我该怎么办摘要式身份验证与HttpWebRequest的？ [英] How can I do digest authentication with HttpWebRequest?

问题描述

若干条款（ 1 ，的2 ）我发现使这个看起来很容易的：

Various articles (1, 2) I discovered make this look easy enough:

WebRequest request = HttpWebRequest.Create(url);

var credentialCache = new CredentialCache();
credentialCache.Add(
  new Uri(url), // request url
  "Digest", // authentication type
  new NetworkCredential("user", "password") // credentials
);

request.Credentials = credentialCache;

不过，这仅适用于无网址URL参数。例如，我可以下载 http://example.com/test/xyz.html 就好了，但是当我试图下载 HTTP：/ /example.com/test?page=xyz ，结果是在服务器的日志（运行Apache 2.2）以下的400错误的请求消息：

However, this only works for URLs without URL parameters. For example, I can download http://example.com/test/xyz.html just fine, but when I attempt to download http://example.com/test?page=xyz, the result is a 400 Bad Request message with the following in the server's logs (running Apache 2.2):

Digest: uri mismatch - </test> does not match request-uri </test?page=xyz>

我的第一个想法是，消化规范要求URL参数，从摘要哈希删除 - 但去除传递到的URL参数credentialCache.Add（）没有改变任何事情。因此，它必须和周围某处其他方式在.NET框架是错误地从URL中移除参数。

My first idea was that the digest specification requires URL parameters to be removed from the digest hash -- but removing the parameter from the URL passed to credentialCache.Add() didn't change a thing. So it must be the other way around and somewhere in the .NET framework is wrongly removing the parameter from the URL.

推荐答案

你说你删除的查询字符串paramters，但你尝试将所有的方式回到刚才主持人？ CredentialsCache.Add（）我见过的每一个例子似乎只使用主机，和的 CredentialsCache.Add（）中URI参数为URI preFIX，这似乎能说明问题。

You said you removed the querystring paramters, but did you try going all the way back to just the host? Every single example of CredentialsCache.Add() I've seen seems to use only the host, and the docs for CredentialsCache.Add() list the Uri parameter as "uriPrefix", which seems telling.

在换句话说，尝试了这一点：

In other words, try this out:

Uri uri = new Uri(url);
WebRequest request = WebRequest.Create(uri);

var credentialCache = new CredentialCache(); 
credentialCache.Add( 
  new Uri(uri.GetLeftPart(UriPartial.Authority)), // request url's host
  "Digest",  // authentication type 
  new NetworkCredential("user", "password") // credentials 
); 

request.Credentials = credentialCache;

如果这个工程，你还必须确保你不添加相同的权威缓存不止一次......到同一主机的所有请求应该能够使用相同的凭证缓存项。

If this works, you will also have to make sure that you don't add the same "authority" to the cache more than once... all requests to the same host should be able to make use of the same credential cache entry.

这篇关于我该怎么办摘要式身份验证与HttpWebRequest的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！