HTTPClient代码示例,用于针对嵌入式STS进行身份验证

时间:2014-07-31 01:53:17

标签: thinktecture-ident-server thinktecture-ident-model

我们在本地使用嵌入式STS来测试我们的ASP.Net Web应用程序。我正在创建一个控制台应用程序来调用一些WebAPI方法并对我们的应用程序进行一些负载测试。我想使用具有特定权限的一组用户进行测试。对于我们的本地实例,这意味着对EmbeddedSTS进行身份验证。

如何编写HttpClient以对EmbeddedSTS进行身份验证以接收此令牌并对我的WebAPI端点进行身份验证?

编辑:如果我可以在HTTP模式下运行应用程序(而非HTTPS)时获得SAML令牌,则可获得奖励积分。

2 个答案:

答案 0 :(得分:1)

我想出了如何做到这一点。

警告:这只是用于一个关闭的控制台应用程序,它允许我们对EmbeddedSTS进行身份验证并执行WebAPI调用以进行压力测试。

基本上,我们模拟浏览器会发生什么。这使用HttpClient和HtmlAgilityPack来解析HTML响应,选择一个用户,将其POST回EmbeddedSTS,然后发布WS Fed令牌结果,最后收到FedAuth cookie。之后,HTTP Client可用于调用应用程序中的任何WebAPI或MVC页面。

    public static Task<HttpClient> BuildClient(string authurl, string username)
    {
        var task = Task.Run<HttpClient>(async () =>
        {
            // setup http client an cookie handler
            var handler = new HttpClientHandler();
            handler.AllowAutoRedirect = true;
            handler.CookieContainer = new System.Net.CookieContainer();
            handler.UseCookies = true;
            var client = new HttpClient(handler);
            client.MaxResponseContentBufferSize = 256000;
            client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)");
            client.DefaultRequestHeaders.Add("Connection", "Keep-Alive");
            client.DefaultRequestHeaders.ExpectContinue = false;


            // this is the html of the page that has the user dropdown
            var userSelectionPage = await client.GetStringAsync(authurl);
            string actionPathAndQuery = GetAction(userSelectionPage);

            // for the purposes of this sample, we just choose the user called admin
            var postData = new List<KeyValuePair<string, string>>() { 
                new KeyValuePair<string, string>("username", username) 
            };

            // now we post the user name and expect to get the ws fed response
            var wsfedresponse = await client.PostAsync(authurl + actionPathAndQuery, new FormUrlEncodedContent(postData));
            var wsfedcontent = await wsfedresponse.Content.ReadAsStringAsync();

            var namevaluepairs = GetHiddenInputNameValues(wsfedcontent);
            var finalpost = await client.PostAsync(authurl, new FormUrlEncodedContent(namevaluepairs));

            // at this point, the fedauth cookie is set, we are good to go
            return client;
        });
        return task;
    }

    private static string GetAction(string htmlContent)
    {
        var d = new HtmlDocument();
        d.LoadHtml(htmlContent);
        var node = d.DocumentNode.SelectSingleNode("//form[@action]");
        var result = node.GetAttributeValue("action", string.Empty);
        return result;
    }

    private static IEnumerable<KeyValuePair<string, string>> GetHiddenInputNameValues(string htmlContent)
    {
        var d = new HtmlDocument();
        d.LoadHtml(htmlContent);
        var nodes = d.DocumentNode.SelectNodes("//input[@type='hidden']");
        return nodes.Select(p => 
            new KeyValuePair<string, string>(
                p.GetAttributeValue("name", string.Empty),
                System.Web.HttpUtility.HtmlDecode(p.GetAttributeValue("value", string.Empty))
        ));
    }

答案 1 :(得分:0)

EmbeddedSts执行ws-federation。这不是为网络Apis设计的。你更想要Oauth2。

相关问题
最新问题