如何发送新请求以使用新访问令牌重定向 URL
How to send new request to redirect URL with new access token
我被要求创建一个简单的 MVC 网页来帮助我们的安全官测试我们的一个网站。
该页面允许用户在尝试访问 URL 之前输入新 ID 和新访问令牌。安全人员拥有有效的凭据,并且能够通过名为 Zap 的工具获取他的访问令牌。
我总是从服务器得到相同的响应:
"Response status code does not indicate success: 401"
我做错了什么?
public async Task<IActionResult> AOFun(RequestValues requestValues)
{
try
{
string id = requestValues.id;
string accessToken = requestValues.accessToken;
string url =
@"https://companyDomain/api/api/pl/redirect-url?&vendorSystem=false&action=5&id={{idValue}}&app=ONE"
.Replace("{{idValue}}", id);
using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, url))
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var responseData = await client.SendAsync(requestMessage);
responseData.EnsureSuccessStatusCode();
var responseString = await responseData.Content.ReadAsStringAsync();
ResponseModel rm = JsonConvert.DeserializeObject<ResponseModel>(responseString);
ViewBag.ResponseString = rm.url;
}
}
catch (Exception ex)
{
ViewBag.ResponseString = "error: " + ex.Message;
}
return View("Index");
}
编辑以显示 POSTMAN 的回复
{
"status": 401,
"code": 5001,
"message": "There was a problem processing this request. We are sorry for the inconvenience. Please contact the Help Desk or try again later.",
"htmlMessage": "There was a problem processing this request. We are sorry for the inconvenience. Please contact the Help Desk at 1-800-000-0000 or try again later.",
"link": "http://www.companyDomain.com",
"developerMessage": "IGNORE_STACK_TRACE:pl/redirect-url"
}
邮递员请求headers:
var client = new
RestClient("https://agentsonly.msagroup.com/api/api/pl/redirect-url?vendorSystem=false&action=5&id=920287945119&app=ONE&=");
var request = new RestRequest(Method.GET);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("Connection", "keep-alive");
request.AddHeader("Accept-Encoding", "gzip, deflate");
request.AddHeader("Host", "agentsonly.msagroup.com");
request.AddHeader("Postman-Token", "e27138a6-425c-4d11-a09a-0625daeb22a3,8439731b-3dad-464c-9b86-0655da31ead7");
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Accept", "*/*");
request.AddHeader("User-Agent", "PostmanRuntime/7.15.2");
request.AddHeader("Authorization", "Bearer 965c59f9-3f06-370d-8980-764576136e4e");
IRestResponse response = client.Execute(request);
邮递员回复headers:
问题不在于 AOFun 操作中的代码 - 请求永远不会到达那里。
响应表明您的请求未通过身份验证 - 可能您使用的令牌已过期。所以你必须开始一个新的 session 并登录以生成一个新的令牌。然后将新令牌放入 header 到 AOFun 请求..
更新后的控制器方法如下。对于这个站点,我不应该使用 Bearer 令牌。我必须发送要应用的令牌的用户 ID。
public async Task<IActionResult> AOFun(RequestValues requestValues)
{
try
{
ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
string userID = requestValues.userId;
string id = requestValues.id;
string accessToken = requestValues.accessToken;
string url =
@"https://companydomain.com/api/api/pl/redirect-url?&vendorSystem=false&action=5&id={{idValue}}&app=ONE"
.Replace("{{idValue}}", id);
using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, url))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("userId", userID);
client.DefaultRequestHeaders.Add("access_token", accessToken);
var responseData = await client.SendAsync(requestMessage);
responseData.EnsureSuccessStatusCode();
var responseString = await responseData.Content.ReadAsStringAsync();
ResponseModel rm = JsonConvert.DeserializeObject<ResponseModel>(responseString);
ViewBag.ResponseString = rm.url;
}
}
catch (Exception ex)
{
ViewBag.ResponseString = "error: " + ex.Message;
}
return View("Index");
}
我被要求创建一个简单的 MVC 网页来帮助我们的安全官测试我们的一个网站。
该页面允许用户在尝试访问 URL 之前输入新 ID 和新访问令牌。安全人员拥有有效的凭据,并且能够通过名为 Zap 的工具获取他的访问令牌。
我总是从服务器得到相同的响应: "Response status code does not indicate success: 401"
我做错了什么?
public async Task<IActionResult> AOFun(RequestValues requestValues)
{
try
{
string id = requestValues.id;
string accessToken = requestValues.accessToken;
string url =
@"https://companyDomain/api/api/pl/redirect-url?&vendorSystem=false&action=5&id={{idValue}}&app=ONE"
.Replace("{{idValue}}", id);
using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, url))
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var responseData = await client.SendAsync(requestMessage);
responseData.EnsureSuccessStatusCode();
var responseString = await responseData.Content.ReadAsStringAsync();
ResponseModel rm = JsonConvert.DeserializeObject<ResponseModel>(responseString);
ViewBag.ResponseString = rm.url;
}
}
catch (Exception ex)
{
ViewBag.ResponseString = "error: " + ex.Message;
}
return View("Index");
}
编辑以显示 POSTMAN 的回复
{
"status": 401,
"code": 5001,
"message": "There was a problem processing this request. We are sorry for the inconvenience. Please contact the Help Desk or try again later.",
"htmlMessage": "There was a problem processing this request. We are sorry for the inconvenience. Please contact the Help Desk at 1-800-000-0000 or try again later.",
"link": "http://www.companyDomain.com",
"developerMessage": "IGNORE_STACK_TRACE:pl/redirect-url"
}
邮递员请求headers:
var client = new
RestClient("https://agentsonly.msagroup.com/api/api/pl/redirect-url?vendorSystem=false&action=5&id=920287945119&app=ONE&=");
var request = new RestRequest(Method.GET);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("Connection", "keep-alive");
request.AddHeader("Accept-Encoding", "gzip, deflate");
request.AddHeader("Host", "agentsonly.msagroup.com");
request.AddHeader("Postman-Token", "e27138a6-425c-4d11-a09a-0625daeb22a3,8439731b-3dad-464c-9b86-0655da31ead7");
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Accept", "*/*");
request.AddHeader("User-Agent", "PostmanRuntime/7.15.2");
request.AddHeader("Authorization", "Bearer 965c59f9-3f06-370d-8980-764576136e4e");
IRestResponse response = client.Execute(request);
邮递员回复headers:
问题不在于 AOFun 操作中的代码 - 请求永远不会到达那里。
响应表明您的请求未通过身份验证 - 可能您使用的令牌已过期。所以你必须开始一个新的 session 并登录以生成一个新的令牌。然后将新令牌放入 header 到 AOFun 请求..
更新后的控制器方法如下。对于这个站点,我不应该使用 Bearer 令牌。我必须发送要应用的令牌的用户 ID。
public async Task<IActionResult> AOFun(RequestValues requestValues)
{
try
{
ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
string userID = requestValues.userId;
string id = requestValues.id;
string accessToken = requestValues.accessToken;
string url =
@"https://companydomain.com/api/api/pl/redirect-url?&vendorSystem=false&action=5&id={{idValue}}&app=ONE"
.Replace("{{idValue}}", id);
using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, url))
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("userId", userID);
client.DefaultRequestHeaders.Add("access_token", accessToken);
var responseData = await client.SendAsync(requestMessage);
responseData.EnsureSuccessStatusCode();
var responseString = await responseData.Content.ReadAsStringAsync();
ResponseModel rm = JsonConvert.DeserializeObject<ResponseModel>(responseString);
ViewBag.ResponseString = rm.url;
}
}
catch (Exception ex)
{
ViewBag.ResponseString = "error: " + ex.Message;
}
return View("Index");
}