我正在尝试连接到外部 IP 地址,但我位于公司防火墙之后,因此我需要通过代理进行连接。
我用 curl 运行了一个测试:
"msg": "the field 'args' has an invalid value ({u'current_storage_type': u'{{ imported_config.content|b64decode |from_json |json_query(jmesquery) }}'}), and could not be converted to an dict.The error was: Expecting property name enclosed in double quotes: line 3 column 1 (char 17)\
但我无法在 C# 中复制上述 cUrl 命令:
curl -v https://IP_ADDRESS_OF_EXTERNAL_CLIENT:6125 -x http://MyComparyProxyAddress.com:8080 -U MYUSERNAME:MYPASSWORD
我不断从我的公司代理处获取以下信息:
private static Socket CreateTunnelThruProxy(string destIP, int destPort)
{
string destUriWithPort = $"{destIP}:{destPort}";
UriBuilder uriBuilder = new UriBuilder(destUriWithPort);
Uri destUri = uriBuilder.Uri;
var proxy = new WebProxy("http://MyComparyProxyAddress.com", 8080);
proxy.UseDefaultCredentials = false;
proxy.Credentials = new NetworkCredential("MYUSERNAME", "MYPASSWORD");
WebRequest.DefaultWebProxy = proxy;
IWebProxy webProxy = WebRequest.DefaultWebProxy;
try
{
if (webProxy.IsBypassed(destUri))
return null;
}
catch (PlatformNotSupportedException)
{
// .NET Core doesn't support IWebProxy.IsBypassed
// (because .NET Core doesn't have access to Windows-specific services, of course)
return null;
}
Uri proxyUri = webProxy.GetProxy(destUri);
if (proxyUri == null)
return null;
IPAddress[] proxyEntry = Dns.GetHostAddresses(proxyUri.Host);
int iPort = proxyUri.Port;
IPAddress address = proxyEntry.First(a => a.AddressFamily == AddressFamily.InterNetwork);
IPEndPoint proxyEndPoint = new IPEndPoint(address, iPort);
Socket socketThruProxy = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socketThruProxy.Connect(proxyEndPoint);
string proxyMsg = $"CONNECT {destIP}:{destPort} HTTP/1.1 \n\n";
byte[] buffer = Encoding.ASCII.GetBytes(proxyMsg);
byte[] buffer12 = new byte[50000];
socketThruProxy.Send(buffer, buffer.Length, 0);
int msg = socketThruProxy.Receive(buffer12, 50000, 0);
string data;
data = Encoding.ASCII.GetString(buffer12);
int index = data.IndexOf("200");
if (index < 0)
throw new ApplicationException(
$"Connection failed to {destUriWithPort} through proxy server {proxyUri.ToString()}.");
return socketThruProxy;
}
我可以清楚地看到 webProxy 对象包含我设置的凭据,与 cUrl 使用的凭据相同。
我在尝试简单调用时也遇到同样的错误:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="ztb"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Connection: close
Content-Length: 797
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD>
<BODY>
<body bgcolor="#FFFFEA">
<blockquote>
<TABLE border=0 cellPadding=1 width="80%">
<TR><TD>
<FONT face="Verdana">
<big>Access Denied (authentication_failed)</big>
<BR>
<BR>
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Verdana">
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Verdana">
This is typically caused by an incorrect username and/or password, but could also be caused by network problems.
</FONT>
</TD></TR>
<TR><TD>
<FONT face="Verdana" SIZE=2>
<BR>
For assistance, contact your Tech Desk . PXFFM25
</FONT>
</TD></TR>
</TABLE>
</blockquote>
</FONT>
</BODY></HTML>
而不是按照上面的代码片段手动设置凭据。所以看起来我的凭据没有被考虑......
有什么想法吗?
答案 0 :(得分:0)
我之前尝试过这个场景,它通过创建一个继承 IWebProxy 的自定义代理类来配合我
public class MyProxy : IWebProxy
{
public ICredentials Credentials
{
get { return new NetworkCredential("your username","your password"); }
set { }
}
public Uri GetProxy(Uri destination)
{
return new Uri("http://MyComparyProxyAddress.com:8080");
}
public bool IsBypassed(Uri host)
{
return false;
}
}
并在应用程序配置文件中将这部分添加到配置节点中
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="false">
<module type="yournamespace.MyProxy, your assembly name" />
</defaultProxy>
</system.net>
答案 1 :(得分:0)
如果可以的话,我会将其添加为评论,但是添加域有帮助吗?过去,当我进行身份验证时,我必须确保域是正确的。每Network Credential docs
有一个接受域的构造函数,或者您可以将其设置为属性。
答案 2 :(得分:0)
不要尝试在您的代码中修复此问题。 使用本地代理(如 https://github.com/genotrance/px)向企业代理提供您的用户凭据。 否则有一天你会在源代码管理中找到一个开发者密码。
答案 3 :(得分:0)
我的一个项目遇到了这个问题,该公司使用了防火墙(准确地说是 Barracuda's firewall)。我尝试设置 WebProxy 并设置了机器代理,但没有运气。
我是这样解决的:
我已要求安全团队将 IP 以及将用于该服务的端口列入白名单。因此不会阻止任何传出或传入连接。然后,从应用程序中,我像这样在 web.config 中设置了代理:
<system.net>
<defaultProxy>
<proxy usesystemdefault="False" proxyaddress="http://proxy_ip" bypassonlocal="False" />
</defaultProxy>
</system.net>
此外,在运行应用程序的服务器上设置了相同的代理。
这使事情按预期进行。
一周左右后,服务突然停止。当我检查与 Fiddler 的连接时,它显示 API 被重定向到另一台服务器(不同的 IP),防火墙阻止了它。因此,我要求安全团队也将其列入白名单,该服务又重新上线了。
答案 4 :(得分:0)
这可以通过以下方式完成:
if (IsProxyProvided(settings))
{
IPAddress[] proxyEntry = Dns.GetHostAddresses(settings.ProxyHost);
IPAddress address = proxyEntry.First(a => a.AddressFamily == AddressFamily.InterNetwork);
IPEndPoint proxyEndPoint = new IPEndPoint(address, settings.ProxyPort);
socket.Connect(proxyEndPoint);
if (AreProxyCredntialsProvided(settings))
{
var basicAuthBase64 = Convert.ToBase64String(
Encoding.GetEncoding("ISO-8859-1").GetBytes($"{settings.ProxyUserName}:{settings.ProxyUserNamePassword}"));
var proxyMessage = $"Proxy-Authorization: {string.Format("Basic {0}", basicAuthBase64)} \r\n";
var keepAlive = "Connection: keep-alive\r\n";
var request = $"CONNECT {endpoint.Address}:{endpoint.Port} HTTP/1.1 \r\n" + proxyMessage + keepAlive + "\r\n";
byte[] buffer = Encoding.ASCII.GetBytes(request);
socket.Send(buffer, buffer.Length, 0);
}
}
感谢遇到类似问题的 Victor Victor Stone here