C#HttpClient无法验证POST请求中提供的CSRF令牌

时间:2018-05-07 18:49:16

标签: c# post cookies dotnet-httpclient x-xsrf-token

我在这里写,因为我试图向服务器api发送POST请求,
我还尝试发送另一个请求(第一个)并从响应中发送({"success":"true", "role":"USER"})。但是在作为回复的第二个请求中,我得到了:{"timestamp":1524589409895,"status":403,"error":"Forbidden","message":"Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.","path":"/api/v1/rec"} 所以我放了所有的饼干,但其中一个" XSRF -TOKEN"导致程序崩溃System.Net.CookieException: The 'Name'='XSRF -TOKEN' part of the cookie is invalid
所以我发现每次创建会话时这个cookie都会改变 所以我试图从第一条消息的响应中获取cookie并添加到第二条消息的标题中,这就是结果

我还将NETFramework设置为4.5版本 我在这里为您留下一个临时帐户,因此您可以尝试此操作而无需为测试创建帐户 Request Payload from firefox

static void Main(string[] args)
{
    Uri uri = new Uri("https://www.vcast.it/api/v1/rec");
    cookieContainer = new CookieContainer();
    cookieContainer.Add(uri, new Cookie("CONSENT", "true"));
    cookieContainer.Add(uri, new Cookie("_ga", "GA1.2.940742918.1524584758"));
    cookieContainer.Add(uri, new Cookie("_gid", "GA1.2.1691132054.1524584758"));
    cookieContainer.Add(uri, new Cookie("remember-me", "Z1hvUnJoOHdIM3dCZ2pmYXVKamFRUT09OkpxSXUzRDVRUXd6UG14eGlVUlJMOXc9PQ"));

    clienthandler = new HttpClientHandler { AllowAutoRedirect = true, UseCookies = true, CookieContainer = cookieContainer };
    client = new HttpClient(clienthandler);
    client.DefaultRequestHeaders.Host = "www.vcast.it";

    MainAsync();
}
private static CookieContainer cookieContainer;
private static HttpClientHandler clienthandler;
private static HttpClient client;

static async void MainAsync()
{
    Uri uri = new Uri("https://www.vcast.it");
    var values = new Dictionary<string, string>
    {
       { "username", "XXXX" },
       { "password", "XXXX" },
       { "remember-me", "undefined" },
       { "submit", "" }
    };
    var content = new FormUrlEncodedContent(values);
    HttpResponseMessage response = await client.PostAsync("https://www.vcast.it/apiLogin?appId=58aef0c4ea5d52b2c0e4f2ed", content);
    Console.WriteLine(await response.Content.ReadAsStringAsync());

    Console.WriteLine("New Cookies:");
    var responseCookies = cookieContainer.GetCookies(uri).Cast<Cookie>();
    foreach (var cook in responseCookies)
    {
        cookieContainer.Add(uri, cook);
        Console.WriteLine(cook.Name + ":" + cook.Value);
    }

    Console.WriteLine();
    clienthandler = new HttpClientHandler { UseCookies = true, CookieContainer = cookieContainer };
    client = new HttpClient(clienthandler);

    values = JsonConvert.DeserializeObject<Dictionary<string, string>>("{\"name\":\"Titolo registrazione\",\"fromSuggestion\":false,\"manual\":true,\"followSeries\":false,\"resolution\":\"r576\",\"format\":\"MP4\",\"defaultProvider\":\"vcloud\",\"provider\":\"vcloud\",\"channelId\":\"58138235c9e77c00018242ed\",\"startDate\":1524585300000,\"endDate\":1524588900000,\"startHour\":17,\"startMinute\":55,\"endHour\":18,\"endMinute\":55}");
    content = new FormUrlEncodedContent(values);
    client.DefaultRequestHeaders.Referrer = new Uri("https://www.vcast.it/manualRec/");
    response = await client.PostAsync("https://www.vcast.it/api/v1/rec", content);

    Console.WriteLine(await response.Content.ReadAsStringAsync());
}

我很乐意接受任何评论或回答

0 个答案:

没有答案