REST 服务的身份验证问题使用来自“WP8"应用程序的“HttpClient" [英] Problems with the authentication to a REST service use `HttpClient` from an `WP8` App

问题描述

我正在尝试将我的应用与一些需要身份验证的 Rest 服务连接起来，但我遇到了一些问题.我使用 HttpClient 类，它适用于不需要此身份验证(如登录或注册)的服务.我认为问题在于我需要在 AuthenticationHeaderValue 对象中指定一个架构，并且这个架构进入标题.标头的结果是这样的授权:授权a81b4974-f328-44e0-901a-95e29fb672aa:sKJQgOqJswCLHlibsMGRYZb/dlkyPzVnvs9uqqx5ToM="和服务器正在寻找的东西是Authorization: a81b4974-f328-44e0-901a-95e29fb672aa:sKJQgOqJswCLHlibsMGRYZb/dlkyPzVnvs9uqqx5ToM":sKJQgOqJswCLHlibsMGRYZb/dlkyPzVnvs9uqqx5ToM="这是我正在使用的代码:

I am trying to conect my app with some Rest services that requires authentication and I am having some problems. I using the HttpClient class and it works fine with the services that do not need this authentication like the login or the signup. I think that the problem is that I need to specify a schema in the AuthenticationHeaderValue object and this schema goes into the header. The result of the header is like this "Authorization: Authorization a81b4974-f328-44e0-901a-95e29fb672aa:sKJQgOqJswCLHlibsMGRYZb/dlkyPzVnvs9uqqx5ToM=" and what the server is looking for is something like "Authorization: a81b4974-f328-44e0-901a-95e29fb672aa:sKJQgOqJswCLHlibsMGRYZb/dlkyPzVnvs9uqqx5ToM=" Here is the code that I am using:

public async void addProject(string name) 
{
    string service = "/service/project/add";
    string serviceURL = "/pwpcloud"+service;
    StringBuilder parametersBuilder = new StringBuilder();

    parametersBuilder.Append("{\"name\":\"" + name + "\",");
    parametersBuilder.Append("\"description\":\"" + "projectDescription" + "\",");
    parametersBuilder.Append("\"sparsePath\":\"" + "fasdd" + "\",");
    parametersBuilder.Append("\"densePath\":\"" + "asdf" + "\",");
    parametersBuilder.Append("\"matchFormat\":\"" + "asdf" + "\",");
    parametersBuilder.Append("\"metadata\":\"" + "aaaaa" + "\",");
    parametersBuilder.Append("\"user\":\"" + mLoginData.getUserID() + "\"}");

    string parameters = parametersBuilder.ToString();

    HttpClient restClient = new HttpClient();
    restClient.BaseAddress = new Uri(mBaseURL);
    restClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    //falta la autenticacion
    setAuthorization(restClient, service, WEBSERVICE_REQUEST_TYPE_POST);
    HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, serviceURL);
    req.Content = new StringContent(parameters, Encoding.UTF8, "application/json");
    HttpResponseMessage response = null;
    string responseBodyAsText = "";
    try
    {
        response = await restClient.SendAsync(req);
        response.EnsureSuccessStatusCode();
        responseBodyAsText = await response.Content.ReadAsStringAsync();
    }
    catch (HttpRequestException e)
    {
        string ex = e.Message;
    }
}

public void setAuthorization(HttpClient request, string service, int reqType, string token, string userID)
{
    //Date OK
    string date = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ");

    //nonce OK
    Random random = new Random();
    String nonce = "";
    for (int i = 0; i < 5; i++)
    {
        string randomValue = (1111 + random.Next() % (9999 - 1111)).ToString();
        nonce = nonce + randomValue;
    }
    //type OK
    string type = "";
    if (reqType == WEBSERVICE_REQUEST_TYPE_GET)
    {
        type = "GET";
    }
    else
    {
        type = "POST";
    }

    //Authorization:
    string stringToHash = token + ":" + service + "," + type + "," + date + "," + nonce;
    string authorizationCrypted = encryptStringSHA256(stringToHash);
    //string authorization = userID + ":" + authorizationCrypted;
    request.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", string.Format("{0}:{1}", userID, authorizationCrypted));

    request.DefaultRequestHeaders.Add("x-rest-date", date);
    request.DefaultRequestHeaders.Add("nonce", nonce);
}
public static string encryptStringSHA256(string stringToEncrypt)
{
    var hash = new SHA256Managed();

    byte[] stringHash = StringToAscii(stringToEncrypt);
    byte[] encryptedString = hash.ComputeHash(stringHash);
    return Convert.ToBase64String(encryptedString);
}

//Metodo para convertir string a bytes ascii NO IMPLEMENTADO POR DEFECTO EN EL API DE WINDOWS PHONE
public static byte[] StringToAscii(string s)
{
    byte[] retval = new byte[s.Length];
    for (int ix = 0; ix < s.Length; ++ix)
    {
        char ch = s[ix];
        if (ch <= 0x7f) retval[ix] = (byte)ch;
        else retval[ix] = (byte)'?';
    }

    return retval;
}

感谢您的帮助.

推荐答案

我使用 HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Key",value) 方法解决了这个问题.这是代码:

I solved it using the HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Key",value) method. this is the code:

public void setAuthorization(HttpClient request, string service, int reqType, string token, string userID)
{
    //Date OK
    string date = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ");

    //nonce OK
    Random random = new Random();
    String nonce = "";
    for (int i = 0; i < 5; i++)
    {
        string randomValue = (1111 + random.Next() % (9999 - 1111)).ToString();
        nonce = nonce + randomValue;
    }
    //type OK
    string type = "";
    if (reqType == WEBSERVICE_REQUEST_TYPE_GET)
    {
        type = "GET";
    }
    else
    {
        type = "POST";
    }

    //Authorization:
    string stringToHash = token + ":" + service + "," + type + "," + date + "," + nonce;
    string authorizationCrypted = encryptStringSHA256(stringToHash);
    string authorization = userID + ":" + authorizationCrypted;
    request.DefaultRequestHeaders.TryAddWithoutValidation("x-rest-date", date);
    request.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authorization);
    request.DefaultRequestHeaders.TryAddWithoutValidation("nonce", nonce);
}

这篇关于REST 服务的身份验证问题使用来自“WP8"应用程序的“HttpClient"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！