通过 URI 将用户名和密码传递给 .NET HttpWebRequest 不起作用

发布于 2024-12-14 12:34:35 字数 1392 浏览 0 评论 0原文

运行以下代码:

var request = HttpWebRequest.Create("http://username:[email protected]/test-http-status-codes.asp?code=401");
var response = request.GetResponse();

...并使用 Wireshark 检查请求表明我的客户端未尝试授权(该 url 是一个简单的服务,始终返回 401)。

此代码在初始质询后发送授权标头:

var request = HttpWebRequest.Create("http://username:[email protected]/test-http-status-codes.asp?code=401");
request.Credentials = new NetworkCredential("username", "password");
var response = request.GetResponse();

使用 System.Uri 类没有效果。为什么url中传递的用户名和密码没有用于身份验证?

(我知道 这篇博客文章关于在没有初始挑战的情况下传递授权标头,但这不是当前的问题)

编辑我应该补充一点,解决这个问题相当容易这个限制,对于这段代码的示例(添加 url 未转义的口味),我只是好奇为什么你必须这样做:

var userInfo = request.Address.UserInfo;
if (!string.IsNullOrEmpty(userInfo) && userInfo.Contains(':'))
{
    request.Credentials = new NetworkCredential(userInfo.Split(':').First(), userInfo.Split(':').Last());
}

Running the following code:

var request = HttpWebRequest.Create("http://username:[email protected]/test-http-status-codes.asp?code=401");
var response = request.GetResponse();

... and inspecting the request using Wireshark reveals that no authorization is attempted by my client (the url is a simple service that will always return 401).

This code sends an authorization header after the initial challenge:

var request = HttpWebRequest.Create("http://username:[email protected]/test-http-status-codes.asp?code=401");
request.Credentials = new NetworkCredential("username", "password");
var response = request.GetResponse();

Using the System.Uri class has no effect. Why is the username and password passed in the url not used for authentication?

(I'm aware of this blog post on passing the authorization header without an initial challenge, but that is not the issue at hand)

EDIT I should add that it is fairly easy to work around this limitation, for example with this bit of code (add url un-escaping to taste), I'm just curious as to why you have to do this:

var userInfo = request.Address.UserInfo;
if (!string.IsNullOrEmpty(userInfo) && userInfo.Contains(':'))
{
    request.Credentials = new NetworkCredential(userInfo.Split(':').First(), userInfo.Split(':').Last());
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

原野 2024-12-21 12:34:35

HttpWebRequest 类不使用 Uri 中的凭据(每个 dotPeek)。

但是 FtpWebRequest 可以,这里是相关代码:

if (this.m_Uri.UserInfo != null && this.m_Uri.UserInfo.Length != 0)
  {
    string userInfo = this.m_Uri.UserInfo;
    string userName = userInfo;
    string password = "";
    int length = userInfo.IndexOf(':');
    if (length != -1)
    {
      userName = Uri.UnescapeDataString(userInfo.Substring(0, length));
      int startIndex = length + 1;
      password = Uri.UnescapeDataString(userInfo.Substring(startIndex, userInfo.Length - startIndex));
    }
    networkCredential = new NetworkCredential(userName, password);
  }

如您所见,它只是将其附加到凭据,因此您应该使用解析的 Uri 手动执行此操作

The HttpWebRequest class does not utilize the credentials in the Uri (per dotPeek).

But the FtpWebRequest does, here is the relevant code:

if (this.m_Uri.UserInfo != null && this.m_Uri.UserInfo.Length != 0)
  {
    string userInfo = this.m_Uri.UserInfo;
    string userName = userInfo;
    string password = "";
    int length = userInfo.IndexOf(':');
    if (length != -1)
    {
      userName = Uri.UnescapeDataString(userInfo.Substring(0, length));
      int startIndex = length + 1;
      password = Uri.UnescapeDataString(userInfo.Substring(startIndex, userInfo.Length - startIndex));
    }
    networkCredential = new NetworkCredential(userName, password);
  }

As you can see it just attaches it to credentials, so you should just do that instead manually with a parsed Uri

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文