C＃的Web客户端返回403禁止 [英] c# webclient returns 403 forbidden

问题描述

我试图仿效接受交易报价在蒸汽的过程。我也问过蒸汽的支持，并说只要我不打乱他们的服务，其他球员被允许这个动作的确认。

I am trying to emulate the process of accepting a trade offer in steam. I have asked steam support and the confirm that this action is allowed as long as I do not disrupt their service to other players.

因此​​，这里的详细信息： 该URL接受交易的报价是 https://steamcommunity.com/tradeoffer/OfferID/accept

So here is the details: The URL for accepting a trade offer is https://steamcommunity.com/tradeoffer/OfferID/accept

下面是他们的ajax code，这样做

Here is their ajax code for doing so

return $J.ajax(
{
    url: 'https://steamcommunity.com/tradeoffer/' + nTradeOfferID + '/accept',
    data: rgParams,
    type: 'POST',
    crossDomain: true,
    xhrFields: { withCredentials: true }
}

下面是我的头跟踪使用IE10

Here is the headers i tracked using IE10

Request             POST /tradeoffer/xxxxxxx/accept HTTP/1.1
Accept              */*
Content-Type        application/x-www-form-urlencoded; charset=UTF-8
Referer             http://steamcommunity.com/tradeoffer/xxxxxxx/
Accept-Language     en-CA
Origin              http://steamcommunity.com
Accept-Encoding     gzip, deflate
User-Agent          Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host                steamcommunity.com
Content-Length      51
DNT                 1
Connection          Keep-Alive
Cache-Control       no-cache

在帖子正文：

The post body:

会话ID = SESSIONID和放大器; tradeofferid = OfferID

sessionid=SESSIONID&tradeofferid=OfferID

饼干：

Sent    sessionid                SessionID          
Sent    __utmc                   XXXXX              
Sent    steamLogin               XXXXX
Sent    webTradeEligibility      XXXXXXX
Sent    Steam_Language           XXXXXXX                    
Sent    timezoneOffset           XXXXXXXX                   
Sent    __utma                   XXXXXXXXXXXXX              
Sent    __utmz                   XXXXXXXXXXXXX              
Sent    steamMachineAuth         XXXXXXXXXXXXX                  
Sent    strInventoryLastContext  XXXXXXXXX                  
Sent    steamRememberLogin       XXXXXXXXXXXX                   
Sent    steamCC_XXXXXXXXXXXX     XXXXXXX                    
Sent    __utmb                   XXXXXXX                
Sent    tsTradeOffersLastRead    XXXXXXX

的请求的发起者是XMLHtt prequest

the initiator of the request is XMLHttpRequest

在我的code我做了

public bool AcceptOffer(string offerID)
{
    string path = "tradeoffer/" + offerID + "/";
    //Simulate the browser opening the trade offer window
    _steamWeb.Get(new Uri(WebAPI.SteamCommunity + path));
    NameValueCollection data = new NameValueCollection();
    data.Add("sessionid", _steamWeb.SessionID);
    data.Add("tradeofferid", offerID);

    string result = _steamWeb.Post(new Uri("https://steamcommunity.com/" + path + "accept"), data);

    return true;
}

_steamWeb包含一个用于做一个cookie意识到Web客户端的所有职务/ get请求

_steamWeb contains a cookie aware webclient which is used to do all the post/get requests

这里的codeS的部件饼干意识到Web客户端

here are parts of the codes for the cookie aware webclient

protected override WebRequest GetWebRequest(Uri address)
{
    HttpWebRequest request = base.GetWebRequest(address) as HttpWebRequest;

    if (request != null)
    request.CookieContainer = _cookieContainer;

    if (_lastPage != null)
        request.Referer = _lastPage;

        _lastPage = address.ToString();
        return request;
}

protected override WebResponse GetWebResponse(WebRequest request)
{
    WebResponse response = base.GetWebResponse(request);//403 exception here
    ReadCookies(response);
    return response;
}

下面是我设置标题

void SetCommonHeaders(Uri uri)
{
    _webClient.Headers[HttpRequestHeader.Accept] = "text/html, application/xhtml+xml, */*";
    _webClient.Headers[HttpRequestHeader.AcceptLanguage] = "en-CA";
    _webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded; charset=UTF-8";
    _webClient.Headers[HttpRequestHeader.UserAgent] = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
    _webClient.Headers[HttpRequestHeader.Host] = uri.Host;
    _webClient.Headers.Add("DNT", "1");
}

下面是我发送请求我的cookie头

here are my cookie headers of the request i am sending

sessionid=XXXX; 
steamMachineAuthXXXXX=XXXXXX; 
steamLogin=XXXXXXX; 
steamRememberLogin=XXXXXXXX; 
Steam_Language=english; 
webTradeEligibility=XXXXXXXXX; 
steamCC_XXXXX=CA; 
tsTradeOffersLastRead=XXXXXXXXX

我没有设置这些cookie manuelly，所有的人都用GET请求attened到steamcommunity.com

I did not set those cookies manuelly, all of them are attened by GET requests to steamcommunity.com

我是pretty的多发送同样的请求的浏览器，但我得到403禁止与我的职务。我试图将X-要求，随着= XMLHtt prequest头，但它并没有帮助。我看到他们正在做的Ajax调用一些凭证啄所以是我该做的事情太多我HttpWebRequest的帖子？谢谢

I am pretty much sending the same request as the browser, but I am getting 403 Forbidden with my post. I have tried to set the X-Requested-With = XMLHttpRequest header but it is not helping. I see they are doing some credential thingy in the ajax call so am I suppose to do something too in my HttpWebRequest posts? Thanks

推荐答案

问题解决了，有两件事情：

Problem solved, there are two things:

1. 在保持活动的头是不是被正确发送，由于.NET错误
2. 在我EN codeD的SessionID两次

这篇关于C＃的Web客户端返回403禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！