首先:从GET_API_URL获取CSRF令牌字符串。效果很好。
第二步:使用获取的CSRF字符串对POST_API_URL进行POST。
问题是,无论我尝试了什么,它在第二个响应中始终收到403 Forbidden错误。尝试将第一个响应的cookie(3个cookie-2个安全)存储到Cookie容器中,然后将其传递给第二个请求。还是没有运气...
在POSTman上尝试了相同的连接,一切正常。只是不在C#中。
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://mysap_get-api.s4hana.ondemand.com/blablabla");
req.Proxy = null;
req.Method = "GET";
req.Headers["X-CSRF-Token"] = "fetch";
req.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(auth_key));
req.CookieContainer = cookieContainer;
HttpWebResponse response = req.GetResponse() as HttpWebResponse;
string csrf = response.GetResponseHeader("x-csrf-token");
if (!string.IsNullOrEmpty(csrf))
{
try
{
HttpWebRequest post_req = (HttpWebRequest)WebRequest.Create("https://mysap_post-api.s4hana.ondemand.com/blablabla");
post_req.Proxy = null;
post_req.Method = "POST";
post_req.ContentType = "application/json";
post_req.Headers["APIKey"] = api_key;
post_req.Headers["X-CSRF-Token"] = csrf;
post_req.Headers["Authorization"] = "Basic " + Convert.ToBase64String(Encoding.Default.GetBytes(auth_key));
post_req.Accept = "text/xml";
post_req.CookieContainer = cookieContainer;
//tried this as well - no luck
//foreach (Cookie _cookie in response.cookies)
//{
// cookieContainer.Add(new Cookie
// {
// Name = _cookie.Name,
// Value = _cookie.Value,
// Secure = _cookie.Secure,
// Domain = "mysap_post-api.s4hana.ondemand.com"
// });
//}
//attach json body
JavaScriptSerializer js = new JavaScriptSerializer();
string _hourJson = js.Serialize(_hour);
var data = Encoding.ASCII.GetBytes(_hourJson);
using (var post_reqStream = post_req.GetRequestStream())
{
post_reqStream.Write(data, 0, data.Length);
}
// Post second request and retrieve result
string result;
***THIS KEEP GIVING 403!!!***
using (WebResponse post_response = post_req.GetResponse())
{
using (StreamReader rd = new StreamReader(post_response.GetResponseStream()))
{
result = rd.ReadToEnd();
}
}
}
catch (Exception ex)
{
}
}
else
{
Debug.WriteLine("Invalid CSRF token, job terminated");
}