C# WebRequest - HTTP:403 禁止访问(POST 中缺少“_xsrf”参数)
C# WebRequest - HTTP: 403 Forbidden ('_xsrf' argument missing from POST)
我被困在这里,无法从 HTTPWebRequest 获得 WebResponse。
WebRequest.GetResponse() 方法抛出 WebException
("500 Internal Server Error")。当我阅读返回的 HTML 时,它说:
HTTP 403: Forbidden ('_xsrf' argument missing from POST)
有人知道这个错误或知道我做错了什么吗?
(我正在尝试使用 POST 登录网站)
编辑:
我的源代码:
private String GetLoginCookies(String pHTTPurl, String pUserIDwithFormID, String pPasswordWithFormID)
{
String loginPageUrl = pHTTPurl;
CookieContainer cookieContainer = new CookieContainer();
var Request = (HttpWebRequest)WebRequest.Create(loginPageUrl);
Request.CookieContainer = cookieContainer;
Request.Method = "GET";
WebResponse Response = Request.GetResponse();
HttpWebResponse HttpResponse = Response as HttpWebResponse;
CookieCollection cookies = null;
if (HttpResponse != null)
{
//Cookies die benötigt werden um den Loginvorgang abzuschließen
cookies = HttpResponse.Cookies;
}
string formParams = string.Format(pUserIDwithFormID + "&" + pPasswordWithFormID);
Request = (HttpWebRequest)WebRequest.Create(loginPageUrl);
Request.CookieContainer = cookieContainer;
Request.UserAgent = "I am not a Bot! Ok maybe..";
WebResponse resp = null;
Request.ContentType = "application/x-www-form-urlencoded";
Request.Method = "POST";
byte[] bytes = Encoding.ASCII.GetBytes(formParams);
Request.ContentLength = bytes.Length;
using (Stream os = Request.GetRequestStream())
{
os.Write(bytes, 0, bytes.Length);
}
try
{
resp = Request.GetResponse();
using (StreamReader sr = new StreamReader(resp.GetResponseStream()))
{
String TestResponse = sr.ReadToEnd();
}
}
catch (WebException WE)
{
DebugConsole.AppendText("HTTP Error:" + WE.Message + Environment.NewLine);
String HTML = new StreamReader(WE.Response.GetResponseStream()).ReadToEnd();
DebugConsole.AppendText(HTML);
return null;
}
String cookieHeader = resp.Headers["Set-cookie"];
if (String.IsNullOrEmpty(cookieHeader))
return null;
else
return cookieHeader;
}
这其实是因为web方法需要反csrf(跨站请求伪造,更多信息在这里:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))验证参数。您可以做的是将 csrf 值附加到请求 header:
postHeaders.Add("X-CSRFToken", CSRF);
如果您需要任何帮助,也许您可以在此处粘贴您的源代码,这样我们就可以照顾它
好的!找到解决方案!
得到 Log-In 站点的响应后,在 "Set-cookie" Header 中搜索 _xsrf。这是您必须放入下一个 POST 请求的 header 中的令牌。
我被困在这里,无法从 HTTPWebRequest 获得 WebResponse。
WebRequest.GetResponse() 方法抛出 WebException
("500 Internal Server Error")。当我阅读返回的 HTML 时,它说:
HTTP 403: Forbidden ('_xsrf' argument missing from POST)
有人知道这个错误或知道我做错了什么吗?
(我正在尝试使用 POST 登录网站)
编辑: 我的源代码:
private String GetLoginCookies(String pHTTPurl, String pUserIDwithFormID, String pPasswordWithFormID)
{
String loginPageUrl = pHTTPurl;
CookieContainer cookieContainer = new CookieContainer();
var Request = (HttpWebRequest)WebRequest.Create(loginPageUrl);
Request.CookieContainer = cookieContainer;
Request.Method = "GET";
WebResponse Response = Request.GetResponse();
HttpWebResponse HttpResponse = Response as HttpWebResponse;
CookieCollection cookies = null;
if (HttpResponse != null)
{
//Cookies die benötigt werden um den Loginvorgang abzuschließen
cookies = HttpResponse.Cookies;
}
string formParams = string.Format(pUserIDwithFormID + "&" + pPasswordWithFormID);
Request = (HttpWebRequest)WebRequest.Create(loginPageUrl);
Request.CookieContainer = cookieContainer;
Request.UserAgent = "I am not a Bot! Ok maybe..";
WebResponse resp = null;
Request.ContentType = "application/x-www-form-urlencoded";
Request.Method = "POST";
byte[] bytes = Encoding.ASCII.GetBytes(formParams);
Request.ContentLength = bytes.Length;
using (Stream os = Request.GetRequestStream())
{
os.Write(bytes, 0, bytes.Length);
}
try
{
resp = Request.GetResponse();
using (StreamReader sr = new StreamReader(resp.GetResponseStream()))
{
String TestResponse = sr.ReadToEnd();
}
}
catch (WebException WE)
{
DebugConsole.AppendText("HTTP Error:" + WE.Message + Environment.NewLine);
String HTML = new StreamReader(WE.Response.GetResponseStream()).ReadToEnd();
DebugConsole.AppendText(HTML);
return null;
}
String cookieHeader = resp.Headers["Set-cookie"];
if (String.IsNullOrEmpty(cookieHeader))
return null;
else
return cookieHeader;
}
这其实是因为web方法需要反csrf(跨站请求伪造,更多信息在这里:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))验证参数。您可以做的是将 csrf 值附加到请求 header:
postHeaders.Add("X-CSRFToken", CSRF);
如果您需要任何帮助,也许您可以在此处粘贴您的源代码,这样我们就可以照顾它
好的!找到解决方案!
得到 Log-In 站点的响应后,在 "Set-cookie" Header 中搜索 _xsrf。这是您必须放入下一个 POST 请求的 header 中的令牌。