C# HttpWebRequest 不传递凭据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1702426/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HttpWebRequest not passing Credentials
提问by Russ Clark
I'm trying to use HTTPWebRequestto access a REST service, and am having problems passing credentials in, see code below. I've read that NetworkCredentialdoesn't support SSL, and I'm hitting an HTTPS site. Does anyone know of a class similar to NetworkCredentialthat does support SSL?
我正在尝试用于HTTPWebRequest访问 REST 服务,但在传入凭据时遇到问题,请参阅下面的代码。我读过NetworkCredential不支持 SSL,我正在访问 HTTPS 站点。有谁知道类似于NetworkCredential支持 SSL 的类?
Uri requestUri = null;
Uri.TryCreate("https://mywebserver/webpage", UriKind.Absolute, out requestUri);
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(requestUri);
NetworkCredential nc = new NetworkCredential("user", "password");
request.Credentials = nc;
request.Method = WebRequestMethods.Http.Get;
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
采纳答案by Darin Dimitrov
If your server uses NTLM authentication you may try this:
如果您的服务器使用 NTLM 身份验证,您可以尝试以下操作:
CredentialCache cc = new CredentialCache();
cc.Add(
new Uri("https://mywebserver/webpage"),
"NTLM",
new NetworkCredential("user", "password"));
request.Credentials = cc;
回答by David
Try setting request.PreAuthenticate to true.
尝试将 request.PreAuthenticate 设置为 true。
回答by Asbj?rn Ulsberg
What kind of authentication mechanism is protecting the web service? The credentials set on HttpWebRequestwill only be passed through HTTP's Authorizationheader via Basic, Digestor NTLM. So, if your web service is protected with WS-Security, the NetworkCredentialswill probably not be passed on to the authentication scheme at all, because WS-Securitydoesn't operate at the HTTP level.
什么样的身份验证机制正在保护 Web 服务?设置的凭据HttpWebRequest将仅通过 HTTP 的Authorization标头通过Basic、Digest或NTLM传递。因此,如果您的 Web 服务受 保护WS-Security,NetworkCredentials则可能根本不会将其传递给身份验证方案,因为WS-Security它不在 HTTP 级别运行。
What you should do is create a Web Service client proxy for the web service through the command line tool wsdl.exeor something similar. That will give you access to Web Service aware authentication schemes.
您应该做的是通过命令行工具wsdl.exe或类似工具为 Web 服务创建一个 Web 服务客户端代理。这将使您能够访问 Web 服务感知身份验证方案。
Update after comments:
评论后更新:
It seems like HttpWebRequestneeds to receive the WWW-Authenticatechallenge with a 401 Unauthorizedbefore it can authenticate properly over SSL. I guess there's two separate code paths in HttpWebRequestshandling regular HTTP traffic and encrypted HTTPS traffic. Anyway, what you should try, is:
似乎HttpWebRequest需要先接收WWW-Authenticate质询,401 Unauthorized然后才能通过 SSL 正确进行身份验证。我想在HttpWebRequests处理常规 HTTP 流量和加密 HTTPS 流量时有两个单独的代码路径。无论如何,您应该尝试的是:
- Execute an unauthenticated
HttpWebRequestto thehttps://.../URI. - Receive the
401 Unauthorizedresponse. - Execute the same request, now with both
Credentialsset (not sure ifPreAuthenticateshould betrueorfalse; test both). - You should now get
200 OKor whatever it is your Web Service responds with.
HttpWebRequest对https://.../URI执行未经身份验证的操作。- 接收
401 Unauthorized响应。 - 执行相同的请求,现在两者都
Credentials设置(不确定是否PreAuthenticate应该是true或false; 测试两者)。 - 您现在应该得到
200 OK或您的 Web 服务响应的任何内容。
Another option is to build the Authorizationheader yourself on the initial request:
另一种选择是Authorization根据初始请求自己构建标头:
string credentials = String.Format("{0}:{1}", username, password);
byte[] bytes = Encoding.ASCII.GetBytes(credentials);
string base64 = Convert.ToBase64String(bytes);
string authorization = String.Concat("Basic ", base64);
request.Headers.Add("Authorization", authorization);
回答by Ed Power
See if it shows up when you use the old-fashioned method:
用老式的方法看看有没有出现:
string credentials = Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes("user"+ ":" + "password"));
request.Headers.Add("Authorization", "Basic " + credentials);
