背景知识:我正在尝试将一个Android应用移植"到Windows Phone,该Windows Phone会调用非开放式Web API.由于该API未打开或未记录,因此我使用了Fiddler,运行该应用程序的android版本,并监听了它所做的API调用.
A bit of background: I'm trying to "port" an android app to Windows Phone that calls a non-open web API. Since the API is not open or documented, I used Fiddler, run the app's android version, and snooped the API calls it made.
我正在使用Windows.Web.Http.HttpClient作为选择的类,因为看起来这将是继续运行的类而不是System.Net.Http.HttpClient.
I'm using Windows.Web.Http.HttpClient as the class of choice since it seems like this will be the class moving on instead of System.Net.Http.HttpClient.
这是我用来生成HTTP POST请求的C#代码摘录:
Here's the C# code excerpt that I use to generate an HTTP POST request:
HttpBaseProtocolFilter _httpFilter = new HttpBaseProtocolFilter(); HttpClient _httpClient = new HttpClient(_httpFilter); _httpClient.DefaultRequestHeaders.AcceptEncoding.Clear(); _httpClient.DefaultRequestHeaders.Accept.TryParseAdd("application/xml"); _httpClient.DefaultRequestHeaders.AcceptLanguage.TryParseAdd("en"); _httpClient.DefaultRequestHeaders.Connection.TryParseAdd("Keep-Alive"); _httpClient.DefaultRequestHeaders.Add("message-version", "1"); _httpClient.DefaultRequestHeaders.UserAgent.TryParseAdd("Android|SAMSUNG- SGH-I337|3.3.1"); _httpClient.DefaultRequestHeaders.Cookie.TryParseAdd(cookie); //Some cookie values Uri uri = new Uri(SOMEURI); XDocument xd = new XDocument(STUFF_TO_BUILD_XML); string xd_str = string.Concat(xd.Declaration.ToString(), xd.ToString()); xd_str = xd_str.Replace("\r\n", string.Empty); xd_str = xd_str.Replace(" ", string.Empty); HttpRequestMessage req_msg = new HttpRequestMessage(HttpMethod.Post, uri); HttpStringContent strcnt = new HttpStringContent(xd_str); req_msg.Content = strcnt; req_msg.Content.Headers.ContentType = new Windows.Web.Http.Headers.HttpMediaTypeHeaderValue("text/xml; charset=UTF-8"); req_msg.Headers.Host = new Windows.Networking.HostName(SOMEHOSTNAME); HttpResponseMessage rsp_msg = await _httpClient.SendRequestAsync(req_msg);以下是Fiddler在使用我的代码进行API调用时看到的原始文本:
Here's the raw text Fiddler sees when making the API call using my code:
POST <HTTPS endpoint> HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip, deflate Host: <hostname> Cookie2: Version=1 Accept: application/xml message-version: 1 User-Agent: Android|SAMSUNG-SGH-I337|3.3.1 Accept-Language: en Content-Length: 173 Content-Type: text/xml; charset=UTF-8 Cache-Control: no-cache Cookie: STR1=VAL1; STR2=VAL2 <MESSAGE_IN_XML> --Response-- HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked Date: Fri, 03 Apr 2015 01:18:07 GMT 0以下是Fiddler在通过Android应用发出请求时看到的原始文本:
Here's the raw text Fiddler sees when making request via Android app:
POST <HTTPS endpoint> HTTP/1.1 Content-Type: text/xml; charset=UTF-8 Connection: Keep-Alive accept: application/xml user-agent: Android|SAMSUNG-SGH-I337|3.4 message-version: 1 Accept-Language: en Content-Length: 173 Host: <hostname> Cookie: STR1=VAL1; STR2=VAL2 Cookie2: $Version=1 <MESSAGE_IN_XML> --response-- HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 X-Frame-Options: SAMEORIGIN Content-Type: application/xml;charset=utf-8 Date: Fri, 03 Apr 2015 01:08:22 GMT Content-Length: 364 <MESSAGE_IN_XML>从Fiddler的输出中看到,我看到的唯一区别是标题,Accept-Encoding和Cache-Control条目.有没有办法不发送它们?还是我在这里想念东西?
See, from Fiddler's output, the only difference I see is in the header, the Accept-Encoding and Cache-Control entries. Is there a way to NOT send them? Or am I missing something here?
推荐答案您应该发送Authorization标头.
You are supposed to send the Authorization header.
示例:授权:基本àaaaaaaa
这将解决未经授权的问题.
That will resolve the unauthorized issue.
说明:
我们有几种方法可以保护向公众提供的服务.最常用的一种是通过授权标头将凭据从客户端应用程序传递到目标应用程序.
We have several ways to secure the service's that are made available to the public. The most commonly used one is to pass on the credentials from the client application to the target application via authorization headers.
授权标头由客户端添加到请求中.在C#中,我们通常使用AuthenticationHeaderValue
The authorization headers are added to the request by the client. In C#, we typically use AuthenticationHeaderValue
可以在这里找到样品.
leastprivilege/2012/03/14/asp-net-webapi-security-4-examples-for-various-authentication-scenarios/
更多推荐
通用应用程序HttpClient标头:如何禁用某些标头?
发布评论