通用应用程序HttpClient标头:如何禁用某些标头? [英] Universal app HttpClient header: how to disable some of the headers?
问题描述
背景知识:我正在尝试将一个Android应用移植"到Windows Phone,该Windows Phone会调用非开放式Web API.由于该API未打开或未记录,因此我使用了Fiddler,运行该应用程序的android版本,并监听了它所做的API调用.
A bit of background: I'm trying to "port" an android app to Windows Phone that calls a non-open web API. Since the API is not open or documented, I used Fiddler, run the app's android version, and snooped the API calls it made.
我正在使用Windows.Web.Http.HttpClient作为选择的类,因为看起来这将是继续运行的类而不是System.Net.Http.HttpClient.
I'm using Windows.Web.Http.HttpClient as the class of choice since it seems like this will be the class moving on instead of System.Net.Http.HttpClient.
这是我用来生成HTTP POST请求的C#代码摘录:
Here's the C# code excerpt that I use to generate an HTTP POST request:
HttpBaseProtocolFilter _httpFilter = new HttpBaseProtocolFilter();
HttpClient _httpClient = new HttpClient(_httpFilter);
_httpClient.DefaultRequestHeaders.AcceptEncoding.Clear();
_httpClient.DefaultRequestHeaders.Accept.TryParseAdd("application/xml");
_httpClient.DefaultRequestHeaders.AcceptLanguage.TryParseAdd("en");
_httpClient.DefaultRequestHeaders.Connection.TryParseAdd("Keep-Alive");
_httpClient.DefaultRequestHeaders.Add("message-version", "1");
_httpClient.DefaultRequestHeaders.UserAgent.TryParseAdd("Android|SAMSUNG- SGH-I337|3.3.1");
_httpClient.DefaultRequestHeaders.Cookie.TryParseAdd(cookie); //Some cookie values
Uri uri = new Uri(SOMEURI);
XDocument xd = new XDocument(STUFF_TO_BUILD_XML);
string xd_str = string.Concat(xd.Declaration.ToString(), xd.ToString());
xd_str = xd_str.Replace("\r\n", string.Empty);
xd_str = xd_str.Replace(" ", string.Empty);
HttpRequestMessage req_msg = new HttpRequestMessage(HttpMethod.Post, uri);
HttpStringContent strcnt = new HttpStringContent(xd_str);
req_msg.Content = strcnt;
req_msg.Content.Headers.ContentType = new Windows.Web.Http.Headers.HttpMediaTypeHeaderValue("text/xml; charset=UTF-8");
req_msg.Headers.Host = new Windows.Networking.HostName(SOMEHOSTNAME);
HttpResponseMessage rsp_msg = await _httpClient.SendRequestAsync(req_msg);
以下是Fiddler在使用我的代码进行API调用时看到的原始文本:
Here's the raw text Fiddler sees when making the API call using my code:
POST <HTTPS endpoint> HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
Host: <hostname>
Cookie2: Version=1
Accept: application/xml
message-version: 1
User-Agent: Android|SAMSUNG-SGH-I337|3.3.1
Accept-Language: en
Content-Length: 173
Content-Type: text/xml; charset=UTF-8
Cache-Control: no-cache
Cookie: STR1=VAL1; STR2=VAL2
<MESSAGE_IN_XML>
--Response--
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Date: Fri, 03 Apr 2015 01:18:07 GMT
0
以下是Fiddler在通过Android应用发出请求时看到的原始文本:
Here's the raw text Fiddler sees when making request via Android app:
POST <HTTPS endpoint> HTTP/1.1
Content-Type: text/xml; charset=UTF-8
Connection: Keep-Alive
accept: application/xml
user-agent: Android|SAMSUNG-SGH-I337|3.4
message-version: 1
Accept-Language: en
Content-Length: 173
Host: <hostname>
Cookie: STR1=VAL1; STR2=VAL2
Cookie2: $Version=1
<MESSAGE_IN_XML>
--response--
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
X-Frame-Options: SAMEORIGIN
Content-Type: application/xml;charset=utf-8
Date: Fri, 03 Apr 2015 01:08:22 GMT
Content-Length: 364
<MESSAGE_IN_XML>
从Fiddler的输出中看到,我看到的唯一区别是标题,Accept-Encoding和Cache-Control条目.有没有办法不发送它们?还是我在这里想念东西?
See, from Fiddler's output, the only difference I see is in the header, the Accept-Encoding and Cache-Control entries. Is there a way to NOT send them? Or am I missing something here?
推荐答案
您应该发送Authorization标头.
You are supposed to send the Authorization header.
示例:授权:基本àaaaaaaa
这将解决未经授权的问题.
That will resolve the unauthorized issue.
说明:
我们有几种方法可以保护向公众提供的服务.最常用的一种是通过授权标头将凭据从客户端应用程序传递到目标应用程序.
We have several ways to secure the service's that are made available to the public. The most commonly used one is to pass on the credentials from the client application to the target application via authorization headers.
授权标头由客户端添加到请求中.在C#中,我们通常使用AuthenticationHeaderValue
The authorization headers are added to the request by the client. In C#, we typically use AuthenticationHeaderValue
可以在这里找到样品.
这篇关于通用应用程序HttpClient标头:如何禁用某些标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
