator", "HTTP_X_ISRW_PROXY_AUTH_USER"=>"Administrator", "HTTP_MAX_FORWARDS"=>"10", "HTTP_X_FORWARDED_FOR"=>"192.168.14.21", "HTTP_X_FORWARDED_HOST"=>"thorx64", "HTTP_X_FORWARDED_SERVER"=>"thorx64", "HTTP_CONNECTION"=>"Keep-Alive", "GATEWAY_INTERFACE"=>"CGI/1.2", "SERVER_PORT"=>"80", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "rack.url_scheme"=>"http", "SCRIPT_NAME"=>"/ror", "REMOTE_ADDR"=>"127.0.0.1", "async.callback"=>#<Method: Thin::Connection#post_process>, "async.close"=>#<EventMachine::DefaultDeferrable:0x9f4c4d0>, "action_dispatch.parameter_filter"=>[:password], "action_dispatch.secret_token"=>"a1ef5e037607d12742a40a0793de973a5e68605ccf087ad1baedaee6d811687b82a0671b94da2c4a9af2b481a5346585649e83d2f56f2838a4aca8eedbfc93b7", "action_dispatch.show_exceptions"=>true, "action_dispatch.remote_ip"=>127.0.0.1, "rack.session"=>{}, "rack.session.options"=>{:path=>"/", :domain=>nil, :expire_after=>nil, :secure=>false, :httponly=>true, :id=>nil}, "rack.request.cookie_string"=>"user=Administrator", "rack.request.cookie_hash"=>{"user"=>"Administrator"}, "action_dispatch.request.path_parameters"=>{:controller=>"login", :action=>"index", :format=>"json"}, "action_controller.instance"=>#<LoginController:0xb6d59a0 @action_has_layout=true, @view_context_class=nil, @_headers={"Content-Type"=>"text/html"}, @_status=200, @_response=#<ActionDispatch::Response:0xb6d5760 @writer=#<Proc:0xb6d54f0@D:/Informer/ruby/lib/ruby/gems/1.9.1/gems/actionpack-3.0.10/lib/action_dispatch/http/response.rb:43 (lambda)>, @block=nil, @length=0, @header={}, @status=200, @body=[], @cookie=[], @sending_file=false, @blank=false, @cache_control={}, @etag=nil, @request=#<ActionDispatch::Request:0xb6d5778 @env={...}, @request_method="GET", @filtered_parameters={"controller"=>"login", "action"=>"index", "format"=>"json"}, @method="GET", @fullpath="/ror/login.json">>, @_request=#<ActionDispatch::Request:0xb6d5778 @env={...}, @request_method="GET", @filtered_parameters={"controller"=>"login", "action"=>"index", "format"=>"json"}, @method="GET", @fullpath="/ror/login.json">, @_env={...}, @lookup_context=#<ActionView::LookupContext:0xb6c3d60 @details_key=nil, @details={:handlers=>[:erb, :rjs, :builder, :rhtml, :rxml], :formats=>[:html, :text, :js, :css, :ics, :csv, :xml, :rss, :atom, :yaml, :multipart_form, :url_encoded_form, :json, :flv, :file, :image, :auto, :sourcefile, :sourceimage, :sourceauto, :legacy, :edit], :locale=>[:de, :de]}, @skip_default_locale=false, @frozen_formats=false, @view_paths=[d:/Informer/company/latest/ror/app/views, d:/Informer/company/latest/ror/vendor/plugins/will_paginate/app/views, d:/Informer/company/latest/ror/vendor/plugins/usesguid/app/views, d:/Informer/company/latest/ror/vendor/plugins/acts_as_tree/app/views]>, @_action_name="index", @_response_body=nil, @_config={}, @_params={"controller"=>"login", "action"=>"index", "format"=>"json"}, @_current_user=nil>, "action_dispatch.request.content_type"=>nil, "action_dispatch.request.request_parameters"=>{}, "rack.request.query_string"=>"", "rack.request.query_hash"=>{}, "action_dispatch.request.query_parameters"=>{}, "action_dispatch.request.parameters"=>{"controller"=>"login", "action"=>"index", "format"=>"json"}, "action_dispatch.request.formats"=>[application/json]}
{"SERVER_SOFTWARE"=>"thin 1.2.11 codename Bat-Shit Crazy", "SERVER_NAME"=>"thorx64", "rack.input"=>#<StringIO:0xa3a3778>, "rack.version"=>[1, 0], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>false, "rack.multiprocess"=>false, "rack.run_once"=>false, "REQUEST_METHOD"=>"POST", "REQUEST_PATH"=>"/ror/login.json", "PATH_INFO"=>"/login.json", "REQUEST_URI"=>"/ror/login.json", "HTTP_VERSION"=>"HTTP/1.1", "HTTP_HOST"=>"thorx64", "HTTP_ACCEPT"=>"*/*", "HTTP_X_REQUESTED_WITH"=>"XMLHttpRequest", "HTTP_USER_AGENT"=>"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)", "HTTP_AUTHORIZATION"=>"NTLM TlRMTVNTUAADAAAAGAAYAH4AAACgAaABlgAAAAwADABYAAAADAAMAGQAAAAOAA4AcAAAAAAAAAA2AgAABYKIogYBsR0AAAAPGyWqqmBHFtGQTE/QMlHT7XQAcQBzAG8AZgB0AHIAYQB1AHMAYwBoAFQASABPAFIAWAA2ADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoZP5isSr442bUTMoUknN3QEBAAAAAAAAZCgelIW2zQH2AaAgXe6DYQAAAAACAAwAVABRAFMATwBGAFQAAQAOAFQASABPAFIAWAA2ADQABAAsAGYAcgBhAC4AZwBlAHIAbQBhAG4AeQAuAHQAcQBzAG8AZgB0AC4AbgBlAHQAAwA8AFQASABPAFIAeAA2ADQALgBmAHIAYQAuAGcAZQByAG0AYQBuAHkALgB0AHEAcwBvAGYAdAAuAG4AZQB0AAUALABmAHIAYQAuAGcAZQByAG0AYQBuAHkALgB0AHEAcwBvAGYAdAAuAG4AZQB0AAcACABkKB6UhbbNAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAwAAAgXEA1/+dnAlRife8JhCuzKyRGkcsJKXvyXzrION0KdwoAEAAAAAAAAAAAAAAAAAAAAAAACQBGAEgAVABUAFAALwBUAEgATwBSAHgANgA0AC4AZgByAGEALgBnAGUAcgBtAGEAbgB5AC4AdABxAHMAbwBmAHQALgBuAGUAdAAAAAAAAAAAAAAAAAA=", "HTTP_X_ISRW_PROXY_AUTH_USER"=>"rausch", "HTTP_MAX_FORWARDS"=>"10", "HTTP_X_FORWARDED_FOR"=>"192.168.14.21", "HTTP_X_FORWARDED_HOST"=>"thorx64", "HTTP_X_FORWARDED_SERVER"=>"thorx64", "HTTP_CONNECTION"=>"Keep-Alive", "GATEWAY_INTERFACE"=>"CGI/1.2", "SERVER_PORT"=>"80", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "rack.url_scheme"=>"http", "SCRIPT_NAME"=>"/ror", "REMOTE_ADDR"=>"127.0.0.1", "async.callback"=>#<Method: Thin::Connection#post_process>, "async.close"=>#<EventMachine::DefaultDeferrable:0xa3a28f0>, "action_dispatch.parameter_filter"=>[:password], "action_dispatch.secret_token"=>"a1ef5e037607d12742a40a0793de973a5e68605ccf087ad1baedaee6d811687b82a0671b94da2c4a9af2b481a5346585649e83d2f56f2838a4aca8eedbfc93b7", "action_dispatch.show_exceptions"=>true, "action_dispatch.remote_ip"=>127.0.0.1, "rack.session"=>{}, "rack.session.options"=>{:path=>"/", :domain=>nil, :expire_after=>nil, :secure=>false, :httponly=>true, :id=>nil}, "rack.request.form_input"=>#<StringIO:0xa3a3778>, "rack.request.form_hash"=>{}, "rack.request.form_vars"=>"", "action_dispatch.request.path_parameters"=>{:controller=>"login", :action=>"index", :format=>"json"}, "action_controller.instance"=>#<LoginController:0xb9d86a0 @action_has_layout=true, @view_context_class=nil, @_headers={"Content-Type"=>"text/html"}, @_status=200, @_response=#<ActionDispatch::Response:0xb9d8460 @writer=#<Proc:0xb9d8388@D:/Informer/ruby/lib/ruby/gems/1.9.1/gems/actionpack-3.0.10/lib/action_dispatch/http/response.rb:43 (lambda)>, @block=nil, @length=0, @header={}, @status=200, @body=[], @cookie=[], @sending_file=false, @blank=false, @cache_control={}, @etag=nil, @request=#<ActionDispatch::Request:0xb9d8478 @env={...}, @request_method="POST", @filtered_parameters={"controller"=>"login", "action"=>"index", "format"=>"json"}, @method="POST", @fullpath="/ror/login.json">>, @_request=#<ActionDispatch::Request:0xb9d8478 @env={...}, @request_method="POST", @filtered_parameters={"controller"=>"login", "action"=>"index", "format"=>"json"}, @method="POST", @fullpath="/ror/login.json">, @_env={...}, @lookup_context=#<ActionView::LookupContext:0xb9d55f8 @details_key=nil, @details={:handlers=>[:erb, :rjs, :builder, :rhtml, :rxml], :formats=>[:html, :text, :js, :css, :ics, :csv, :xml, :rss, :atom, :yaml, :multipart_form, :url_encoded_form, :json, :flv, :file, :image, :auto, :sourcefile, :sourceimage, :sourceauto, :legacy, :edit], :locale=>[:de, :de]}, @skip_default_locale=false, @frozen_formats=false, @view_paths=[d:/Informer/company/latest/ror/app/views, d:/Informer/company/latest/ror/vendor/plugins/will_paginate/app/views, d:/Informer/company/latest/ror/vendor/plugins/usesguid/app/views, d:/Informer/company/latest/ror/vendor/plugins/acts_as_tree/app/views]>, @_action_name="index", @_response_body=nil, @_config={}, @_params={"controller"=>"login", "action"=>"index", "format"=>"json"}, @_current_user=nil>, "action_dispatch.request.request_parameters"=>{}, "rack.request.query_string"=>"", "rack.request.query_hash"=>{}, "action_dispatch.request.query_parameters"=>{}, "action_dispatch.request.parameters"=>{"controller"=>"login", "action"=>"index", "format"=>"json"}, "action_dispatch.request.formats"=>[application/json], "rack.session.record"=>#<ActiveRecord::SessionStore::Session id: nil, session_id: "14e03319c61b707318dd50066340be95", client_ip: nil, username: nil, data: nil, created_at: nil, updated_at: nil>, "action_dispatch.request.flash_hash"=>nil}