我有以下PowerShell脚本,旨在使用表单身份验证登录网站。
似乎尽管没有错误/返回的状态代码总是200,但脚本没有超出登录页面。
使用Fiddler进行一些初步研究我发现,当通过浏览器访问网站时,正在创建一个cookie ASP.Net_SessionId
,当通过我的脚本访问该网站时,该网站不存在。
关于问题可能是什么的提示,或者我如何深入挖掘这里发生的事情?提前谢谢你。
#nb: site is configured to use forms auth
clear-host
#headers copied from my Fiddler session of the same interaction with Chrome; i.e. in case any of these settings are important...
$Headers = @{
'Upgrade-Insecure-Requests' = 1
'Accept' = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
'Accept-Encoding' = 'gzip, deflate, sdch'
'Accept-Language' = 'en-GB,en;q=0.8,en-US;q=0.6,fr-FR;q=0.4,fr;q=0.2'
#'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36' #this has its own parameter
}
$loginPage = Invoke-WebRequest 'http://example.com/login.aspx' -Method Get -SessionVariable loginSession -Headers $Headers -UserAgent 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'
#code to see what's going on
write-verbose "1. -------------------" -Verbose
write-verbose $loginPage.StatusCode -Verbose #returns 200
write-verbose $loginPage.ParsedHtml.title -Verbose #returns 'log in'
$loginSession | select *
$loginPage.BaseResponse.Cookies | %{write-host "Cookie: $($_.Name)" -ForegroundColor Green} #shows a culture cookie, but no auth cookies
write-verbose $loginSession -Verbose #session variable is corrected; nothing particularly interesting in this
#end of investigative code
#form auth
$loginForm = $loginPage.Forms['aspnetForm']
$loginForm.Fields['ctl00_ContentPlaceHolder1_UsrLogin1_LoginView1_Login1_UserName'] = 'myUsername'
$loginForm.Fields['ctl00_ContentPlaceHolder1_UsrLogin1_LoginView1_Login1_Password' ] = 'myPassword'
#comparing Fiddler Chrome session with PS session I found that PS had been sending additional buttons on the form / hadn't populated the hidden field;
$loginForm.Fields.Remove('ctl00_ModalError_btnCancel')
$loginForm.Fields.Remove('ctl00_ModalError_btnConfirm')
$loginForm.Fields['ctl00_ToolkitScriptManager1_HiddenField'] = ';;AjaxControlToolkit, Version=3.5.60501.0, Culture=neutral, PublicKeyToken={public key token removed form SO post}:en-GB:{long hex string removed form SO post}'
#$Headers['Content-Type'] = 'application/x-www-form-urlencoded' #this has its own parameter
#$Headers['Content-Length'] = #PS calculates this for us based on the body (confirmed with Fiddler), so no need for us to calculate here
<# attempts at other auth mechanisms; though checking IIS I can see that only forms auth is used / checking Fiddler these are clearly superfluous)
#basic auth
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("myUsername:myPassword"))
$Headers['Authorization'] = "Basic $encodedCreds"
#creds
$cred = New-Object System.Management.Automation.PSCredential('myUsername', (ConvertTo-SecureString 'myPassword' -AsPlainText -Force))
$loginResponse = Invoke-WebRequest 'http://example.com/login.aspx' -Method Post -Body $loginForm.Fields -WebSession $loginSession -Headers $Headers -Credential $cred
#>
#FYI: $loginForm.Action = login.aspx?ReturnUrl=%2fPageOnceLoggedIn.aspx
$loginResponse = Invoke-WebRequest "http://mySite/$($loginForm.Action)" -Method Post -Body $loginForm.Fields -WebSession $loginSession -ContentType 'application/x-www-form-urlencoded' #Fiddler shows that Chrome includes 2 cookies; the culture cookie and the ASP.NET_SessionId one; PS only has the culture cookie
#code to see what's going on
write-verbose "2. -------------------" -Verbose
write-verbose $loginResponse.StatusCode -Verbose #again, 200 (though fiddler shows there's a 302 here when accessed via Chrome)
write-verbose $loginResponse.ParsedHtml.title -Verbose #again, still 'log in'
$loginSession | select *
$loginResponse.BaseResponse.Cookies | %{write-host "Cookie: $($_.Name)" -ForegroundColor Green} #still only the culture cookie
write-verbose $loginSession -Verbose #same as before
#end of investigative code
$page = Invoke-WebRequest -Uri 'http://example.com/PageOnceLoggedIn.aspx'-Method Get -WebSession $loginSession -Headers $Headers -Credential $cred
#code to see what's going on
write-verbose "3. -------------------" -Verbose
write-verbose $page.StatusCode -Verbose #again, 200
write-verbose $page.ParsedHtml.title -Verbose #again, 'log in'
$loginSession | select *
$page.BaseResponse.Cookies | %{write-host "Cookie: $($_.Name)" -ForegroundColor Green} #again, only culture
write-verbose $loginSession -Verbose
#end of investigative code