WinHTTP VBA后续请求不能使用以前的登录凭据吗? [英] WinHTTP VBA subsequent request cannot use the previous login credentials?
问题描述
我正在Access 2007 VBA中使用WinHTTP来获取一些需要 cookie登录凭据帐户的项目列表.
I'm using WinHTTP in Access 2007 VBA to fetch some list of items requiring a cookie login credential account.
首先,我通过 https://www.example.com/login.php 登录这个:
First I login through https://www.example.com/login.php with this:
Dim strCookie As String, strResponse As String, _
strUrl As String
'
Dim xobj As Object
'
Set xobj = New WinHttp.WinHttpRequest
'
strUrl = "https://www.example.com/login.php"
xobj.Open "POST", strUrl, False
xobj.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
xobj.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xobj.Send "username=johndoe2&password=mypassword"
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
strResponse 的内容表示我的登录正常,因为在此字符串中欢迎 johndoe2 . strCookie 保存成功登录后HTTP服务器返回的Set-Cookie.
The content of strResponse indicates that my login is OK, as johndoe2 is welcomed in this string. strCookie saves the Set-Cookie returned by the HTTP server after the successful login.
接下来,我需要获取一个仅由登录用户访问的机密页面: https://www .example.com/secret-contents.php .我使用先前的Set-Cookie标头 strCookie 将其重新发送到服务器:
Next I need to get a confidential page only accessible for a logged user: https://www.example.com/secret-contents.php. I do this, with previous Set-Cookie header strCookie, resent to the server:
'
' now try to get confidential contents:
'
strUrl = "https://www.example.com/secret-contents.php"
xobj.Open "GET", strUrl, False
xobj.SetRequestHeader "Cookie", strCookie
xobj.Send
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
不幸的是,它失败了,因为新的 strResponse 指示获取的内容不是必需的内容,而是登录页面.而且 strCookie 也已更改.
Unfortunately, it's failed, as the new strResponse indicates that the fetched content is not the required one, but rather again the login page. And also strCookie has changed.
此方法已经过测试,没有任何效果,因为它仅用于Windows/OS链接身份验证,例如著名的基本身份验证,NTLM,摘要和Kerberos身份验证,不适用于基于cookie的身份验证:
This has been tested and produces no effect, as it's only for Windows/OS linked authentication, such as the famous basic, NTLM, digest and Kerberos authentications, not for that based on cookie:
xobj.SetCredentials "johndoe2", "mypassword", 0
为了使用Set-Cookie,还可以将其他内容作为标头发送到远程服务器,以便使用先前认证的凭据?
What else to send as headers to the remote server other than Set-Cookie, in order to use the previously certified credential ?
服务器使用typo3 CMS框架.
The server uses typo3 CMS framework.
推荐答案
在这半天里,由于Alex K. , fiddler2 已打开进入HTTP标头世界的大门.我想分享今天对我有用的东西.
In this half day, I finally figured out how to use the previous login credential for subsequent requests, thanks to the help of Alex K., fiddler2 has opened the door to enter the HTTP headers's world. I would like to share what has worked for me today.
该工作包括2个步骤,即通过URL1登录,然后获取所需的凭据URL2的HTML内容.
The work consists of 2 steps, login via a URL1 and then fetch the HTML content of the credential required URL2.
Dim strCookie As String, strResponse As String, _
strUrl As String
'
Dim xobj As Object
'
Set xobj = New WinHttp.WinHttpRequest
'
strUrl = "https://www.example.com/login.php"
xobj.Open "POST", strUrl, False
xobj.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
xobj.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xobj.Send "username=johndoe2&password=mypassword"
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
2.获取受用户名/密码保护的URL2的内容:
'
' now try to get confidential contents:
'
strUrl = "https://www.example.com/secret-contents.php"
xobj.Open "GET", strUrl, False
'
' these 2 instructions are determining:
'
xobj.SetRequestHeader "Connection", "keep-alive"
xobj.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
'
xobj.SetRequestHeader "Cookie", strCookie
xobj.Send
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
在第二步中,有人注意到发送给HTTTP服务器的两个附加标头的使用:
One notices the usage of two additional headers sent to the HTTTP server in the second step:
连接",保持活动状态"
用户代理",我假装的导航器……"
没有它们,URL2将无法成功获取,相反,配置良好的网站会将您重定向到URL1,以再次进行身份验证.
without them the URL2 could not be successfully fetched, instead, a good configured website will redirect you to URL1 for authentication again.
总而言之,会话必须具有 keep-alive 连接,以便重新使用获得的登录凭据.
In one word, the session must have a keep-alive Connection in order to re-use the gained login credential.
这对于 http 和 https 协议无动于衷.
This works indifferently for the http and https protocols.
HTML登录输入字段名称取决于目标站点,此处为用户名和密码. 网站的构想者可以使用诸如 user , pass 之类的词语; loginuser , loginpass ; ...您可以通过查看登录表单的源代码轻松地弄清这一点.
The HTML login input field names depend on the target site, here username and password. The conceiver of the website may use such words as user, pass; loginuser, loginpass; ... you can easily figure this out by looking at the source code of the login form.
这篇关于WinHTTP VBA后续请求不能使用以前的登录凭据吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
