为什么我不能使用HttpClient登录这个ASP.NET网站?

时间:2017-05-30 10:20:34

标签: c# asp.net authentication cookies dotnet-httpclient

来自第三方的ASP.NET网站需要一个人登录。我需要从网站上获取一些数据并解析它,所以我想我会使用HttpClient将必要的凭据发布到网站,就像浏览器一样。然后,在那个POST请求之后,我想我能够使用我收到的cookie值来向(仅限授权)网址发出进一步的请求。

我可以成功地将凭据发布到登录URL并接收三个cookie:ASP.NET_SessionId,.ASPXAUTH和网站本身使用的自定义值,每个都有自己的值。我认为,由于我设置的HttpClient使用的是使用CookieContainer的HttpHandler,因此Cookie会随着每个进一步的请求一起发送,而且我仍然会保持登录状态。

但是,这似乎不起作用。如果我使用相同的HttpClient实例然后请求网站的一个安全区域,我只是再次获取登录表单。 代码:

        const string loginUri = "https://some.website/login";

        var cookieContainer = new CookieContainer();
        var clientHandler = new HttpClientHandler() { CookieContainer = cookieContainer, AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate };
        var client = new HttpClient(clientHandler);
        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));

        var loginRequest = new HttpRequestMessage(HttpMethod.Post, loginUri);

        // These form values correspond with the values posted by the browser
        var formContent = new FormUrlEncodedContent(new[]
        {
            new KeyValuePair<string, string>("customercode", "password"),
            new KeyValuePair<string, string>("customerid", "username"),
            new KeyValuePair<string, string>("HandleForm", "Login")
        });

        loginRequest.Content = formContent;

        loginRequest.Headers.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393");
        loginRequest.Headers.Referrer = new Uri("https://some.website/Login?ReturnUrl=%2f");
        loginRequest.Headers.Host = "some.website";
        loginRequest.Headers.Connection.Add("Keep-Alive");
        loginRequest.Headers.CacheControl = new System.Net.Http.Headers.CacheControlHeaderValue() { NoCache = true };
        loginRequest.Headers.AcceptLanguage.ParseAdd("nl-NL");
        loginRequest.Headers.AcceptEncoding.ParseAdd("gzip, deflate");
        loginRequest.Headers.Accept.ParseAdd("text/html, application/xhtml+xml, image/jxr, */*");

        var response = await client.SendAsync(loginRequest);
        var responseString = await response.Content.ReadAsStringAsync();

        var cookies = cookieContainer.GetCookies(new Uri(loginUri));

使用正确的凭据时,Cookie包含三个项目,包括.ASPXAUTH cookie和会话ID,这表明登录成功。但是:

        var text = await client.GetStringAsync("https://some.website/secureaction");

...这只会再次返回登录表单,而不是我使用浏览器登录并导航到/ secureaction时获得的内容。

我错过了什么?

编辑:这里是我的应用程序正在制作的完整请求以及请求Chrome正在制作。它们是相同的,除了cookie值。我通过windiff跑了他们:行标有&lt;!是我的应用程序发送的行,标记为!&gt;由Chrome发送。 

GET https://some.website/secureaction 
Connection: keep-alive  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36  
Accept-Encoding: gzip, deflate, sdch, br 
Upgrade-Insecure-Requests: 1  
Host: some.website  
Accept-Language:nl-NL, 
>> nl;q=0.8,en-US;q=0.6,en;q=0.4

Accept: text/html, 
>> application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Cookie: 
<!      customCookie=7CF190C0; 
<!          .ASPXAUTH=37D61E47(shortened for readability); 
<!      ASP.NET_SessionId=oqwmfwahpvf0qzpiextx0wtb 
!>      ASP.NET_SessionId=kn4t4rmeu2lfrgozjjga0z2j;          
!>          customCookie=8D43E263; 
!>          .ASPXAUTH=C2477BA1(shortened for readability)

HttpClient应用程序获得302引用/ login,Chrome获得包含所请求页面的200响应。

1 个答案:

答案 0 :(得分:1)

根据要求,这就是我最终使其工作的方式。我必须先对/ login执行一个简单的GET请求,然后然后使用登录凭据进行POST。我不记得那个GET确切设置了什么值(我假设一个cookie带有服务器想要的某些编码值),但是HttpClient还是会处理cookie,因此它可以正常工作。这是最终的工作代码:

    const string loginUri = "https://some.website/login";

    var cookieContainer = new CookieContainer();
    var clientHandler = new HttpClientHandler() 
    { 
        CookieContainer = cookieContainer, 
        AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate 
    };

    var client = new HttpClient(clientHandler);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));

    // First do a GET to the login page, allowing the server to set certain 
    // required cookie values.
    var initialGetRequest = new HttpRequestMessage(HttpMethod.GET, loginUri);
    await client.SendAsync(initialGetRequest);

    var loginRequest = new HttpRequestMessage(HttpMethod.Post, loginUri);

    // These form values correspond with the values posted by the browser
    var formContent = new FormUrlEncodedContent(new[]
    {
        new KeyValuePair<string, string>("customercode", "password"),
        new KeyValuePair<string, string>("customerid", "username"),
        new KeyValuePair<string, string>("HandleForm", "Login")
    });

    loginRequest.Content = formContent;

    loginRequest.Headers.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393");
    loginRequest.Headers.Referrer = new Uri("https://some.website/Login?ReturnUrl=%2f");
    loginRequest.Headers.Host = "some.website";
    loginRequest.Headers.Connection.Add("Keep-Alive");
    loginRequest.Headers.CacheControl = new System.Net.Http.Headers.CacheControlHeaderValue() { NoCache = true };
    loginRequest.Headers.AcceptLanguage.ParseAdd("nl-NL");
    loginRequest.Headers.AcceptEncoding.ParseAdd("gzip, deflate");
    loginRequest.Headers.Accept.ParseAdd("text/html, application/xhtml+xml, image/jxr, */*");

    var response = await client.SendAsync(loginRequest);
    var responseString = await response.Content.ReadAsStringAsync();

    var cookies = cookieContainer.GetCookies(new Uri(loginUri));
相关问题
最新问题