摘要身份验证返回未经授权的

Posted 2023-02-24

【中文标题】摘要身份验证返回未经授权的

【英文标题】：Digest authentication returning unauthorized

【发布时间】：2020-10-06 10:12:52

【问题描述】：

我正在尝试通过 Digest 身份验证进行身份验证，API 返回 Unauthorized，当我检查 cookie 的计数时，我可以看到 cookie 没有传递给实际请求。但是，我通过先获取 cookie 并添加它并发出请求来通过邮递员使其工作。但是，当我通过代码执行此操作时，我得到了未经授权。

请指导我如何使用摘要身份验证类型进行身份验证。

此方法获取cookies

     private RestClient _Client = new RestClient();
     public API()
     
        _Client = new RestClient(_BaseUrl);
        _Client.Authenticator = _Creds;
        if (_SessionEnabled)
        
            var request = new RestRequest("admin/getsession", Method.GET);

            IRestResponse response = _Client.Execute(request);
            var content = response.Content;

            _Cookie = response.Cookies;
            SCHelper.CheckLinOTPResponse(response);
            
        
        

向实际请求添加会话

   public static RestRequest AddSessionToRequest(RestRequest Request, IList<RestResponseCookie> Cookie, bool SessionEnabled)
    
        if(SessionEnabled)
        
            Request.AddQueryParameter("session", Cookie[0].Value);
            Request.AddParameter(Cookie[0].Name, Cookie[0].Value, ParameterType.Cookie);
                    
        return Request;
    

这是通过首先使用 Digest 身份验证机制进行身份验证来生成 OTP 的方法。它在这里失败并显示未经授权。

   public string GenerateOtp(string Serial, string User, string Realm)
    
        try
        
            string username = "";
            string password = "";

            var client = _Client;
            var credentials = username + ":" + password;
            var base64Credentials = Convert.ToBase64String(Encoding.UTF8.GetBytes(credentials));
            var request = new RestRequest("gettoken/getotp", Method.GET);
            //client.Authenticator = new HttpBasicAuthenticator(username, password); //tried to add this and it didn't work
            request.AddHeader("Authorization", "Digest " + base64Credentials);

            //check session
            request = SCHelper.AddSessionToRequest(request, _Cookie, _SessionEnabled);
            request.AddParameter("user", User, ParameterType.QueryString);
            request.AddParameter("realm", "myRealm", ParameterType.QueryString);
            request.AddParameter("serial", Serial, ParameterType.QueryString);

            IRestResponse response = client.Execute(request);  //This is were it fails.
            SCHelper.CheckLinOTPResponse(response);
            var content = response.Content;
            return content;
        
        catch (Exception ex)
        
            throw ex;
        
    

【参考方案1】：

我终于想出了一些战斗的解决方案。我必须添加标头并从实际的 RestRequest 调用中获取 cookie，并且连接成功。

        request.AddHeader("Accept", "application/json");
        request.Parameters.Clear();
        request.AddParameter("application/json", request, ParameterType.RequestBody);
        
        request.AddParameter(_Cookie[0].Name, _Cookie[0].Value, ParameterType.Cookie);