如何使用 .net 查询 https 安全网址,例如 https://example.com/send.aspx?msg=hi
我搜索了SO和谷歌,在执行此操作时只看到了问题,不幸的是,对我来说,我的网址是银行短信系统的一部分,我所拥有的只是安全网址。我必须编写一个测试来推送消息,但由于我没有连接到银行 LAN,我无法测试或执行任何类型的跟踪和错误。
Url 如下所示:
https://example.com/send.aspx?msg=hi
我正在使用 C# 中的 Windows 窗体 .net4 应用程序。
如何使用 WebClient 使用上述网址进行 POST,或者还有其他方法。
从其他答案中我发现我需要银行人员的证书,或者是否有拒绝使用加密的选项。
更新 太棒了,多亏了尤金,我快到了。我使用网络客户端,喜欢这个答案 没用。我将我的代码更改为这个并且它起作用了:
static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(allowCert);
string url = "https://example.com/send.aspx?msg=hi";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream resStream = response.GetResponseStream();
StreamReader st = new StreamReader(resStream);
Console.WriteLine(st.ReadToEnd());
Console.ReadKey();
}
static bool allowCert(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
return true;
}
现在奖励积分为什么它以这种方式工作以及该代码在做什么?(它说“我不在乎证书允许什么”)
I searched SO and google and saw only problems while doing this, unfortunately for me, my url is part of a Banks text message system and all I've got is the secured url. I have to write a test to push a message through but since Im not connected to the banks LAN I cannot test or do any sort of trail and error.
Url looks like this:
https://example.com/send.aspx?msg=hi
I'm using a windows forms .net4 application in C#.
How do I POST with the above url using WebClient, or is there another way.
I figure from other answers I need a certificate from the bank guys or are there options to refuse to use encryption.
Update
Awesome, thanks to Eugene Im almost there. I used web client, like this answer it didn't work. I changed my code to this and it worked:
static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(allowCert);
string url = "https://example.com/send.aspx?msg=hi";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream resStream = response.GetResponseStream();
StreamReader st = new StreamReader(resStream);
Console.WriteLine(st.ReadToEnd());
Console.ReadKey();
}
static bool allowCert(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
return true;
}
Bonus points now for why it worked this way and what is this code doing?(It is saying "I don't care what the cert is allow it")
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果以上就是您所得到的全部内容,那么您不需要 POST。此类请求是使用 GET 方法(此处描述)。您将消息放在示例中的“hi”位置。请记住,您需要对消息文本进行编码以“屏蔽”任何可能被误解的“不安全”字符。最好的方法是将任何非字母数字字符替换为 %xx 形式的十六进制代码,其中 xx 是十六进制代码的两位数字。
IF the above is all that you have been given, then you don't need POST. Such request is performed using GET method (described here). You put the message in place of "hi" in your sample. Remember, that you need to encode the message text to "mask" any "unsafe" characters which can be misinterpreted. The best is to replace any non-alphanumeric character with it's hex code in %xx form, where xx are two digits of the hex code.
在更新问题时,您的要求并不明显。
HttpWebRequest 专门允许您向远程服务器发出 GET/POST/PUT/等请求。
对allowCert 的回调只是告诉.Net 不要费心验证证书链。证书无法验证的原因有多种,包括证书已过期,或者链中的其中一个证书已过期。另一个原因是发出调用的计算机不信任证书颁发机构。如果银行在没有使用知名 CA 来支持的情况下颁发自己的证书,则这是完全可能的。
就我个人而言,我不会信任无法验证的证书。如果这纯粹是为了测试应该没问题;但是,如果这是生产证书,那么我会开始与银行讨论此事。不幸的是,很多银行似乎并不了解安全性。
It's not readily apparent what you are asking for in the update to your question.
HttpWebRequest is there specifically to allow you to make GET/POST/PUT/etc requests to a remote server.
The callback to allowCert is simply telling .Net to not bother validating the certificate chain. There are several reasons why a certificate won't validate including it being out of date, or if one of the certs in the chain is out of date. Another reason is if the certificate authority isn't trusted by the machine making the call. Which is entirely possible if the bank issued their own cert without using a well known CA to back it.
Personally I wouldn't trust a cert that couldn't be validated. If this is purely for testing it ought to be ok; however, if this is a production cert then I'd start talking to the bank about it. Unfortunately a lot of banks don't seem to understand security.