点击此处--->
群内免费提供SAP练习系统(在群公告中)
加入QQ群:457200227(SAP S4 HANA技术交流) 群内免费提供SAP练习系统(在群公告中)
我正在.NET c#中编写一个应用程序来调用netweaver网关服务。 GETS工作正常。 尝试PUT时显示403 Forbidden。 我知道这是由于在POST中传递x-csrf-token的问题引起的,但是我使用"获取"获取x-csrf-token并在POST上传递了它,所以我不知道为什么 不工作。 我见过其他人也有完全相同的问题,但是我尝试了回复中建议的所有内容,但无济于事。 我在做什么错了?
我尝试使用"邮递员"手动获取x-csrf令牌并在POST中使用它(再次使用邮递员),并且确实起作用。
我注意到当我运行代码时:
1。 每次执行GET时,x-csrf令牌都会得到不同的值。 每次使用Postman都会返回相同的x-csrf令牌(直到它过期并返回一个新的x-csrf令牌)。
2。 如果我复制x-csrf令牌,然后在代码中提取并粘贴到Postman中,作为POST的x-csrf令牌,则Postman将会失败(CSRF令牌验证失败)。
3。 如果我复制使用Postman手动获取的x-csrf-token,并将其作为令牌粘贴到我的代码中,我的代码仍然会失败。 这真的很奇怪,因为如果我将其用于另一个使用Postman的POST,则该令牌继续起作用-因此它是有效的x-csrf令牌。
运行代码时,我收到的"响应"是:
响应
{状态代码:403,ReasonPhrase:"禁止访问",版本:1.1,内容:System.Net.Http.StreamContent,标头:
{
的Set-Cookie:MYSAPSSO2 = AjQxMDIBABgAUABTAE0ASQBUAEgAMQAxACAAIAAgACACAAYAMAAyADADABAARwBXAEQAIAAgACAAIAAgBAAYADIAMAAxADYAMAA5ADEANAAxADEAMgAwBQAEAAAACAYAAgBYCQACAEX%2fAVYwggFSBgkqhkiG9w0BBwKgggFDMIIBPwIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYIBHjCCARoCAQEwbzBkMQswCQYDVQQGEwJERTEcMBoGA1UEChMTU0FQIFRydXN0IENvbW11bml0eTETMBEGA1UECxMKU0FQIFdlYiBBUzEUMBIGA1UECxMLSTAwMjA3MDE4MTgxDDAKBgNVBAMTA0dXRAIHIBQEBxFQATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwOTE0MTEyMDI2WjAjBgkqhkiG9w0BCQQxFgQUjI3ZxiqW%21Ybw8UpMVrWuoa2mk10wCQYHKoZIzjgEAwQvMC0CFQCK%2fLbCDEUFUfTSAV85%2fVEw3R1VPgIUXoZhxKEizU7t2tZY4rwAONMbdEw%3D; 路径=/; domain =。 globalinfra.net
设置Cookie:SAP_SESSIONID_GWD_020 = MlioquPL-X_FSfCO_0i6SzycPex6bRHmqhPFcO6bdOM%3d; 路径=/
x-csrf令牌:必需
内容长度:28
内容类型:文本/纯文本; charset = utf-8
}}
内容:{System.Net.Http.StreamContent}
接头:{的Set-Cookie:MYSAPSSO2 = AjQxMDIBABgAUABTAE0ASQBUAEgAMQAxACAAIAAgACACAAYAMAAyADADABAARwBXAEQAIAAgACAAIAAgBAAYADIAMAAxADYAMAA5ADEANAAxADEAMgAwBQAEAAAACAYAAgBYCQACAEX%2fAVYwggFSBgkqhkiG9w0BBwKgggFDMIIBPwIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYIBHjCCARoCAQEwbzBkMQswCQYDVQQGEwJERTEcMBoGA1UEChMTU0FQIFRydXN0IENvbW11bml0eTETMBEGA1UECxMKU0FQIFdlYiBBUzEUMBIGA1UECxMLSTAwMjA3MDE4MTgxDDAKBgNVBAMTA0dXRAIHIBQEBxFQATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwOTE0MTEyMDI2WjAjBgkqhkiG9w0BCQQxFgQUjI3ZxiqW%21Ybw8UpMVrWuoa2mk10wCQYHKoZIzjgEAwQvMC0CFQCK%2fLbCDEUFUfTSAV85%2fVEw3R1VPgIUXoZhxKEizU7t2tZY4rwAONMbdEw%3D; 路径=/; domain =。 globalinfra.net ,SAP_SESSIONID_GWD_020 = MlioquPL-X_FSfCO_0i6SzycPex6bRHmqhPFcO6bdOM%3d; 路径=/
x-csrf令牌:必需
}
IsSuccessStatusCode:false
ReasonPhrase:"禁止"
RequestMessage:{方法:POST,RequestUri:' http://myserver: 8000/sap/opu/odata/sap/ZGW_MAM30_SET_OP_STATUS_ORDER_SRV/SetOPOrderStatusSet ',版本:1.1,内容:System.Net.Http.ObjectContent`1 [[[System.String,mscorlib,Version = 4.0.0.0,Culture = 中性,PublicKeyToken = b77a5c561934e089]],标题:
{
接受:application/json
授权:基本UFNNSVRIMTE6U3BhMW45OTk =
x-csrf令牌:1qvOVO8-COZXOpdc_pGdUQ ==
的Cookie:MYSAPSSO2 = AjQxMDIBABgAUABTAE0ASQBUAEgAMQAxACAAIAAgACACAAYAMAAyADADABAARwBXAEQAIAAgACAAIAAgBAAYADIAMAAxADYAMAA5ADEANAAxADEAMgAwBQAEAAAACAYAAgBYCQACAEX%2fAVUwggFRBgkqhkiG9w0BBwKgggFCMIIBPgIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYIBHTCCARkCAQEwbzBkMQswCQYDVQQGEwJERTEcMBoGA1UEChMTU0FQIFRydXN0IENvbW11bml0eTETMBEGA1UECxMKU0FQIFdlYiBBUzEUMBIGA1UECxMLSTAwMjA3MDE4MTgxDDAKBgNVBAMTA0dXRAIHIBQEBxFQATAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwOTE0MTEyMDIxWjAjBgkqhkiG9w0BCQQxFgQUjI3ZxiqW%21Ybw8UpMVrWuoa2mk10wCQYHKoZIzjgEAwQuMCwCFGg4S9qyJQVcVltix4A0zD0nN%21HBAhQJrXx35j9ImdBozmlwnFQtrGgNSA%3D%3D; 路径=/; domain =。 globalinfra.net ; SAP_SESSIONID_GWD_020 = b86Ptk7cIZwHAO3uG8RbOzlcbLB6bRHmqg3FcO6bdOM%3d; 路径=/
内容类型:application/json; charset = utf-8
内容长度:182
}}
StatusCode:禁止
版本:{1.1}
我的代码如下:
公共类ZGW_MAM30_SET_OP_STATUS_ORDERController:ApiController
{
字符串userName = System.Configuration.ConfigurationManager.AppSettings [" NetweaverUsername"];
字符串pwd = System.Configuration.ConfigurationManager.AppSettings [" NetweaverPassword"];
字符串标记="";
字符串cookieString ="";
IEnumerable <字符串> cookie =新列表<字符串>();
CookieContainer cookieJar =新的CookieContainer();
System.Net.NetworkCredential凭据=新的System.Net.NetworkCredential(System.Configuration.ConfigurationManager.AppSettings [" NetweaverUsername"],System.Configuration.ConfigurationManager.AppSettings [" NetweaverPassword"]);
公共异步System.Threading.Tasks.Task
{
尝试
{
使用(var handler = new HttpClientHandler(){CookieContainer = cookieJar})
使用(var clientGet = new HttpClient())
{
clientGet.BaseAddress = new Uri(" http://myserver:8000/sap/opu/odata/sap/ZGW_MAM_ASSET_REFDATA_SRV/ZSYS004Set?$ format = json ");
clientGet.DefaultRequestHeaders.Accept.Clear();
clientGet.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(" application/json"));
clientGet.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"基本",Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format(" {0}:{1}",userName,pwd))))))
clientGet.DefaultRequestHeaders.Add(" x-csrf-token","获取");
HttpResponseMessage响应=等待clientGet.GetAsync(clientGet.BaseAddress).ConfigureAwait(continueOnCapturedContext:false);
如果(response.IsSuccessStatusCode)
{
HttpResponseHeaders标头= response.Headers;
令牌= response.Headers.GetValues(" x-csrf-token")。First();
Cookies = response.Headers.GetValues(" Set-Cookie");
//一切似乎都有效
}
其他
{
LogEntry("错误:响应=" + response.StatusCode);
返回null;
}
}
使用(var client = new HttpClient())
{
client.BaseAddress = new Uri(" http://myserver:8000/sap/opu/odata/sap/ZGW_MAM30_SET_OP_STATUS_ORDER_SRV/SetOPOrderStatusSet ");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(" application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"基本",Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format(" {0}:{1}",userName,pwd))))))
client.DefaultRequestHeaders.Add(" x-csrf-token",令牌);
cookieString ="";
foreach(cookie中的字符串cookie)
{
cookieString + =";" + Cookie;
}
client.DefaultRequestHeaders.Add(" Cookie",cookieString.Substring(1));
///我不确定" myContent"是否适合我的帖子,但我还没走那么远?
字符串myContent =" {'Message':",'UserId':'CLEMOS','ActTime':'11:01:00','ActDate':'14 .08.2016','InactiveStat':' ACPTSITEACPTSITE','OpNo':'0010','OrderNo':'30528007','Status':'ACPT','Stsma':``}";
HttpResponseMessage响应=等待client.PostAsJsonAsync(client.BaseAddress,myContent).ConfigureAwait(continueOnCapturedContext:false);
//我们得到的响应状态码为403
如果(response.IsSuccessStatusCode)
{
var receiveData =等待响应。Content.ReadAsStringAsync();
返回"完成";
}
其他
{
LogEntry("错误:响应=" + response.StatusCode);
返回null;
}
}
}
捕获(异常除外)
{
LogEntry(userName +"" + pwd);
LogEntry(" Error:exception =" + ex.Message);
LogEntry(" Error:exception =" + ex.InnerException);
返回null;
}
}
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','http://www.easysap.com/data/attach/logo/logo.png', '推荐 hengyuye 的问题《张贴c#.NET时获取x-csrf-token 403禁止》','https://www.easysap.com/q-22695.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
事实证明,我完全错误地处理了从GET返回的cookie。 您需要将POST客户端与CookieContainer关联,然后将收到的cookie放入其中。 工作代码如下:
字符串userName = System.Configuration.ConfigurationManager.AppSettings [" NetweaverUsername"];
字符串pwd = System.Configuration.ConfigurationManager.AppSettings [" NetweaverPassword"];
字符串标记="";
IEnumerable <字符串> cookie =新列表<字符串>();
CookieContainer cookieJar =新的CookieContainer();
System.Net.NetworkCredential凭据=新的System.Net.NetworkCredential(System.Configuration.ConfigurationManager.AppSettings [" NetweaverUsername"],System.Configuration.ConfigurationManager.AppSettings [" NetweaverPassword"]);
公共异步System.Threading.Tasks.Task Post()
{
尝试
{
ActionContext.Request.RequestUri.ToString();
HttpContent myBody = ActionContext.Request.Content;
myBody.Headers.Remove(" Content-Type");
myBody.Headers.Add(" Content-Type"," application/json; charset = UTF-8");
HttpWebRequest要求=(HttpWebRequest)HttpWebRequest.Create(" http://MyServer:8000/sap/opu/odata/sap/ZGW_MAM30_VERSION_DEPLOY_SRV/GetVersionSet('')?$ format = json ");
HttpWebResponse响应;
req.Credentials =凭据;
req.Method =" GET";
req.Headers.Add(" X-CSRF-Token","提取");
this.cookieJar = new CookieContainer();
req.CookieContainer = this.cookieJar;
尝试
{
resp =(HttpWebResponse)req.GetResponse();
}
捕获(例如System.Net.WebException)
{
Console.WriteLine(ex.Message.ToString());
返回ex.Message.ToString();
}
捕获(异常除外)
{
Console.WriteLine(ex.Message.ToString());
返回ex.Message.ToString();
}
this.token = resp.Headers.Get(" X-CSRF-Token");
var cookieContainer =新的CookieContainer();
使用(var handler = new HttpClientHandler(){CookieContainer = cookieContainer})
使用(var client = new HttpClient(handler))
{
client.BaseAddress = new Uri(" http://MyServer:8000/sap/opu/odata/sap/ZGW_MAM30_SET_OP_STATUS_ORDER_SRV/SetOPOrderStatusSet ");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(" application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"基本",Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format(" {0}:{1}",userName,pwd))))))
client.DefaultRequestHeaders.Add(" X-CSRF-Token",令牌);
client.DefaultRequestHeaders.Add(" ContentType"," application/json");
cookieContainer.Add(client.BaseAddress,resp.Cookies);
HttpResponseMessage响应=等待client.PostAsync(client.BaseAddress,myBody).ConfigureAwait(continueOnCapturedContext:false);
如果(response.IsSuccessStatusCode)
{
var receiveData =等待响应。Content.ReadAsStringAsync();
返回receiveData;
}
其他
{
LogEntry("错误:响应=" + response.StatusCode);
返回"错误:response =" + response.StatusCode;
}
}
}
捕获(异常除外)
{
LogEntry("错误:=" + ex.Message);
返回"错误:=" + ex.Message;
}
}
此代码可以正常运行,现在发生在2020年。谢谢:D
一周热门 更多>