HttpWebRequests在Authorization标头中发送无参数URI
我正在从.NET连接到Web服务,例如:
var request = (HttpWebRequest) WebRequest.Create(uri); request.Credentials = new NetworkCredential("usr", "pwd", "domain"); var response = (HttpWebResponse) request.GetResponse(); 授权标头如下所示:
Authorization: Digest username="usr",realm="domain",nonce="...", uri="/dir",algorithm="MD5",etc... ^^^^^^^^^^
服务器返回(400)错误请求。 Chrome或IE发送的标头如下:
Authorization: Digest username="usr", realm="domain", nonce="...", uri="/dir/query?id=1", algorithm=MD5, etc... ^^^^^^^^^^^^^^^^^^^^^
我们怀疑URI的不同导致Web服务拒绝400错误的请求。 是否有可能使HttpRequest发送包含完整URI的Authorization标头?
事实certificate, 摘要式身份validation相当容易实现。 通过我们自己的实现,我们能够使用完整的URI(包括参数)来生成MD5哈希。 这解决了问题。
如果将来有人遇到此问题,您可以调用解决方法,如:
var resultText = DigestAuthFixer.GrabResponse("/dir/index.html");
DigestAuthFixer类的代码:
public static class DigestAuthFixer { private static string _host = "http://localhost"; private static string _user = "Mufasa"; private static string _password = "Circle Of Life"; private static string _realm; private static string _nonce; private static string _qop; private static string _cnonce; private static DateTime _cnonceDate; private static int _nc; private static string CalculateMd5Hash( string input) { var inputBytes = Encoding.ASCII.GetBytes(input); var hash = MD5.Create().ComputeHash(inputBytes); var sb = new StringBuilder(); foreach (var b in hash) sb.Append(b.ToString("x2")); return sb.ToString(); } private static string GrabHeaderVar( string varName, string header) { var regHeader = new Regex(string.Format(@"{0}=""([^""]*)""", varName)); var matchHeader = regHeader.Match(header); if (matchHeader.Success) return matchHeader.Groups[1].Value; throw new ApplicationException(string.Format("Header {0} not found", varName)); } // http://en.wikipedia.org/wiki/Digest_access_authentication private static string GetDigestHeader( string dir) { _nc = _nc + 1; var ha1 = CalculateMd5Hash(string.Format("{0}:{1}:{2}", _user, _realm, _password)); var ha2 = CalculateMd5Hash(string.Format("{0}:{1}", "GET", dir)); var digestResponse = CalculateMd5Hash(string.Format("{0}:{1}:{2:00000000}:{3}:{4}:{5}", ha1, _nonce, _nc, _cnonce, _qop, ha2)); return string.Format("Digest username=\"{0}\", realm=\"{1}\", nonce=\"{2}\", uri=\"{3}\", " + "algorithm=MD5, response=\"{4}\", qop={5}, nc={6:00000000}, cnonce=\"{7}\"", _user, _realm, _nonce, dir, digestResponse, _qop, _nc, _cnonce); } public static string GrabResponse( string dir) { var url = _host + dir; var uri = new Uri(url); var request = (HttpWebRequest)WebRequest.Create(uri); // If we've got a recent Auth header, re-use it! if (!string.IsNullOrEmpty(_cnonce) && DateTime.Now.Subtract(_cnonceDate).TotalHours < 1.0) { request.Headers.Add("Authorization", GetDigestHeader(dir)); } HttpWebResponse response; try { response = (HttpWebResponse)request.GetResponse(); } catch (WebException ex) { // Try to fix a 401 exception by adding a Authorization header if (ex.Response == null || ((HttpWebResponse)ex.Response).StatusCode != HttpStatusCode.Unauthorized) throw; var wwwAuthenticateHeader = ex.Response.Headers["WWW-Authenticate"]; _realm = GrabHeaderVar("realm", wwwAuthenticateHeader); _nonce = GrabHeaderVar("nonce", wwwAuthenticateHeader); _qop = GrabHeaderVar("qop", wwwAuthenticateHeader); _nc = 0; _cnonce = new Random().Next(123400, 9999999).ToString(); _cnonceDate = DateTime.Now; var request2 = (HttpWebRequest)WebRequest.Create(uri); request2.Headers.Add("Authorization", GetDigestHeader(dir)); response = (HttpWebResponse)request2.GetResponse(); } var reader = new StreamReader(response.GetResponseStream()); return reader.ReadToEnd(); } }
我最近遇到了这个问题。 我无法从Andomar得到解决方法,无需进行一些微小的调整。 我提交了这些修改作为对Andomar答案的建议,但他们被TheTinMan和Lucifer毫不客气地拒绝了。 因为花了我和一些同事花了几个小时来计算这些,我相信其他人会需要这个我发布代码作为答案,让它可用。
这是经过调整的代码。 基本上需要一个“不透明”的头部变量,并且需要在GetDigestHeader中修复一些引号。
public static class DigestAuthFixer { private static string _host = "http://localhost"; private static string _user = "Mufasa"; private static string _password = "Circle Of Life"; private static string _realm; private static string _nonce; private static string _qop; private static string _cnonce; private static string _opaque; private static DateTime _cnonceDate; private static int _nc = 0; private static string CalculateMd5Hash( string input) { var inputBytes = Encoding.ASCII.GetBytes(input); var hash = MD5.Create().ComputeHash(inputBytes); var sb = new StringBuilder(); foreach (var b in hash) sb.Append(b.ToString("x2")); return sb.ToString(); } private static string GrabHeaderVar( string varName, string header) { var regHeader = new Regex(string.Format(@"{0}=""([^""]*)""", varName)); var matchHeader = regHeader.Match(header); if (matchHeader.Success) return matchHeader.Groups[1].Value; throw new ApplicationException(string.Format("Header {0} not found", varName)); } // http://en.wikipedia.org/wiki/Digest_access_authentication private static string GetDigestHeader( string dir) { _nc = _nc + 1; var ha1 = CalculateMd5Hash(string.Format("{0}:{1}:{2}", _user, _realm, _password)); var ha2 = CalculateMd5Hash(string.Format("{0}:{1}", "GET", dir)); var digestResponse = CalculateMd5Hash(string.Format("{0}:{1}:{2:00000000}:{3}:{4}:{5}", ha1, _nonce, _nc, _cnonce, _qop, ha2)); return string.Format("Digest username=\"{0}\", realm=\"{1}\", nonce=\"{2}\", uri=\"{3}\", " + "algorithm=MD5, response=\"{4}\", qop=\"{5}\", nc=\"{6:00000000}\", cnonce=\"{7}\", opaque=\"{8}\"", _user, _realm, _nonce, dir, digestResponse, _qop, _nc, _cnonce, _opaque); } public static string GrabResponse( string dir) { var url = _host + dir; var uri = new Uri(url); var request = (HttpWebRequest)WebRequest.Create(uri); // If we've got a recent Auth header, re-use it! if (!string.IsNullOrEmpty(_cnonce) && DateTime.Now.Subtract(_cnonceDate).TotalHours < 1.0) { request.Headers.Add("Authorization", GetDigestHeader(dir)); } HttpWebResponse response; try { response = (HttpWebResponse)request.GetResponse(); } catch (WebException ex) { // Try to fix a 401 exception by adding a Authorization header if (ex.Response == null || ((HttpWebResponse)ex.Response).StatusCode != HttpStatusCode.Unauthorized) throw; var wwwAuthenticateHeader = ex.Response.Headers["WWW-Authenticate"]; _realm = GrabHeaderVar("realm", wwwAuthenticateHeader); _nonce = GrabHeaderVar("nonce", wwwAuthenticateHeader); _qop = GrabHeaderVar("qop", wwwAuthenticateHeader); _opaque = GrabHeaderVar("opaque", wwwAuthenticateHeader); _nc = 0; _cnonce = new Random().Next(123400, 9999999).ToString(); _cnonceDate = DateTime.Now; var request2 = (HttpWebRequest)WebRequest.Create(uri); request2.Headers.Add("Authorization", GetDigestHeader(dir)); response = (HttpWebResponse)request2.GetResponse(); } var reader = new StreamReader(response.GetResponseStream()); return reader.ReadToEnd(); } }
看起来您需要安装此修补程序可能会帮助您:
http://support.microsoft.com/?kbid=924638
您的问题可能正在发生,因为当您使用HTTP适配器发布消息时,您无法将KeepAlive属性设置为false
还要确保将PreAuthenticate设置为true。