从C#桌面应用程序到受Siteminder保护的服务器的HTTP请求 [英] HTTP request from a C# desktop application to a Siteminder-protected server
问题描述
我已经开发了一个 C#桌面应用程序,该应用程序向客户的服务器发出 HTTPS请求(通常是Documentum/SharePoint/Alfresco/NemakiWare/etc基于HTTPS服务器).
I have developed a C# desktop application which makes HTTPS requests to the customers' servers (usually Documentum/SharePoint/Alfresco/NemakiWare/etc HTTPS-based servers).
几个客户要求我们支持受 CA保护的服务器SSO ( Siteminder的新名称).
Several customers have asked us to support their servers which are protected by CA SSO (new name of Siteminder).
问题:我需要做些什么才能允许我的应用程序通过受CA SSO保护的服务器发送HTTPS请求(并接收响应)?
QUESTION: What do I need to do to allow my application to send HTTPS requests (and receive responses) with CA SSO-protected servers?
- 我已经为C#桌面应用程序开发了NTLM-SSO支持,并且运行良好,但是我不确定如何继续执行CA SSO.
- 我已经在CA论坛上问了相同的问题,但是像大多数问题一样,它仍然没有得到答案.
- I have developed NTLM-SSO support for our C# desktop application and it works well, but I am not sure about how to proceed for CA SSO.
- I have asked the same question on the CA forum, but like most questions there it remains unanswered.
推荐答案
要通过CA SSO进行身份验证,然后连接到所需的URL,我们需要访问配置为使用CA SSO身份验证的Web服务器上的受保护资源:
To authenticate with CA SSO and then connect to the desired URL we need to access a protected resource on a web server configured to use CA SSO authentication:
- 使用HTTP请求在服务器上请求资源.
- 该请求由Web服务器接收,并被CA SSO Web代理拦截.
- 网络代理确定资源是否受到保护,如果是,则收集用户的凭据并将其传递给策略服务器.
- 策略服务器根据策略存储中包含的规则和策略,对用户进行身份验证,并验证是否为请求的资源授权了经过身份验证的用户.
- 对用户进行身份验证和授权后,策略服务器将授予对受保护资源的访问权限.
这可以通过以下步骤完成:
This is accomplished with the following steps:
打开一个到受保护资源URI的连接(在这种情况下为HTTP请求).由于请求尚未经过身份验证,因此CA SSO代理将发出重定向到登录页面的操作.在代码中,AllowAutoRedirect设置为false.这很重要,因为在下面的第3步中,登录URL的后续POST将需要重定向URL.如果AllowAutoRedirect为True,则响应将不包含Location标头,随后的 POST 将对原始URL进行,然后原始URL将再次重定向到登录页面.但是,客户端和服务器之间会发生POST,在重定向期间,步骤3的请求的有效负载中携带的任何POST数据都会丢失.
Open a connection (HTTP request in this case) to the URI of the protected resource. Since the request has not yet been authenticated, the CA SSO agent will issue a redirect to a login page. In the code, AllowAutoRedirect is set to false. This is important as the redirect URL will be required for the subsequent POST of login data in step 3 below. If AllowAutoRedirect were True, the response would not include a Location header and the subsequent POST would be made to the original URL, which would then redirect to the login page again. However, a POST occurs between a client and the server, any POST data carried in the payload of the request of step 3 will be lost during the redirect.
Dim request As HttpWebRequest
Dim response As HttpWebResponse
Dim url As String = PROTECTED_URL
request = WebRequest.Create(url)
request.AllowAutoRedirect = False
response = request.GetResponse
' make sure we have a valid response
If response.StatusCode <> HttpStatusCode.Found Then
Throw New InvalidProgramException
End If
' get the login page
url = response.Headers("Location")
request = WebRequest.Create(url)
request.AllowAutoRedirect = False
response = request.GetResponse
下一步是创建一个HTTPS请求,该请求将所有表单数据(包括用户ID和密码)POST回服务器.身份验证代理的目的是通过验证用户的用户名和密码来验证用户的身份.因此,它们的URL自然使用SSL(安全套接字层)并为我们加密,因此我们在程序中不需要进一步加密.但是,POST数据的格式很有趣,有两种选择.该示例程序使用更简单的方法将内容类型设置为application/x-www-form-urlencoded.此处的POST数据的格式类似于查询字符串,并作为下一个请求的一部分发送.
The next step involves creating an HTTPS request that POSTs all the form data, including userid and password, back to the server. The purpose of an authentication agent is to verify a user’s identity by validating their userid and password. Thus, their URLs naturally use SSL (secure sockets layer) and are encrypted for us, so we do not required further encryption in our program. However, the formatting of the POST data is interesting in as much as there are two alternatives. The sample program uses the simpler approach of setting the content type to application/x-www-form-urlencoded. Here the POST data is formatted similar to a query string and sent as part of the next request.
Dim postData As String
postData = ""
For Each inputName As String In tags.Keys
If inputName.Substring(0, 2).ToLower = "sm" Then
postData &= inputName & "=" & _
HttpUtility.UrlEncode(tags(inputName)) & "&"
End If
Next
postData += "postpreservationdata=&"
postData += "USER=" + HttpUtility.UrlEncode(USERNAME) & "&"
postData += "PASSWORD=" + HttpUtility.UrlEncode(PASSWORD)
request = WebRequest.Create(url)
cookies = New CookieContainer
request.CookieContainer = cookies
request.ContentType = FORM_CONTENT_TYPE
request.ContentLength = postData.Length
request.Method = POST_METHOD
request.AllowAutoRedirect = False ' Important
Dim sw As StreamWriter = New StreamWriter(request.GetRequestStream())
sw.Write(postData)
sw.Flush()
sw.Close()
response = request.GetResponse
这篇关于从C#桌面应用程序到受Siteminder保护的服务器的HTTP请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
