如何将 cookie 传递到外部 Web 浏览器?
我正在编写一个应用程序,需要打开浏览器窗口(可能只能使用 IE)来访问使用表单身份验证的网站。 诀窍在于,它们需要经过身份验证,以便节省时间,因为我们需要访问的站点数量巨大。 (最终我将在屏幕上抓取它们并处理数据......但我仍然需要使身份验证部分正常工作,以便他们可以在需要时点击进入真实站点。)
我已经让表单身份验证部分 正常工作,因为我可以使用 HttpWebRequest 获取 html 并将其传递到浏览器。 但是我无法将 cookie 传输到客户端浏览器,以便它可以访问实际网站。
我正在获取 System.Net.Cookies 进行身份验证,并尝试将它们复制到 System.Web.HttpCookies 并将其添加到 Response 对象中。 如果我在页面上放置链接或使用 Response.Redirect 访问网站,它不起作用,就像用户未经过身份验证一样。
有人知道我将如何实现这一目标吗?
这是当前的代码,以防更清楚:
Dictionary<string, string> formValues = new Dictionary<string, string>(4);
formValues.Add("txbUserName", "USERNAME");
formValues.Add("txbPassword", "PASSWORD");
formValues.Add("SubmitB", "Log In");
HttpWebRequest webRequest;
StreamReader responseReader;
string responseData;
//This authenticates an HttpWebRequest and returns it
webRequest = FormsAuthHttpWebRequest.Create("REQUESTURI", "LOGINURI",
formValues) as HttpWebRequest;
responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
responseData = responseReader.ReadToEnd();
responseReader.Close();
foreach (Cookie cookie in webRequest.CookieContainer.GetCookies(new Uri("SITEURI")))
{
HttpCookie httpCookie = new HttpCookie(cookie.Name, cookie.Value)
{
Domain = cookie.Domain,
Expires = cookie.Expires,
Path = cookie.Path,
HttpOnly = cookie.HttpOnly,
Secure = cookie.Secure
};
Response.Cookies.Add(httpCookie);
}
Response.Redirect("REQUESTURI");
I'm writing an application that will need to open up browser windows (probably can stick to IE) to websites that use Forms Authentication. The trick is that they need to be authenticated already, in order to save time due to the sheer number of sites we need to get into. (Eventually I'll be screen scraping them and processing the data... but I'll still need to get the authentication piece working so they can click through to the real site when needed.)
I've got the Forms Authentication piece working, in that I can use an HttpWebRequest to get the html and just pass it through to the browser. However I can't get it to transfer the cookies to the client browser so that it can go to the actual website.
I'm getting the System.Net.Cookies for the authentication, and I've tried copying them into System.Web.HttpCookies and adding those to the Response object. If I put a link on the page or use Response.Redirect to go to the website it doesn't work, it acts as if the user is not authenticated.
Anyone have any idea how I would pull this off?
Here's the current code, in case that makes this more clear:
Dictionary<string, string> formValues = new Dictionary<string, string>(4);
formValues.Add("txbUserName", "USERNAME");
formValues.Add("txbPassword", "PASSWORD");
formValues.Add("SubmitB", "Log In");
HttpWebRequest webRequest;
StreamReader responseReader;
string responseData;
//This authenticates an HttpWebRequest and returns it
webRequest = FormsAuthHttpWebRequest.Create("REQUESTURI", "LOGINURI",
formValues) as HttpWebRequest;
responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
responseData = responseReader.ReadToEnd();
responseReader.Close();
foreach (Cookie cookie in webRequest.CookieContainer.GetCookies(new Uri("SITEURI")))
{
HttpCookie httpCookie = new HttpCookie(cookie.Name, cookie.Value)
{
Domain = cookie.Domain,
Expires = cookie.Expires,
Path = cookie.Path,
HttpOnly = cookie.HttpOnly,
Secure = cookie.Secure
};
Response.Cookies.Add(httpCookie);
}
Response.Redirect("REQUESTURI");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不认为你能够做到这一点。 浏览器将忽略来自不属于与 cookie 关联的域的 Web 服务器的任何“Add-Cookie”标头。 这是 cookie 内置安全性的一部分 - 如果其他网站可以读取或写入另一个域的 cookie,那将是灾难性的(从安全和隐私角度来看)。
I don't think you're going to be able to do this. The browser is going to ignore any "Add-Cookie" headers from a web server that does not belong to the domain associated with the cookies. This is part of the built-in security for cookies - it would be catastrophic (from a security and privacy perspective) if other websites could read or write cookies for another domain.
我认为浏览器可能会因为即将发生的 Response.Redirect 而忽略响应标头中的 cookie。 我们最近遇到了这个问题,发现FF接受了cookie,但IE6&7不接受。
不过,我不确定我是否完全理解你想要做什么。 您是否尝试从站点 A 向浏览器发送实际上用于站点 B 的 cookie?
I think the browser may be ignoring the cookies in the response header because of the impending Response.Redirect. We ran into that issue recently, and discovered that FF accepted the cookies, but IE6&7 did not.
I'm not sure I understand exactly what you're trying to do, though. Are you attempting to send cookies from Site A to the browser that are actually meant for Site B?