c# – HttpWebRequests在Authorization标头中发送无参数URI
发布时间:2020-12-15 18:30:22 所属栏目:百科 来源:网络整理
导读:我正在从.NET连接到Web服务,例如: var request = (HttpWebRequest) WebRequest.Create(uri);request.Credentials = new NetworkCredential("usr","pwd","domain");var response = (HttpWebResponse) request.GetResponse(); 授权标头如下所示: Authorizati
|
我正在从.NET连接到Web服务,例如:
var request = (HttpWebRequest) WebRequest.Create(uri);
request.Credentials = new NetworkCredential("usr","pwd","domain");
var response = (HttpWebResponse) request.GetResponse();
授权标头如下所示: Authorization: Digest username="usr",realm="domain",nonce="...",uri="/dir",algorithm="MD5",etc...
^^^^^^^^^^
服务器返回(400)错误请求. Chrome或IE发送的标头如下: Authorization: Digest username="usr",uri="/dir/query?id=1",algorithm=MD5,etc...
^^^^^^^^^^^^^^^^^^^^^
我们怀疑URI的不同导致Web服务拒绝400错误的请求.是否有可能使HttpRequest发出包含完整URI的Authorization标头? 解决方法
事实证明,Digest authentication很容易实现.通过我们自己的实现,我们能够使用完整的URI(包括参数)来生成MD5哈希.这解决了问题.
如果将来有人遇到此问题,您可以调用解决方法,如: var resultText = DigestAuthFixer.GrabResponse("/dir/index.html");
DigestAuthFixer类的代码: public static class DigestAuthFixer
{
private static string _host = "http://localhost";
private static string _user = "Mufasa";
private static string _password = "Circle Of Life";
private static string _realm;
private static string _nonce;
private static string _qop;
private static string _cnonce;
private static DateTime _cnonceDate;
private static int _nc;
private static string CalculateMd5Hash(
string input)
{
var inputBytes = Encoding.ASCII.GetBytes(input);
var hash = MD5.Create().ComputeHash(inputBytes);
var sb = new StringBuilder();
foreach (var b in hash)
sb.Append(b.ToString("x2"));
return sb.ToString();
}
private static string GrabHeaderVar(
string varName,string header)
{
var regHeader = new Regex(string.Format(@"{0}=""([^""]*)""",varName));
var matchHeader = regHeader.Match(header);
if (matchHeader.Success)
return matchHeader.Groups[1].Value;
throw new ApplicationException(string.Format("Header {0} not found",varName));
}
// http://en.wikipedia.org/wiki/Digest_access_authentication
private static string GetDigestHeader(
string dir)
{
_nc = _nc + 1;
var ha1 = CalculateMd5Hash(string.Format("{0}:{1}:{2}",_user,_realm,_password));
var ha2 = CalculateMd5Hash(string.Format("{0}:{1}","GET",dir));
var digestResponse =
CalculateMd5Hash(string.Format("{0}:{1}:{2:00000000}:{3}:{4}:{5}",ha1,_nonce,_nc,_cnonce,_qop,ha2));
return string.Format("Digest username="{0}",realm="{1}",nonce="{2}",uri="{3}"," +
"algorithm=MD5,response="{4}",qop={5},nc={6:00000000},cnonce="{7}"",dir,digestResponse,_cnonce);
}
public static string GrabResponse(
string dir)
{
var url = _host + dir;
var uri = new Uri(url);
var request = (HttpWebRequest)WebRequest.Create(uri);
// If we've got a recent Auth header,re-use it!
if (!string.IsNullOrEmpty(_cnonce) &&
DateTime.Now.Subtract(_cnonceDate).TotalHours < 1.0)
{
request.Headers.Add("Authorization",GetDigestHeader(dir));
}
HttpWebResponse response;
try
{
response = (HttpWebResponse)request.GetResponse();
}
catch (WebException ex)
{
// Try to fix a 401 exception by adding a Authorization header
if (ex.Response == null || ((HttpWebResponse)ex.Response).StatusCode != HttpStatusCode.Unauthorized)
throw;
var wwwAuthenticateHeader = ex.Response.Headers["WWW-Authenticate"];
_realm = GrabHeaderVar("realm",wwwAuthenticateHeader);
_nonce = GrabHeaderVar("nonce",wwwAuthenticateHeader);
_qop = GrabHeaderVar("qop",wwwAuthenticateHeader);
_nc = 0;
_cnonce = new Random().Next(123400,9999999).ToString();
_cnonceDate = DateTime.Now;
var request2 = (HttpWebRequest)WebRequest.Create(uri);
request2.Headers.Add("Authorization",GetDigestHeader(dir));
response = (HttpWebResponse)request2.GetResponse();
}
var reader = new StreamReader(response.GetResponseStream());
return reader.ReadToEnd();
}
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |