为什么使用“new NetworkCredential(username, password)”对我的网站(来自 WinForms C# 应用程序)的基本身份验证不起作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1829609/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
why is use of "new NetworkCredential(username, password)" not working for Basic Authentication to my website (from a WinForms C# app)?
提问by Greg
I have a website that uses Basic Authentication (username/password).
我有一个使用基本身份验证(用户名/密码)的网站。
Why is the following code not working? When I run it the web application takes me to the login controller, whereas I'm expecting that it should already be authenticated given I'm populating the credentials. In other words I'm trying to confirm how, in .NET, I confirm my winforms HttpWebRequest so that it will automate the authentication process. I'm assumeing that NetworkCredential is the .net class that should do this? Or in .NET is there an expectation there is some manual two step process you have to implement yourself?
为什么下面的代码不起作用?当我运行它时,Web 应用程序将我带到登录控制器,而我期望它应该已经通过身份验证,因为我正在填充凭据。换句话说,我试图确认在 .NET 中如何确认我的 winforms HttpWebRequest,以便它自动执行身份验证过程。我假设 NetworkCredential 是应该执行此操作的 .net 类?或者在 .NET 中是否有一些手动的两步过程你必须自己实现?
Here is the code:
这是代码:
// Create a new webrequest to the mentioned URL.
var uri = new Uri("http://10.1.1.102:3000/download/sunset");
var myWebRequest = (HttpWebRequest)WebRequest.Create(uri);
myWebRequest.PreAuthenticate=true;
var networkCredential=new NetworkCredential("test", "asdfasdf");
myWebRequest.Credentials=networkCredential;
var myWebResponse = (HttpWebResponse)myWebRequest.GetResponse();
Console.Out.WriteLine("STATUS = " + myWebResponse.StatusCode);
var stream = myWebResponse.GetResponseStream();
var reader = new StreamReader(stream);
string text_read = reader.ReadToEnd();
Console.WriteLine(text_read);
DisplayHtml(text_read);
reader.Close();
stream.Close();
myWebResponse.Close();
Thanks
谢谢
采纳答案by Remus Rusanu
WebRequestdoes not send credentials unless challenged by the site. The site should first respond with 401 'Authorization Required' with an WWW-Authenticateheader; the WebRequestwill respond to the challenge with credentials, and the service should respond with the 200 Http content.
WebRequest除非受到站点的质疑,否则不会发送凭据。该站点应首先响应带有WWW-Authenticate标题的401 'Authorization Required' ;该WebRequest会与凭据应对挑战,服务应与200 HTTP内容作出回应。
Sounds like the site does not implement Basic auth properly (the spec says it should challenge first, to pass in the realm) which is a very common behavior. You can add the Basic authentication manually to the WebRequest.Headerscollection, which is what most developers end doing anyway.
听起来该站点没有正确实现基本身份验证(规范说它应该首先挑战,传入领域),这是一种非常常见的行为。您可以手动将基本身份验证添加到WebRequest.Headers集合中,大多数开发人员最终都会这样做。
回答by VladL
If someone is looking for the server side fix then just add
如果有人正在寻找服务器端修复程序,那么只需添加
HttpContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"MyRealm\"");
after you set the StatusCode = 401
设置 StatusCode = 401 后
