0

我整天都在试图弄清楚这一点。我有一个应用程序转发到另一个应用程序以处理登录。第一个应用程序重定向到一个 webAPI URL。然后,该 url 采用其中一个参数并创建一个令牌。然后它发送一个带有 Set-Cookie Header 的 403 响应。发送的 cookie 是该标头从未被设置。

经过大量研究后,我认为它可能需要一个 P#P 标头,因此我尝试了各种组合。

这是代码:

    Public Function Authenticate(t As String, forwardURL As String) As HttpResponseMessage
        Dim resp As New HttpResponseMessage()
        If VestigoBusinessObjects.UserToken.IsValid(t, EncType.AES) Then
            Dim user As New UserToken(t, EncType.AES)
            user.ResetExperation()
            'Create usertoken cookie
            Dim Cookie = New CookieHeaderValue("t", user.GetEncTicket())
            Cookie.Expires = DateTimeOffset.Now.AddDays(1)
            Cookie.Domain = Request.RequestUri.Host
            Cookie.Path = "/"

            resp.Headers.AddCookies(New CookieHeaderValue() {Cookie})
            resp.StatusCode = HttpStatusCode.RedirectMethod
            resp.Headers.Location = New Uri(forwardURL)
            resp.Headers.Add("Pragma", "no-cache")
            resp.Headers.Add("Cache-Control", "no-cache")

            Return resp
        End If
        resp.StatusCode = HttpStatusCode.Unauthorized

        Return resp
    End Function

以下是我看到在浏览器中设置的标题:

请求 URL:删除,因为它不允许我发布它们?

t=bB%2B%2FpRLq%2BzobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT%2BQYjzIuWI9j3JPn4qnpXpgK%2F%2B6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c%2BwKLREh5FWMfTvN%2BQxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ%2BZ%2FbmfvvKl9lfg18vHT8nhL1dDtAlR0Fd%2FdSuB5L6Yg3Yj%3F%3FHKZNy0zYBTVwdL7NXMFGXw%3D%3D&forwardurl=http%3A%2F%2Flocalhost%3A4644%2FInternalMonitor.html

请求方法:GET

状态码:303 查看其他

远程地址:[::1]:4644

响应标头

缓存控制:无缓存

内容长度:0

日期:格林威治标准时间 2016 年 11 月 29 日星期二 22:58:11

位置:已删除,因为它不允许我发布它们

P3P:CP="IDC DSP COR IVAi IVDi OUR TST"

杂注:无缓存

服务器:Microsoft-IIS/10.0

CEC96FE7CB299930674745018B81BE606C6181F0A5C94AA6DB025A6B5829ABCABD4A7A075BE33246CBE151D320904AA3643C6AE7E4DBA553500AB19522970036DA64323E1A4352241DB8CF4FEE6FE121135DC9364F8A2C3ADA4346BAFBF8B18F7875F3; 过期=格林威治标准时间 2016 年 11 月 30 日星期三 22:58:12;域=本地主机;路径=/

X-AspNet-版本:4.0.30319

X-Powered-By:ASP.NET

X-SourceFiles:=?UTF-8?B?

YzpcVEZTXFZlc3RpZ29cVGVzdFxDZW50cmFsTW9uaXRvclxhcGlcQXV0aGVudGljYXRpb25Db250cm9s

bGVyXEF1dGhlbnRpY2F0ZQ==?=

请求标头

接受:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp, / ;q=0。8

接受编码:gzip、deflate、sdch、br

接受语言:en-US,en;q=0.8

缓存控制:无缓存

连接:保持活动

Cookie:ASP.NET_SessionId=cnru1r4g0svzeomwglkwestw;.ASPXAUTH=1566301093F4FC41F147432F8A4B044E3A19EFC46C47A1BE54F95A98E08EE8952197E5212230F0416776480CA3496036DCA0C0B8AEF0D08675D4B20E655E107F055E1D60150BF84334F65FE63E134B0252EF3B8F02E1E0BC372DBA80006300215AAE095F4333F48BB04D0DF315D825BF1A1B0F27A81E32E82ACEEA791BF11551A8F96A1B0AED9EC11EEA5EF34AE03406; hoursDiffGMTTime=-5;屏幕分辨率=1920x1080;浏览器分辨率=1920x950;

主机:本地主机:4644

杂注:无缓存

升级不安全请求:1

用户代理:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

查询字符串参数

t:bB+/pRLq+zobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT+QYjzIuWI9j3JPn4qnpXpgK/+6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c+wKLREh5FWMfTvN+QxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ+Z/bmfvvKl9lfg18vHT8nhL1dDtAlR0Fd/dSuB5L6Yg3Yj??HKZNy0zYBTVwdL7NXMFGXw== forwardurl: deleted because it won't let me post them

任何输入将不胜感激。

4

0 回答 0