HP ALM 12.21 REST API - 401 未经授权 - C#

Question

我正在尝试针对我们的 ALM 12.21 服务器使用 API，但总是以“401 Unauthorized”结束。 似乎我正确地取回了 auth cookie，但是当我之后尝试做某事时，我是未经授权的。

我用它来获取 auth cookie（似乎有效）：

HttpWebRequest myauthrequest = (HttpWebRequest)WebRequest.Create("https://server/qcbin/authentication-point/alm-authenticate");

            string AuthenticationXML = @"<alm-authentication>
                        <user>username</user>                
                        <password>password</password>       
                        </alm-authentication>";

            byte[] Requestbytes = Encoding.UTF8.GetBytes(AuthenticationXML);
            myauthrequest.Method = "POST";
            myauthrequest.ContentType = "application/xml";
            myauthrequest.ContentLength = Requestbytes.Length;
            myauthrequest.Accept = "application/xml";
            Stream RequestStr = myauthrequest.GetRequestStream();
            RequestStr.Write(Requestbytes, 0, Requestbytes.Length);
            RequestStr.Close();
            HttpWebResponse myauthres = (HttpWebResponse)myauthrequest.GetResponse();
            var AuthenticationCookie = myauthres.Headers.Get("Set-Cookie");
            AuthenticationCookie = AuthenticationCookie.Replace(";Path=/;HTTPOnly", "");

我不确定是否需要 .Replace。 只是在某处阅读它。 在尝试执行后续请求时，无论有没有它，我都会得到 401。

在获得 auth cookie 后尝试例如：

 HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://server/qcbin/rest/domains/FS/projects/P3602_SLS_Project/defects/1");
            req.Method = "GET";
            req.ContentType = "application/xml";
            req.Accept = "application/octet-stream";
            req.Headers.Set(HttpRequestHeader.Cookie, AuthenticationCookie);
            HttpWebResponse res = (HttpWebResponse)req.GetResponse();
            Stream RStream2 = res.GetResponseStream();
            XDocument doc = XDocument.Load(RStream2);

哪个失败了 401。

任何人都有 ALM 12.21 REST API 的完整工作代码？

Answer 1

您需要两个主要 cookie 才能使 ALM REST API 完美运行。

1. LWSSO_COOKIE_KEY

2. QC会话

   almURL = “HTTPS：//的.com / qcbin /”

   authEndPoint = almURL + “认证点/认证”

   qcSessionEndPoint = almURL + "rest/site-session"

获得authEndPoint成功响应后，您将获得 LWSSO_COOKIE_KEY

在您对qcSessionEndPoint的下一个请求中使用该 cookie，它应该为您提供 QCSession cookie。

在后续请求中同时使用 LWSSO_COOKIE_KEY 和 QCSession cookie 以从 ALM 获取数据。

我看到您正在使用octet-stream来获取缺陷响应。 当我检查文档时，它可以返回以下类型之一。

"application/xml"
"application/atom+xml"
"application/json"

以防万一，如果你需要在 python 中看到一些工作实现，这里是https://github.com/macroking/ALM-Integration/blob/master/ALM_Integration_Util.py它可能会给你一些想法。

Answer 2

谢谢@巴尼。 你给我发了正确的方向 :-) 对于任何感兴趣的人，我是这样管理的，例如获取缺陷 ID 473：

登录以创建 CookieContainer，然后使用它来执行实际的 ALM 数据获取：

   private void button1_Click(object sender, EventArgs e)
    {
        string almURL = @"https://url/qcbin/";
        string domain = "domain";
        string project = "project";
        CookieContainer cookieContainer = LoginAlm2(almURL, "username", "password", domain, project);

        HttpWebRequest myWebRequest1 = (HttpWebRequest)WebRequest.Create(almURL + "/rest/domains/" + domain + "/projects/" + project + "/defects/473");
        myWebRequest1.CookieContainer = cookieContainer;
        myWebRequest1.Accept = "application/json";
        WebResponse webResponse1 = myWebRequest1.GetResponse();
        StreamReader reader = new StreamReader(webResponse1.GetResponseStream());
        string res = reader.ReadToEnd();

    }


   public CookieContainer LoginAlm2(string server, string user, string password, string domain, string project)
    {
        //Creating the WebRequest with the URL and encoded authentication
        string StrServerLogin = server + "/api/authentication/sign-in";
        HttpWebRequest myWebRequest = (HttpWebRequest)WebRequest.Create(StrServerLogin);
        myWebRequest.Headers[HttpRequestHeader.Authorization] = "Basic " + Base64Encode(user + ":" + password);
        WebResponse webResponse = myWebRequest.GetResponse();

        CookieContainer c = new CookieContainer();
        Uri uri = new Uri(server);

        string StrCookie = webResponse.Headers.ToString();
        string StrCookie1 = StrCookie.Substring(StrCookie.IndexOf("LWSSO_COOKIE_KEY=") + 17);
        StrCookie1 = StrCookie1.Substring(0, StrCookie1.IndexOf(";"));
        c.Add(new Cookie("LWSSO_COOKIE_KEY", StrCookie1) { Domain = uri.Host });

        //Then the QCSession cookie
        string StrCookie2 = StrCookie.Substring(StrCookie.IndexOf("QCSession=") + 10);
        StrCookie2 = StrCookie2.Substring(0, StrCookie2.IndexOf(";"));
        c.Add(new Cookie("QCSession", StrCookie2) { Domain = uri.Host });

        //Then the ALM_USER cookie
        string StrCookie3 = StrCookie.Substring(StrCookie.IndexOf("ALM_USER=") + 9);
        StrCookie3 = StrCookie3.Substring(0, StrCookie3.IndexOf(";"));
        c.Add(new Cookie("ALM_USER", StrCookie3) { Domain = uri.Host });

        //And finally the XSRF-TOKEN cookie
        string StrCookie4 = StrCookie.Substring(StrCookie.IndexOf("XSRF-TOKEN=") + 12);
        StrCookie4 = StrCookie4.Substring(0, StrCookie4.IndexOf(";"));
        c.Add(new Cookie("XSRF-TOKEN", StrCookie4) { Domain = uri.Host });

        return c;
    }

奇迹般有效 ：-）