logo标签列表

C# WebRequest 登录会话

c#winformscookieswebrequest
4

好的,我昨天尝试提出了这个问题,但我不确定是否提供了足够的信息,我得到了一个答案,但对我没有起作用。基本上,我正在做的是用户打开这个Windows窗体应用程序并登录。之后,他们在文本框中输入一些文本,然后单击运行。此时,运行函数正在向需要登录的服务器发出Web请求(最初在打开程序后完成的登录)。由于某种原因,在执行第二个请求时仍然无法看到用户已登录,即使添加了cookie到cookie容器中。我不确定我做错了什么,但我会发布我的代码,以便您可以进一步帮助我。

这是用户输入应用程序时执行的登录功能。

private void button1_Click(object sender, EventArgs e)
{
    string paramaters = "authmethod=on&chkRememberMe=on&login-form-type=pwd&password=" + pw.Text + "&userid=" + uid.Text + "&username=" + uid.Text;
    string strResponse;
    HttpWebRequest requestLogin = (HttpWebRequest)WebRequest.Create("https://www.url.com/login.form");
    requestLogin.Method = "POST";
    requestLogin.CookieContainer = cookieJar;
    requestLogin.ContentType = "application/x-www-form-urlencoded";

    requestLogin.ContentLength = paramaters.Length;
    StreamWriter stOut = new StreamWriter(requestLogin.GetRequestStream(), System.Text.Encoding.ASCII);
    stOut.Write(paramaters);
    stOut.Close();

    HttpWebResponse responseLogin = (HttpWebResponse)requestLogin.GetResponse();
    StreamReader stIn = new StreamReader(responseLogin.GetResponseStream());
    strResponse = stIn.ReadToEnd();
    stIn.Close();

    //Add cookies to CookieJar (Cookie Container)
    foreach (Cookie cookie in responseLogin.Cookies)
    {
        cookieJar.Add(new Cookie(cookie.Name.Trim(), cookie.Value.Trim(), cookie.Path, cookie.Domain));
        richTextBox2.Text += cookie.Name.ToString() + Environment.NewLine + cookie.Value.ToString() + Environment.NewLine + cookie.Path.ToString() + Environment.NewLine + cookie.Domain.ToString();
    }

    if (strResponse.Contains("Log On Successful") || strResponse.Contains("already has a webseal session"))
    {
        foreach (Control cont in this.Controls)
        {
            cont.Visible = true;
        }
        loginPanel.SendToBack();
        loginPanel.Visible = false;
    }
    else
    {
        MessageBox.Show("Login failed.");
    }
}

当用户点击“运行”按钮以启动对消费者账户的测试时,将运行此函数。

private string runTestRequest(Uri url, string parameters)
{
    string testResults = string.Empty;
    HttpWebRequest runTest = (HttpWebRequest)WebRequest.Create(url);
    runTest.CookieContainer = cookieJar;
    runTest.Method = "POST";
    runTest.ContentType = "application/x-www-form-urlencoded";
    StreamWriter stOut = new StreamWriter(runTest.GetRequestStream(), System.Text.Encoding.ASCII);
    stOut.Write(parameters);
    stOut.Close();
    StreamReader stIn = new StreamReader(runTest.GetResponse().GetResponseStream());
    testResults = stIn.ReadToEnd();
    stIn.Close();
    return testResults;
}

当然,这是我的cookie容器对象

public CookieContainer cookieJar = new CookieContainer();

P.S.: 网络请求的域名不同。第一个是abc.com,第二个是123.com。唯一的问题是第一个域名(即登录)是内部Web应用程序(如123.com)的全局登录,那么我该如何使用来自第一个域名的登录会话与第二个域名进行通信?

请协助我找出错误所在。

没有访问这两个网站并查看它们如何处理会话,我会假设第一个传递一个令牌给第二个,以确认它已被授权和接受。你是否有未看到的URL转发或其他情况?我还建议使用Firefox/TamperData查看所有交易,并查看您是否实际上正在复制它执行的所有操作。另外,我怀疑cookie是令牌,尽管我可能错了,因为这将是一种XSS攻击。肯定有一些post/get数据正在被传递。 - Brad Christie
2个回答
1
string url = "http://www.ABC/MemberShip/Login.aspx";// HttpContext.Current.Request.Url.AbsoluteUri.ToString().Replace("AutoLogin", "Login");
CookieContainer myCookieContainer = new CookieContainer();
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.CookieContainer = myCookieContainer;
request.Method = "GET";
request.KeepAlive = false;

HttpWebResponse response = request.GetResponse() as HttpWebResponse;

System.IO.Stream responseStream = response.GetResponseStream();
System.IO.StreamReader reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
string srcString = reader.ReadToEnd();

// get the page ViewState                
string viewStateFlag = "id=\"__VIEWSTATE\" value=\"";
int i = srcString.IndexOf(viewStateFlag) + viewStateFlag.Length;
int j = srcString.IndexOf("\"", i);
string viewState = srcString.Substring(i, j - i);

// get page EventValidation                
string eventValidationFlag = "id=\"__EVENTVALIDATION\" value=\"";
i = srcString.IndexOf(eventValidationFlag) + eventValidationFlag.Length;
j = srcString.IndexOf("\"", i);
string eventValidation = srcString.Substring(i, j - i);

string submitButton = "LoginButton";

// UserName and Password
string userName = "userid";
string password = "password";
// Convert the text into the url encoding string
viewState = System.Web.HttpUtility.UrlEncode(viewState);
eventValidation = System.Web.HttpUtility.UrlEncode(eventValidation);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);

// Concat the string data which will be submit
string formatString =
         "txtUserName={0}&txtPassword={1}&btnSignIn={2}&__VIEWSTATE={3}&__EVENTVALIDATION={4}";
string postString =
         string.Format(formatString, userName, password, submitButton, viewState, eventValidation);

// Convert the submit string data into the byte array
byte[] postData = Encoding.ASCII.GetBytes(postString);

// Set the request parameters
request = WebRequest.Create(url) as HttpWebRequest;
request.Method = "POST";
request.Referer = url;
request.KeepAlive = false;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; CIBA)";
request.ContentType = "application/x-www-form-urlencoded";
request.CookieContainer = myCookieContainer;
System.Net.Cookie ck = new System.Net.Cookie("TestCookie1", "Value of test cookie");
ck.Domain = request.RequestUri.Host;
request.CookieContainer.Add(ck);
request.CookieContainer.Add(response.Cookies);

request.ContentLength = postData.Length;

// Submit the request data
System.IO.Stream outputStream = request.GetRequestStream();
request.AllowAutoRedirect = true;
outputStream.Write(postData, 0, postData.Length);
outputStream.Close();


// Get the return data
response = request.GetResponse() as HttpWebResponse;
responseStream = response.GetResponseStream();
reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
srcString = reader.ReadToEnd();
Response.Write(srcString);
Response.End();
没有实现IDisposable()接口的对象会被自动释放。 - Eric J.
1
我发现问题出在它重定向到同一个域名下的子域名(123.com)上使用登录。显然,他们在多个域上构建了这个全局登录系统以传递 cookies。上面的代码确实有效,现在我已经让它工作了。谢谢!
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接