来自 C# HttpClient 针对 Spring 服务器 JWT 令牌的身份验证

Question

我正在编写 Xamarin 跨平台移动应用程序。该服务器是一个 SpringMVC 服务器，它使用 JWT 令牌对每个端点/Web 服务进行身份验证。所以基本上当我第一次向网络服务发出请求时，在我需要点击/authorize POST 端点发送我的电子邮件和密码之前，端点响应将在"Cookie" 标头中包含一个身份验证令牌，它是"AUTH_TOKEN={MD5-String}"。获得令牌后，我将请求发送到端点，比如说/feed。但我的问题是我无法弄清楚在 C#HttpClient 中设置“Cookie”标头的方法。我尝试了所有方法，但 endpoing 只是继续使用登录屏幕 html 响应，而不是实际的 JSON 响应。我在 Postman 和其他 REST 客户端中尝试了相同的步骤，并且成功了。所以这意味着我做错了什么。这是我的代码：

public class RestService : IRestService
{
    HttpClient client;
    HttpClientHandler handler;
    CookieContainer cookies;
    string authToken;

    public List<Feed> FeedItems { get; private set; }

    public RestService()
    {
        cookies = new CookieContainer();
        handler = new HttpClientHandler();
        handler.UseCookies = true; //Otherwise It'll not use the cookies container!!
        handler.CookieContainer = cookies;
        client = new HttpClient(handler);
        client.MaxResponseContentBufferSize = 256000;
    }

    public async Task<List<Role>> GetFeedDataAsync()
    {
        //Request credentials
        //Credentials validation
        var credentials = new HalliganCredential()
        {
            email = Constants.Username,
            password = Constants.Password
        };
        var jsonCredentials = JsonConvert.SerializeObject(credentials);
        var jsonCredentialsContent = new StringContent(jsonCredentials, Encoding.UTF8, "application/json");
        var authorizeUri = new Uri(Constants.AuthorizeEndpoint);
        var authorizeResponse = await client.PostAsync(authorizeUri, jsonCredentialsContent);
        if (authorizeResponse.IsSuccessStatusCode)
        {
            //If authentication went OK
            IEnumerable<Cookie> responseCookies = cookies.GetCookies(authorizeUri).Cast<Cookie>();
            foreach (Cookie cookie in responseCookies)
            {
                if (cookie.Name.Equals("AUTH-TOKEN"))
                {
                    authToken = cookie.Value;
                }
            }
        }
        else
        {
            //Authentication failed throw error
            throw new HttpRequestException("Authentication failed");
        }


        FeedItems = new List<Feed>();

        //Making the GET request
        var uri = new Uri(string.Format(Constants.FeedEnpoint, string.Empty));
        try
        {
            cookies.Add(uri, new Cookie("Cookie", string.Format("AUTH_TOKEN={0}", authToken)));
            client.DefaultRequestHeaders.Add("Cookie", string.Format("AUTH_TOKEN={0}", authToken));
            handler.CookieContainer.Add(uri, new Cookie("Cookie", string.Format("AUTH_TOKEN={0}", authToken)));

            var response = await client.GetAsync(uri);
            response.EnsureSuccessStatusCode();
            //Credentials validation
            if (response.IsSuccessStatusCode)
            {
                var content = await response.Content.ReadAsStringAsync();
                FeedItems = JsonConvert.DeserializeObject<List<Feed>>(content);
            }
        }
        catch (Exception ex)
        {
            Debug.WriteLine(@"ERROR {0}", ex.Message);
        }


        return FeedItems;
    }
}

当我到达var content = await response.Content.ReadAsStringAsync(); 行时，响应是一个 HTML 字符串，而不是实际的 JSON 响应。

尽管"Cookie" 是在 Postman 上工作的，但我尝试使用其他几个键值作为标题。

我尝试使用"Set-Cookie"、"set-cookie"、"Set-Cookie"，将标题设置为"AUTH_TOKEN"。我在不同的地方尝试了所有这些建议，例如将它们添加到 cookie CookieContainer、handler CookieContainer 和 client.DefaultRequestHeaders 中。

我尝试打开和关闭handler.UseCookies = true; //Otherwise It'll not use the cookies container!! 线。

欢迎任何帮助！

更新

我尝试了建议的解决方案之一，但没有成功我尝试了 UseCookies 的真假。

         //Making the GET request
        var baseAddress = new Uri("http://app.******.io");
        using (var handler = new HttpClientHandler { UseCookies = true })
        using (var client = new HttpClient(handler) { BaseAddress = baseAddress })
        {
            var message = new HttpRequestMessage(HttpMethod.Get, "/api/v1/feed?api_key=sarasa");
            message.Headers.Add("Cookie", string.Format("AUTH_TOKEN={0}", authToken));
            message.Headers.Add("Cookie", string.Format("AUTH_TOKEN={0};", authToken));
            message.Headers.Add("Set-Cookie", string.Format("AUTH_TOKEN={0}", authToken));
            message.Headers.Add("AUTH_TOKEN", authToken);
            var result = await client.SendAsync(message);
            result.EnsureSuccessStatusCode();
            if (result.IsSuccessStatusCode)
            {
                var content = await result.Content.ReadAsStringAsync();
                FeedItems= JsonConvert.DeserializeObject<List<Feed>>(content);
            }
        }
        return FeedItems;

更新

我尝试了另一种解决方案，结果相同。

var baseAddress = new Uri("http://app.*****.io");
            var cookieContainer = new CookieContainer();
            using (var handler = new HttpClientHandler() { CookieContainer = cookieContainer })
            using (var client = new HttpClient(handler) { BaseAddress = baseAddress })
            {
                cookieContainer.Add(baseAddress, new Cookie("Cookie", string.Format("AUTH_TOKEN={0}", authToken)));
                cookieContainer.Add(baseAddress, new Cookie("Set-Cookie", string.Format("AUTH_TOKEN={0}", authToken)));
                var result = client.GetAsync("/api/v1/roles?api_key=sarasa").Result;
                result.EnsureSuccessStatusCode();
                if (result.IsSuccessStatusCode)
                {
                    var content = await result.Content.ReadAsStringAsync();
                    RolesItems = JsonConvert.DeserializeObject<List<Role>>(content);
                }
            }

HttpClient 有替代品吗？

Answer 1

我终于可以设置 Cookie 标头参数了，但我将 HttpClient 更改为 HttpWebRequest

获取 Cookies

//Credentials validation
            var credentials = new CompanyCredential()
            {
                Email = Constants.Username,
                Password = Constants.Password
            };
            var jsonCredentials = JsonConvert.SerializeObject(credentials);
            var request = (HttpWebRequest) WebRequest.Create(new Uri(baseAddress, Constants.AuthorizeEndpoint));
            request.ContentType = "application/json";
            request.Method = "POST";
            var requestStream = request.GetRequestStreamAsync().Result;
            var streamWriter = new StreamWriter(requestStream);
            streamWriter.Write(jsonCredentials);
            streamWriter.Flush();
            try
            {
                HttpWebResponse response = (HttpWebResponse) request.GetResponseAsync().Result;
                if (response.StatusCode.Equals(HttpStatusCode.OK))
                {
                    authToken = response.Headers["Set-Cookie"];
                    tokenExpireDate = DateTime.ParseExact(response.Headers["Expires"], "yyyy-MM-dd HH:mm:ss,fff",
                                       System.Globalization.CultureInfo.InvariantCulture);
                }
                else
                {
                    //Authentication failed throw error
                    throw new HttpRequestException("Authentication failed");
                }
            } catch (Exception e)
            {
                Debug.WriteLine(string.Format("Warning: {0}", e.Message));
            }

设置 Cookies

var request = (HttpWebRequest)WebRequest.Create(new Uri(baseAddress, endpoint));
            SetHeaders(request);
            if (string.IsNullOrEmpty(authToken))
            {
                throw new AuthTokenNullException();
            }
            request.Headers["Cookie"] = authToken;
            request.Method = "GET";
            HttpWebResponse response = request.GetResponseAsync().Result as HttpWebResponse;
            if (!response.StatusCode.Equals(HttpStatusCode.OK))
            {
                throw new HttpRequestException(string.Format("Warning expected response as 200 and got {0}", Convert.ToString(response.StatusCode)));
            }
            var reader = new StreamReader(response.GetResponseStream());
            string stringResponse = reader.ReadToEnd();
            return JsonConvert.DeserializeObject<T>(stringResponse);