是否可以在服务器端对外部 HTTPS url 执行 POST 并将用户重定向到 POST 目的地?
[英]Is it possible to perform POST to external HTTPS url on server side and redirect user to the POST destination?
问题描述
So I can do the following POST submit
所以我可以做以下POST提交
@Html.BeginForm(null, null, FormMethod.Post, new { @action = "https://externalsite.com/secretroom" })
{
<input id="SECRETCODE" name="SECRETCODE" type="hidden" value="GABEN" />
<input type="submit" value="submit"/>
}
After the submit, it will took me to https://externalsite.com/secretroom .提交后,它会将我带到https://externalsite.com/secretroom 。 But as you can see the SECRETCODE is getting exposed in user HTML page and I don't want that.但是正如您所看到的, SECRETCODE在用户 HTML 页面中暴露出来,我不希望这样。
So what I'm gonna do is I'm trying to do the POST on my server side.所以我要做的是尝试在我的服务器端执行 POST。
public ActionResult Test()
{
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://externalsite.com/secretroom");
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("SECRETCODE", "GABEN")
});
var result = await client.PostAsync("", content).Result;
if(result.IsSuccessStatusCode)
{
return Redirect("https://externalsite.com/secretroom");
}
}
}
The problem is I can't redirect the user because the externalsite will deny it and I have no idea/no control over how the secretroom validation works on externalsite .问题是我无法重定向用户,因为externalsite会拒绝它,而且我不知道/无法控制secretroom验证在externalsite 。 It will only allow access if I did it the way I did above.如果我按照上面的方式进行操作,它只会允许访问。
That being said, is this actually possible?话虽如此,这真的可能吗?
1 个解决方案
解决方案1
2 2015-10-22 03:55:27
Edit : After getting a little more clarity on exactly what you're trying to accomplish, I don't believe you can do that.编辑:在更清楚地了解您要完成的工作之后,我不相信您可以做到这一点。 Specifically because in your first example, you're actually sending a response to the users browser which is redirecting them to the target site and sending along the form parameters for the ride.特别是因为在您的第一个示例中,您实际上是在向用户浏览器发送响应,该浏览器将他们重定向到目标站点并发送行程的表单参数。 Whereas, programmatically POSTing the data is out-of-band of the browser.然而,以编程方式发布数据是浏览器的带外。 The two approaches aren't interchangeable.这两种方法不可互换。 You'll most likely need to work with the site provider to identify an alternative method if you're not satisfied sending sensitive data this way.如果您不满意以这种方式发送敏感数据,您很可能需要与站点提供商合作来确定替代方法。
Original Solution原始解决方案
You can use the WebRequest class to programmatically POST the data over.您可以使用 WebRequest 类以编程方式发布数据。
WebRequest request = WebRequest.Create("https://externalsite.com/secretroom");
request.Method = "POST";
... rest omitted - refer to link below for specifics ...
https://msdn.microsoft.com/en-us/library/debx8sh9%28v=vs.110%29.aspx https://msdn.microsoft.com/en-us/library/debx8sh9%28v=vs.110%29.aspx
Also, you may want to refer to the following SO question for details on the variants of the WebRequest classes ie HttpWebRequest, FtpWebRequest, etc.此外,您可能希望参考以下 SO 问题,了解有关 WebRequest 类的变体(即 HttpWebRequest、FtpWebRequest 等)的详细信息。
C# HttpWebRequest vs WebRequest C# HttpWebRequest 与 WebRequest
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.