我正在尝试通过UWP应用程序向后端系统发布有效载荷。为此,我首先要获取CSRF令牌,然后将其添加到邮政请求的标题中。发布时,我仍会遇到403禁止错误。
我通过单独的get和post请求并喂食从get to to to Post the Post标头进行喂食,与"失眠" REST客户端进行仔细测试。
>获取令牌:
public async Task<string> GetCSRF()
{
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
httpClient.DefaultRequestHeaders.Add("X-CSRF-TOKEN", "fetch");
HttpResponseMessage response = await httpClient.GetAsync(new Uri(_URI));
response.EnsureSuccessStatusCode();
if (response.Content == null)
return null;
String csrfToken = response.Headers.GetValues("X-CSRF-TOKEN").FirstOrDefault();
return csrfToken;
}
}
我在CSRF代币中收到了以下标头:
response.Headers
{
x-csrf-token: w1Id2Kn1r0d6EItk6vEi0g==
cache-control: no-store, no-cache
sap-metadata-last-modified: Fri, 01 Sep 2017 10:57:07 GMT
dataserviceversion: 2.0
set-cookie: sap-usercontext=sap-client=100; path=/, MYSAPSSO2=AjQxMDMBABhTAFMARQBOAEcAVQBQAFQAQQAgACAAIAACAAYxADAAMAADABBHAFcAMQAgACAAIAAgACAABAAYMgAwADEANwAwADkAMAAxADIAMAA0ADkABQAEAAAACAYAAlgACQACRQD%2fAPswgfgGCSqGSIb3DQEHAqCB6jCB5wIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHHMIHEAgEBMBkwDjEMMAoGA1UEAxMDR1cxAgcgFAMoIAMBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA5MDEyMDQ5MzhaMCMGCSqGSIb3DQEJBDEWBBRP7sl8St9p53T9Sfu58sTb3jTNFjAJBgcqhkjOOAQDBC8wLQIVALIiQKECoPjhBihxA7OXoDOEGy3YAhQroXwahnTKR0A7du7u5zwj1Q0cgg%3d%3d; path=/; domain=.mindsetconsulting.com, SAP_SESSIONID_GW1_100=u1BKLug0BNWYM0-zg_JWTBEihxmPVxHnvTMKDkBCwEk%3d; path=/
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: *.google.com
access-control-allow-methods: *
} System.Net.Http.Headers.HttpResponseHeaders
用令牌发布有效载荷:
public async Task<string> SendChannelToSAP(UserStorage userStorage, string csrf)
{
string payloadJson;
string jsonResponse;
HttpResponseMessage response;
HttpContent content;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic", Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes(
string.Format("{0}:{1}", userName.Text.ToUpper(), SAPpassword.Password))));
payloadJson = JsonConvert.SerializeObject(userStorage);
content = new StringContent(payloadJson);
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
client.DefaultRequestHeaders.Add("x-csrf-token", csrf);
try
{
response = await client.PostAsync(_URI, content);
if (response.IsSuccessStatusCode)
{
jsonResponse = await response.Content.ReadAsStringAsync();
return jsonResponse;
//do something with json response here
}
else
{
return null;
}
}
catch (Exception e)
{
string error = e.GetBaseException().ToString();
//Could not connect to server
return null;
}
}
}
我得到以下响应
>response
{
StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
x-csrf-token: Required
set-cookie: sap-usercontext=sap-client=100; path=/
set-cookie: MYSAPSSO2=AjQxMDMBABhTAFMARQBOAEcAVQBQAFQAQQAgACAAIAACAAYxADAAMAADABBHAFcAMQAgACAAIAAgACAABAAYMgAwADEANwAwADkAMAAxADIAMAAzADgABQAEAAAACAYAAlgACQACRQD%2fAPswgfgGCSqGSIb3DQEHAqCB6jCB5wIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHHMIHEAgEBMBkwDjEMMAoGA1UEAxMDR1cxAgcgFAMoIAMBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA5MDEyMDM4MTBaMCMGCSqGSIb3DQEJBDEWBBRSJQHrlPcSnxYjzSrqJ%2frOgo%2fg2TAJBgcqhkjOOAQDBC8wLQIUXjXws4bw63uLdWR%21NB9r9XUCD54CFQCH6y91A%21uKMzyfZEo7pvxjXys6zg%3d%3d; path=/; domain=.mindsetconsulting.com
set-cookie: SAP_SESSIONID_GW1_100=Zvfe5ueHO1md7_ybPcLEcnem3m6PVRHnvP4KDkBCwEk%3d; path=/
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: *.google.com
access-control-allow-methods: *
content-length: 28
content-type: text/plain; charset=utf-8
}
} System.Net.Http.HttpResponseMessage
我发现了这个问题。我必须和CSRF令牌一起收集cookie,并将这些cookie应用于实际的帖子方法中。有效。
获得饼干
var uri = new Uri(_URI);
_responseCookies = cookies.GetCookies(uri).Cast<Cookie>();
然后将cookie添加到帖子
var cookieContainer = new CookieContainer();
foreach (var cookie in _responseCookies)
{
cookieContainer.Add(new Uri(_URI), cookie);
}
var handler = new HttpClientHandler() { CookieContainer = cookieContainer };