c#webclient返回403禁止

时间:2013-11-15 07:44:50

标签: c# ajax webclient http-status-code-403 steam

我试图模仿接受蒸汽交易的过程。我已经要求蒸汽支持并且确认只要我不干扰他们对其他玩家的服务就允许这个动作。

所以这里有详细信息: 接受交易要约的网址为https://steamcommunity.com/tradeoffer/OfferID/accept

这是他们这样做的ajax代码

return $J.ajax(
{
    url: 'https://steamcommunity.com/tradeoffer/' + nTradeOfferID + '/accept',
    data: rgParams,
    type: 'POST',
    crossDomain: true,
    xhrFields: { withCredentials: true }
}

这是我使用IE10跟踪的标题

Request             POST /tradeoffer/xxxxxxx/accept HTTP/1.1
Accept              */*
Content-Type        application/x-www-form-urlencoded; charset=UTF-8
Referer             http://steamcommunity.com/tradeoffer/xxxxxxx/
Accept-Language     en-CA
Origin              http://steamcommunity.com
Accept-Encoding     gzip, deflate
User-Agent          Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host                steamcommunity.com
Content-Length      51
DNT                 1
Connection          Keep-Alive
Cache-Control       no-cache

帖子正文:

的sessionid = SESSIONID&安培; tradeofferid = OFFERID

的Cookie:

Sent    sessionid                SessionID          
Sent    __utmc                   XXXXX              
Sent    steamLogin               XXXXX
Sent    webTradeEligibility      XXXXXXX
Sent    Steam_Language           XXXXXXX                    
Sent    timezoneOffset           XXXXXXXX                   
Sent    __utma                   XXXXXXXXXXXXX              
Sent    __utmz                   XXXXXXXXXXXXX              
Sent    steamMachineAuth         XXXXXXXXXXXXX                  
Sent    strInventoryLastContext  XXXXXXXXX                  
Sent    steamRememberLogin       XXXXXXXXXXXX                   
Sent    steamCC_XXXXXXXXXXXX     XXXXXXX                    
Sent    __utmb                   XXXXXXX                
Sent    tsTradeOffersLastRead    XXXXXXX

请求的发起者是XMLHttpRequest

在我的代码中我做了

public bool AcceptOffer(string offerID)
{
    string path = "tradeoffer/" + offerID + "/";
    //Simulate the browser opening the trade offer window
    _steamWeb.Get(new Uri(WebAPI.SteamCommunity + path));
    NameValueCollection data = new NameValueCollection();
    data.Add("sessionid", _steamWeb.SessionID);
    data.Add("tradeofferid", offerID);

    string result = _steamWeb.Post(new Uri("https://steamcommunity.com/" + path + "accept"), data);

    return true;
}

_steamWeb包含一个cookie识别webclient,用于执行所有发布/获取请求

以下是cookie识别webclient

的部分代码 
protected override WebRequest GetWebRequest(Uri address)
{
    HttpWebRequest request = base.GetWebRequest(address) as HttpWebRequest;

    if (request != null)
    request.CookieContainer = _cookieContainer;

    if (_lastPage != null)
        request.Referer = _lastPage;

        _lastPage = address.ToString();
        return request;
}

protected override WebResponse GetWebResponse(WebRequest request)
{
    WebResponse response = base.GetWebResponse(request);//403 exception here
    ReadCookies(response);
    return response;
}

这是我正在设置的标题

void SetCommonHeaders(Uri uri)
{
    _webClient.Headers[HttpRequestHeader.Accept] = "text/html, application/xhtml+xml, */*";
    _webClient.Headers[HttpRequestHeader.AcceptLanguage] = "en-CA";
    _webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded; charset=UTF-8";
    _webClient.Headers[HttpRequestHeader.UserAgent] = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
    _webClient.Headers[HttpRequestHeader.Host] = uri.Host;
    _webClient.Headers.Add("DNT", "1");
}

这是我发送的请求的Cookie标头

sessionid=XXXX; 
steamMachineAuthXXXXX=XXXXXX; 
steamLogin=XXXXXXX; 
steamRememberLogin=XXXXXXXX; 
Steam_Language=english; 
webTradeEligibility=XXXXXXXXX; 
steamCC_XXXXX=CA; 
tsTradeOffersLastRead=XXXXXXXXX

我没有将这些cookie设置为manuelly,所有这些都是通过对steamcommunity.com的GET请求进行注意的

我几乎发送了与浏览器相同的请求,但我的帖子收到403 Forbidden。我试图设置X-Requested-With = XMLHttpRequest标头,但它没有帮助。我看到他们在ajax调用中做了一些凭证,所以我想在HttpWebRequest帖子中做些什么呢?谢谢

1 个答案:

答案 0 :(得分:0)

问题解决了,有两件事:

  1. 由于.NET错误而无法正常发送保留标头
  2. 我对sessionid进行了两次编码
相关问题
最新问题