HTTP request from a C# desktop application to a Siteminder-protected server

后端 未结 2 1140
礼貌的吻别
礼貌的吻别 2021-02-19 14:49

I have developed a C# desktop application which makes HTTPS requests to the customers\' servers (usually Documentum/SharePoint/Alfresco/Nem

相关标签:
2条回答
  • 2021-02-19 15:36

    To authenticate with CA SSO and then connect to the desired URL we need to access a protected resource on a web server configured to use CA SSO authentication:

    1. Requests a resource on the server, using an HTTP request.
    2. The request is received by the web server and is intercepted by the CA SSO web agent.
    3. The web agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy server.
    4. The Policy server authenticates the user and verifies whether or not the authenticated user is authorized for the requested resource, based on rules and policies contained in the Policy store.
    5. After the user is authenticated and authorized, the Policy server grants access to the protected resources.

    This is accomplished with the following steps:

    Open a connection (HTTP request in this case) to the URI of the protected resource. Since the request has not yet been authenticated, the CA SSO agent will issue a redirect to a login page. In the code, AllowAutoRedirect is set to false. This is important as the redirect URL will be required for the subsequent POST of login data in step 3 below. If AllowAutoRedirect were True, the response would not include a Location header and the subsequent POST would be made to the original URL, which would then redirect to the login page again. However, a POST occurs between a client and the server, any POST data carried in the payload of the request of step 3 will be lost during the redirect.

    Dim request As HttpWebRequest
    Dim response As HttpWebResponse
    Dim url As String = PROTECTED_URL
    
    request = WebRequest.Create(url)
    request.AllowAutoRedirect = False
    response = request.GetResponse
    
    ' make sure we have a valid response
    If response.StatusCode <> HttpStatusCode.Found Then
        Throw New InvalidProgramException
    End If
    
    ' get the login page
    url = response.Headers("Location")
    request = WebRequest.Create(url)
    request.AllowAutoRedirect = False
    response = request.GetResponse
    

    The next step involves creating an HTTPS request that POSTs all the form data, including userid and password, back to the server. The purpose of an authentication agent is to verify a user’s identity by validating their userid and password. Thus, their URLs naturally use SSL (secure sockets layer) and are encrypted for us, so we do not required further encryption in our program. However, the formatting of the POST data is interesting in as much as there are two alternatives. The sample program uses the simpler approach of setting the content type to application/x-www-form-urlencoded. Here the POST data is formatted similar to a query string and sent as part of the next request.

    Dim postData As String
    
    postData = ""
    For Each inputName As String In tags.Keys
        If inputName.Substring(0, 2).ToLower = "sm" Then
            postData &= inputName & "=" & _
                        HttpUtility.UrlEncode(tags(inputName)) & "&"
        End If
    Next
    postData += "postpreservationdata=&"
    postData += "USER=" + HttpUtility.UrlEncode(USERNAME) & "&"
    postData += "PASSWORD=" + HttpUtility.UrlEncode(PASSWORD)
    
    request = WebRequest.Create(url)
    cookies = New CookieContainer
    request.CookieContainer = cookies
    request.ContentType = FORM_CONTENT_TYPE
    request.ContentLength = postData.Length
    request.Method = POST_METHOD
    request.AllowAutoRedirect = False   ' Important
    
    Dim sw As StreamWriter = New StreamWriter(request.GetRequestStream())
    sw.Write(postData)
    sw.Flush()
    sw.Close()
    
    response = request.GetResponse
    
    0 讨论(0)
  • 2021-02-19 15:43

    Same idea as Mohit's answer, but it can be done with a much simpler code:

            //Make initial request for SM to give you some cookies and the authentication URI
            RestClient client = new RestClient("http://theResourceDomain/myApp");
            client.CookieContainer = new CookieContainer();
            IRestResponse response = client.Get(new RestRequest("someProduct/orders"));
    
            //Now add credentials.
            client.Authenticator = new HttpBasicAuthenticator("username", "password");
            //Get resource from the SiteMinder URI which will redirect back to the API URI upon authentication.
            response = client.Get(new RestRequest(response.ResponseUri)); 
    
    • Although this uses RestSharp, it can be easily replicated using HttpClient or even HttpWebRequest.
    0 讨论(0)
提交回复
热议问题