[英]Obtaining the CSRF Token ID from web site using c#
I have a situation where i will have to download the file from the website. 我遇到必须从网站下载文件的情况。 It is a secured site (https) and also It requires the client certificate authentication.
它是一个受保护的站点(https),并且还需要客户端证书身份验证。
I have a client certificate and managed to get in. After logged in, when i tried to download the file, i am not able to download the file. 我有一个客户端证书并设法进入。登录后,当我尝试下载文件时,无法下载该文件。 In turn, the file contains the html with csrftoken.
反过来,该文件包含带有csrftoken的html。 How to get this token id?
如何获得此令牌ID? In order to download the file i need this token.
为了下载文件,我需要此令牌。 Could someone share what kind of authentication this, and how can i get the csrf token id using c#.
有人可以分享哪种身份验证,以及如何使用c#获得csrf令牌ID。
Thanks 谢谢
It is not authentication. 它不是身份验证。 Its security to prevent cross site request forgery .
它的安全性可以防止跨站点请求伪造 。
The technique is: 该技术是:
In your case the workflow should be near to this: 在您的情况下,工作流程应接近于此:
HTTP GET
) to see info in their screen. HTTP GET
)以在其屏幕上查看信息。 hidden field
in the generated Form
with the CSRF token. Form
具有hidden field
。 POST
when click on a button with the following data: File identification he wants to download and the CSRF token. POST
:要下载的文件标识和CSRF令牌。 POST
. POST
有效。 So, if you want to download a file programmatically with C# I think that you should do a GET
first as if you were a webBrowser; 因此,如果您想使用C#以编程方式下载文件,我认为您应该像执行webBrowser一样先执行
GET
。 retrieve the CSRF token parsing the responsed HTML and send a POST
whith the file and the CSRF token. 检索解析了响应的HTML的CSRF令牌,然后发送
POST
和文件以及CSRF令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.