C# 中的 HttpWebRequest 和表单身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/640116/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HttpWebRequest and forms authentication in C#
提问by nixbakshi
I am a systems guy and currently doing a part time web development project so am pretty new to it. I am trying to write a http client for www.portapower.com.
我是一个系统人员,目前正在做一个兼职的网络开发项目,所以我对它很陌生。我正在尝试为 www.portapower.com 编写一个 http 客户端。
It will for certain items which are posted on the website and if they match a particular requirement it will print a message.
它将针对发布在网站上的某些项目,如果它们符合特定要求,它将打印一条消息。
While trying to access this page:
在尝试访问此页面时:
http://www.portapower.com/getbainfo.php?fclasscode=1&code=CB1831B.40H&fbrand=QUNFUg==
http://www.portapower.com/getbainfo.php?fclasscode=1&code=CB1831B.40H&fbrand=QUNFUg==
The website redirects me to a default register page:
该网站将我重定向到默认注册页面:
http://www.portapower.com/defaregit.php
http://www.portapower.com/defaregit.php
Here is a snippet of what I coded:
这是我编码的片段:
CookieContainer myContainer = new CookieContainer();
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create("http://www.portapower.com/" + urlpart);
request.Credentials = new NetworkCredential("****", "******");
request.CookieContainer = myContainer;
request.PreAuthenticate = true;
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();
Console.WriteLine(response.StatusCode);
Stream resStream = response.GetResponseStream();
Console.WriteLine(resStream.ToString());
I do have the username and password and it works fine when used from a browser. Please tell me if this a correct way to access a authenticated page.
我有用户名和密码,在浏览器中使用时效果很好。请告诉我这是否是访问经过身份验证的页面的正确方法。
采纳答案by casperOne
It depends on how the website is authenticating users. If they are using basic authentication or Windows authentication, then you can set the Credentialspropertyof the HttpWebRequestclassto the username/password/domain information and it should work.
这取决于网站如何验证用户。如果他们使用基本身份验证或Windows身份验证,那么你可以在设置Credentials属性的的HttpWebRequest类的用户名/密码/域的信息,它应该工作。
However, it sounds like you have to enter the username/password on the site, which means you are going to have to login to the site first. Looking at the main page, this is what I find in the <form>element that handles login:
但是,听起来您必须在网站上输入用户名/密码,这意味着您必须先登录该网站。查看主页,这是我在<form>处理登录的元素中找到的内容:
<form name="formlogin" method="post" action="./defalogin.php" >
<input name="emtext" type="text" id="emtext" size="12">
<input name="pstext" type="password" id="pstext" size="12">
<input type="submit" name="Submit" value="Logn in"
onClick="return logincheck()" >
</form>
I've included only the relevant portions.
我只包括了相关部分。
Given this, you have to go to the ./defalogin.phppage first with the HttpWebRequestand POST the emtextand pstextvalues. Also, make sure you set the CookieContainerpropertyto an instance of CookieContainer. When that call to POST returns, it's more than likely going to be populated with a cookie which you will have to send back to the site. Just keep setting the CookieContainerproperty on any subsequent HttpWebRequestinstances to that CookieContainerto make sure the cookies are passed around.
鉴于此,您必须./defalogin.php首先使用HttpWebRequest和 POSTemtext和pstext值转到页面。此外,请确保将该CookieContainer属性设置为CookieContainer. 当对 POST 的调用返回时,很可能会填充一个 cookie,您必须将其发送回站点。只需继续将CookieContainer任何后续HttpWebRequest实例的属性设置为该属性,CookieContainer以确保传递 cookie。
Then you would go to the page indicated in the link.
然后,您将转到链接中指示的页面。
Of concern is also the logincheckjavascript function, but looking at the script sources, it does nothing of note.
值得关注的还有logincheckjavascript 函数,但查看脚本源代码,它没有任何意义。
回答by NotMe
The NetworkCredential class is really for controlling regular windows credentials (NTLM, Kerberos, etc).
NetworkCredential 类实际上用于控制常规 Windows 凭据(NTLM、Kerberos 等)。
That site is a PHP site running on Apache, so I don't think they are using NTLM or kerberos.
该站点是在 Apache 上运行的 PHP 站点,因此我认为他们没有使用 NTLM 或 kerberos。
What you want to do is post some FORM fields to the site, then keep the cookie you get back. Make sure on subsequent requests you push the cookie back to the site so it knows you've already logged in.
您想要做的是将一些 FORM 字段发布到站点,然后保留您返回的 cookie。确保在后续请求中将 cookie 推送回站点,以便它知道您已经登录。
回答by Joe
You can't do it this way; the credentials you're passing can be used with a basic authentication scheme (i.e. where, in the browser, you get a username/password dialog popping up.) You'll have to simulate the entry of the data into that form and catch the login cookie and use that.
你不能这样做;您传递的凭据可以与基本身份验证方案一起使用(即,在浏览器中,您会弹出一个用户名/密码对话框。)您必须模拟将数据输入该表单并捕获登录cookie并使用它。
回答by missaghi
The credentials that you are passing is for windows authentication. You need to submit post data with data that mimics the submission of a form then captrue the session cookie set in the response ans use that cookie for future requests
您传递的凭据用于 Windows 身份验证。您需要使用模拟表单提交的数据提交发布数据,然后捕获响应中设置的会话 cookie,并将该 cookie 用于未来的请求
Take a look at this answer which has the code to do this:
看看这个答案,其中包含执行此操作的代码:
