我整天都在试图弄清楚这一点。我有一个应用程序转发到另一个应用程序以处理登录。第一个应用程序重定向到一个 webAPI URL。然后,该 url 采用其中一个参数并创建一个令牌。然后它发送一个带有 Set-Cookie Header 的 403 响应。发送的 cookie 是该标头从未被设置。
经过大量研究后,我认为它可能需要一个 P#P 标头,因此我尝试了各种组合。
这是代码:
Public Function Authenticate(t As String, forwardURL As String) As HttpResponseMessage
Dim resp As New HttpResponseMessage()
If VestigoBusinessObjects.UserToken.IsValid(t, EncType.AES) Then
Dim user As New UserToken(t, EncType.AES)
user.ResetExperation()
'Create usertoken cookie
Dim Cookie = New CookieHeaderValue("t", user.GetEncTicket())
Cookie.Expires = DateTimeOffset.Now.AddDays(1)
Cookie.Domain = Request.RequestUri.Host
Cookie.Path = "/"
resp.Headers.AddCookies(New CookieHeaderValue() {Cookie})
resp.StatusCode = HttpStatusCode.RedirectMethod
resp.Headers.Location = New Uri(forwardURL)
resp.Headers.Add("Pragma", "no-cache")
resp.Headers.Add("Cache-Control", "no-cache")
Return resp
End If
resp.StatusCode = HttpStatusCode.Unauthorized
Return resp
End Function
以下是我看到在浏览器中设置的标题:
请求 URL:删除,因为它不允许我发布它们?
t=bB%2B%2FpRLq%2BzobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT%2BQYjzIuWI9j3JPn4qnpXpgK%2F%2B6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c%2BwKLREh5FWMfTvN%2BQxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ%2BZ%2FbmfvvKl9lfg18vHT8nhL1dDtAlR0Fd%2FdSuB5L6Yg3Yj%3F%3FHKZNy0zYBTVwdL7NXMFGXw%3D%3D&forwardurl=http%3A%2F%2Flocalhost%3A4644%2FInternalMonitor.html
请求方法:GET
状态码:303 查看其他
远程地址:[::1]:4644
响应标头
缓存控制:无缓存
内容长度:0
日期:格林威治标准时间 2016 年 11 月 29 日星期二 22:58:11
位置:已删除,因为它不允许我发布它们
P3P:CP="IDC DSP COR IVAi IVDi OUR TST"
杂注:无缓存
服务器:Microsoft-IIS/10.0
CEC96FE7CB299930674745018B81BE606C6181F0A5C94AA6DB025A6B5829ABCABD4A7A075BE33246CBE151D320904AA3643C6AE7E4DBA553500AB19522970036DA64323E1A4352241DB8CF4FEE6FE121135DC9364F8A2C3ADA4346BAFBF8B18F7875F3; 过期=格林威治标准时间 2016 年 11 月 30 日星期三 22:58:12;域=本地主机;路径=/
X-AspNet-版本:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?
YzpcVEZTXFZlc3RpZ29cVGVzdFxDZW50cmFsTW9uaXRvclxhcGlcQXV0aGVudGljYXRpb25Db250cm9s
bGVyXEF1dGhlbnRpY2F0ZQ==?=
请求标头
接受:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp, / ;q=0。8
接受编码:gzip、deflate、sdch、br
接受语言:en-US,en;q=0.8
缓存控制:无缓存
连接:保持活动
Cookie:ASP.NET_SessionId=cnru1r4g0svzeomwglkwestw;.ASPXAUTH=1566301093F4FC41F147432F8A4B044E3A19EFC46C47A1BE54F95A98E08EE8952197E5212230F0416776480CA3496036DCA0C0B8AEF0D08675D4B20E655E107F055E1D60150BF84334F65FE63E134B0252EF3B8F02E1E0BC372DBA80006300215AAE095F4333F48BB04D0DF315D825BF1A1B0F27A81E32E82ACEEA791BF11551A8F96A1B0AED9EC11EEA5EF34AE03406; hoursDiffGMTTime=-5;屏幕分辨率=1920x1080;浏览器分辨率=1920x950;
主机:本地主机:4644
杂注:无缓存
升级不安全请求:1
用户代理:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
查询字符串参数
t:bB+/pRLq+zobRcXgQuw5rjMa8Yeb1Wxb7qIZCtjLfwiN8RNT+QYjzIuWI9j3JPn4qnpXpgK/+6ucL96lBmpD6ryIbFJvP3yPOfJjXuZsECfWlj58etczEco79q0SNJj0c+wKLREh5FWMfTvN+QxSn8nMEr6JzS06CuPizM1k0Kef52ZrHVkxHDv6qVyGLJrxRFebwbpFT0LNMCCihJ+Z/bmfvvKl9lfg18vHT8nhL1dDtAlR0Fd/dSuB5L6Yg3Yj??HKZNy0zYBTVwdL7NXMFGXw== forwardurl: deleted because it won't let me post them
任何输入将不胜感激。