如何在不使用C#进行任何身份验证的情况下使用WebAp2 [英] How to consume WebAp2 without any authentication in C#

问题描述

Dearl全部我是WebAPI2的新手.我想使用JSON格式的函数使用数据，但抛出错误 StatusCode:403，ReasonPhrase:"ModSecurity Action" .我可以直接从浏览器中使用，但不能从HttpClient中使用.没有实现安全性.

Dearl All I am new to WebAPI2. I want to consume data from a function in JSON format but throwing error StatusCode: 403, ReasonPhrase: 'ModSecurity Action'. I can consume directly from browser but can not from HttpClient. No security implemented.

在本地服务器上可以正常工作，但是在远程共享服务器上会出现上述错误.APIURL. http://api.owncircles.com/api/Circles/Education/Questions/getAns/2012460157

Working perfect on local server but above error throws on remote shared server. APIURL. http://api.owncircles.com/api/Circles/Education/Questions/getAns/2012460157

API功能代码.

[HttpGet()]
[AllowAnonymous]
[Route("~/api/Circles/Education/Questions/getAns/{quesID}")]
public IHttpActionResult getAns(string quesID)
{
    IQuestions objQuestion = Questions.getInatance();
    var qtn = objQuestion.getAns(quesID);
    return Json(qtn);
}

客户端

[AllowAnonymous]
public async Task<ActionResult> checkAns(string id)
{
    string url = common.apiURL + "Circles/Education/Questions/getAns/"+id;
    //HttpClient client = new HttpClient(new HttpClientHandler() {UseDefaultCredentials = true });
    HttpClient client = new HttpClient();

    // client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(Constants.));  
    // client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("");  
    // client.DefaultRequestHeaders.Authorization = null;
    client.BaseAddress = new Uri(url);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    ent_QuestionsDetails Questions = null;
    var response = await client.GetAsync(url);
    if (response.IsSuccessStatusCode)
    {
        Questions = response.Content.ReadAsAsync<ent_QuestionsDetails>().Result;
    }
    OC.Models.mod_Questions objModel = new OC.Models.mod_Questions();
    objModel.questionID = Questions.questionID;
    objModel.questions = Questions.questions;
    objModel.questionOptions = Questions.questionOptions;
    return View(objModel);
}

推荐答案

似乎是您的用户代理，如果省略了该请求，该请求将被拒绝.如果您模仿标头中的chrome用户代理值，则请求将成功.这是一个独立的工作示例:

It seems its your user agent, when this is omitted the request is rejected. If you mimic the chrome user agent value in the header the request will succeed. Here is a self contained working example:

请注意，此示例不使用等待/异步，因为它已在控制台应用程序中进行了测试

using (HttpClient client = new HttpClient())
{
    client.BaseAddress = new Uri("http://api.owncircles.com/");
    client.DefaultRequestHeaders.Clear();
    client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
    client.DefaultRequestHeaders.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36");

    var result = client.GetAsync("api/Circles/Education/Questions/getAns/2012460157").Result;

    if(result.IsSuccessStatusCode)
        Console.Write(result.Content.ReadAsStringAsync().Result);
    else
        Console.Write("fail");
}

话虽这么说，但我不知道您在用户代理上对API服务器端进行哪种检查会拒绝请求.

That being said I do not know what kind of check you have API server side on the user agent that it would reject a request.

这篇关于如何在不使用C#进行任何身份验证的情况下使用WebAp2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！