c# - 带有 Cookie 的 WebRequest HTTP POST（来自 curl 脚本的端口）

Question

IBM RTC RESTful api 提供了一个用于向服务器进行身份验证的 shell 脚本示例：

COOKIES=./cookies.txt

USER=my_user
PASSWORD=my_password
HOST="https://myJazzServer:9092/jazz"

curl -k -c $COOKIES "$HOST/authenticated/identity"

curl -k -L -b $COOKIES -c $COOKIES -d j_username=$USER -d j_password=$PASSWORD "$HOST/authenticated/j_security_check"

这很好用，但是我需要使用 c# 向服务器进行身份验证。

到目前为止，我有以下内容，但它不起作用（返回授权失败页面）：

    CookieContainer _cookie;

    public string _RTC()
    {
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://myJazzServer.com:9092/jazz/authenticated/identity");
        if (_cookie == null)
        {
            _cookie = new CookieContainer();
        }
        string a;
        request.CookieContainer = _cookie;
        using (var response = request.GetResponse())
        {
            using (StreamReader sr = new StreamReader(response.GetResponseStream()))
            {
                a = sr.ReadToEnd();
            }
        }




        byte[] data = (new ASCIIEncoding()).GetBytes("j_username=myUser&j_password=MyPass");

        request = (HttpWebRequest)WebRequest.Create("https://myJazzServer.com:9092/jazz/authenticated/j_security_check");

        request.Method = "POST";
        request.ContentType = "text/html";
        request.ContentLength = data.Length;
        request.CookieContainer = _cookie;
        Stream reqStream = request.GetRequestStream();
        reqStream.Write(data,0,data.Length);

        string b;

        using (var response = request.GetResponse())
        {
            using (var reader = new StreamReader(response.GetResponseStream()))
            {
                b = reader.ReadToEnd();
            }
        }
    }

Answer 1

我建议您尝试以下方法：

public class WebClientEx : WebClient
{
    private CookieContainer _cookieContainer = new CookieContainer();

    protected override WebRequest GetWebRequest(Uri address)
    {
        WebRequest request = base.GetWebRequest(address);
        if (request is HttpWebRequest)
        {
            (request as HttpWebRequest).CookieContainer = _cookieContainer;
        }
        return request;
    }
}

class Program
{
    static void Main()
    {
        using (var client = new WebClientEx())
        {
            var response1 = client.DownloadString("https://myJazzServer.com:9092/jazz/authenticated/identity");

            var data = new NameValueCollection
            {
                { "j_username", "myUser" },
                { "j_password", "MyPass" },
            };
            var response2 = client.UploadValues("https://myJazzServer.com:9092/jazz/authenticated/j_security_check", data);
            Console.WriteLine(Encoding.Default.GetString(response2));
        }
    }
}

此外，为了简化调试，您可以通过将其放入 app.config 来激活跟踪：

<configuration>

  <system.diagnostics>
    <sources>
      <source name="System.Net.Sockets" tracemode="protocolonly">
        <listeners>
          <add name="System.Net.Sockets" type="System.Diagnostics.TextWriterTraceListener" initializeData="network.log" />
        </listeners>
      </source>
    </sources>

    <switches>
      <add name="System.Net.Sockets" value="Verbose"/>
    </switches>

    <trace autoflush="true" />
  </system.diagnostics>
</configuration>

这将创建一个网络活动的详细日志文件，这可能会简化调试。

Answer 2

如果您想使用HttpWebResponse/HttpWebRequest，这是另一种方法：

public static HttpWebResponse requestSecureDocument(HttpWebRequest _request, string _rtcServerURL, string _userName, string _password)
{
    //FormBasedAuth Step1: Request the resource and clone the request to be used later
    HttpWebRequest _requestClone = WebRequestExtensions.CloneRequest(_request, _request.RequestUri);
    //(HttpWebRequest)WebRequest.Create(request.RequestUri);

    //store the response in _docResponse variable
    HttpWebResponse _docResponse = (HttpWebResponse)_request.GetResponse();

    //HttpStatusCode.OK indicates that the request succeeded and that the requested information is in the response.
    if (_docResponse.StatusCode == HttpStatusCode.OK)
    {
        //X-com-ibm-team-repository-web-auth-msg header signifies form based authentication is being used
        string _rtcAuthHeader = _docResponse.Headers["X-com-ibm-team-repository-web-auth-msg"];
        if (_rtcAuthHeader != null && _rtcAuthHeader.Equals("authrequired"))
        {
            _docResponse.GetResponseStream().Flush();
            _docResponse.Close();

            //Prepare form for authentication as _rtcAuthHeader = authrequired
            HttpWebRequest _formPost = (HttpWebRequest)WebRequest.Create(_rtcServerURL + "/j_security_check");
            _formPost.Method = "POST";
            _formPost.Timeout = 30000;
            _formPost.CookieContainer = _request.CookieContainer;
            _formPost.Accept = "text/xml";
            _formPost.ContentType = "application/x-www-form-urlencoded";

            String _authString = "j_username=" + _userName + "&j_password=" + _password;
            //create authentication string
            Byte[] _outBuffer = Encoding.UTF8.GetBytes(_authString); //store in byte buffer
            _formPost.ContentLength = _outBuffer.Length;
            Stream _str = _formPost.GetRequestStream();
            _str.Write(_outBuffer, 0, _outBuffer.Length); //update form
            _str.Close();

            //FormBasedAuth Step2:submit the login form and get the response from the server
            HttpWebResponse _formResponse = (HttpWebResponse)_formPost.GetResponse();

            _rtcAuthHeader = _formResponse.Headers["X-com-ibm-team-repository-web-auth-msg"];
            //check if authentication has failed
            if (_rtcAuthHeader != null && _rtcAuthHeader.Equals("authfailed"))
            {
                //authentication failed. You can write code to handle the authentication failure.
                //if (DEBUG) Console.WriteLine("Authentication Failure");
            }
            else
            {
                //login successful
                _formResponse.GetResponseStream().Flush();
                _formResponse.Close();
                //FormBasedAuth Step3: Resend the request for the protected resource.
                //if (DEBUG) Console.WriteLine(">> Response " + request.RequestUri);
                return (HttpWebResponse)_requestClone.GetResponse();
            }
        }
    }
    //already authenticated return original response_docResponse
    return _docResponse;
}

你可以在你的代码中调用这个函数——

string _serverURL = https://localhost:9443/ccm; 
string _resourceURL = "https://localhost:9443/ccm/rootservices";

string mediatype = "application/xml";
string username = "username";                                    
string password = "password";
try
{
    CookieContainer _cookies = new CookieContainer();//create cookie container
    HttpWebRequest documentGet = (HttpWebRequest)WebRequest.Create(_resourceURL);
    documentGet.Method = "GET"; //method
    documentGet.CookieContainer = _cookies; //set container for HttpWebRequest 
    documentGet.Accept = mediatype;
    documentGet.Headers.Set("OSLC-Core-Version", "3.0"); //for RTC 3.0.1.2
    documentGet.Timeout = 300000;
    HttpWebResponse response = requestSecureDocument(documentGet, _serverURL, username, password);

    if (response.StatusCode != HttpStatusCode.OK)
    {
        Console.WriteLine(" Error: " + response.StatusDescription);
        response.Close();
    }
}
catch (Exception ex)
{
}

您可以阅读更多at my blog。