Sitecore上下文& HttpWebRequest的

时间:2013-03-05 22:23:33

标签: httpwebrequest sitecore sitecore6

是否可以通过HttpWebRequest传递Sitecore凭据?下面的代码很有效,除了被调用的asmx作为匿名用户执行的事实。我希望能够将sitecore当前用户凭据传递到我正在呼叫的页面。

CookieContainer cookieJar = new CookieContainer();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("ttp://localhost/file.asmx");
req.Headers.Add("SOAPAction", "\"h_ttp://tempuri.org/Register\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
req.ContentLength = 0;
req.CookieContainer = cookieJar;
WebResponse response = req.GetResponse();
Stream responseStream = response.GetResponseStream();
StreamReader respStrm = new StreamReader(response.GetResponseStream(), System.Text.Encoding.ASCII);
string responseITem = respStrm.ReadToEnd();
HttpContext.Current.Response.Write(responseITem);
HttpContext.Current.Response.End();

2 个答案:

答案 0 :(得分:3)

Sitecore用户凭据信息存储在cookie中。因此,您可以将客户端cookie添加到您的http请求中:

HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
request.CookieContainer = new CookieContainer();
HttpCookieCollection userCookies = Request.Cookies;
for (int userCookieCount = 0; userCookieCount < userCookies.Count; userCookieCount++)
{
    HttpCookie httpCookie = userCookies.Get(userCookieCount);
    Cookie cookie = new Cookie();
    /*  We have to add the target host because the cookie does not contain the domain information.
        In this case, this behaviour is not a security issue, because the target is our own platform.
        Further informations: http://stackoverflow.com/a/460990 
    */
    cookie.Domain = request.RequestUri.Host;
    cookie.Expires = httpCookie.Expires;
    cookie.Name = httpCookie.Name;
    cookie.Path = httpCookie.Path;
    cookie.Secure = httpCookie.Secure;
    cookie.Value = httpCookie.Value;

    request.CookieContainer.Add(cookie);
}

您还可以查看我们的Sitecore错误管理器模块。我们还通过发送客户端cookie来创建http请求(参见第149-170行):

https://github.com/unic/SitecoreErrorManager/blob/master/Modules.ErrorManager/Controls/BaseError.cs

答案 1 :(得分:2)

您需要将当前用户凭据添加到请求中,以便您可以在asmx Web服务中检索它们,并使用凭据记录用户以便设置上下文。

// add the credentials to the Post method
var credentials = "yourCredentials";
req.ContentLength = credentials.Length;
using (var dataStream = req.GetRequestStream())
{
  dataStream.Write(credentials, 0, credentials.Length);
}

在您的asmx网络服务中,您只能使用userName或从请求中检索的userName和Password的组合进行登录。

Sitecore.Security.Authentication.AuthenticationManager.Login(userName);
编辑:将凭据作为纯文本发送时,存在安全风险,至少使用HTTPS以使其更安全。

相关问题
最新问题