我们在本地使用嵌入式STS来测试我们的ASP.Net Web应用程序。我正在创建一个控制台应用程序来调用一些WebAPI方法并对我们的应用程序进行一些负载测试。我想使用具有特定权限的一组用户进行测试。对于我们的本地实例,这意味着对EmbeddedSTS进行身份验证。
如何编写HttpClient以对EmbeddedSTS进行身份验证以接收此令牌并对我的WebAPI端点进行身份验证?
编辑:如果我可以在HTTP模式下运行应用程序(而非HTTPS)时获得SAML令牌,则可获得奖励积分。
答案 0 :(得分:1)
我想出了如何做到这一点。
警告:这只是用于一个关闭的控制台应用程序,它允许我们对EmbeddedSTS进行身份验证并执行WebAPI调用以进行压力测试。
基本上,我们模拟浏览器会发生什么。这使用HttpClient和HtmlAgilityPack来解析HTML响应,选择一个用户,将其POST回EmbeddedSTS,然后发布WS Fed令牌结果,最后收到FedAuth cookie。之后,HTTP Client可用于调用应用程序中的任何WebAPI或MVC页面。
public static Task<HttpClient> BuildClient(string authurl, string username)
{
var task = Task.Run<HttpClient>(async () =>
{
// setup http client an cookie handler
var handler = new HttpClientHandler();
handler.AllowAutoRedirect = true;
handler.CookieContainer = new System.Net.CookieContainer();
handler.UseCookies = true;
var client = new HttpClient(handler);
client.MaxResponseContentBufferSize = 256000;
client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)");
client.DefaultRequestHeaders.Add("Connection", "Keep-Alive");
client.DefaultRequestHeaders.ExpectContinue = false;
// this is the html of the page that has the user dropdown
var userSelectionPage = await client.GetStringAsync(authurl);
string actionPathAndQuery = GetAction(userSelectionPage);
// for the purposes of this sample, we just choose the user called admin
var postData = new List<KeyValuePair<string, string>>() {
new KeyValuePair<string, string>("username", username)
};
// now we post the user name and expect to get the ws fed response
var wsfedresponse = await client.PostAsync(authurl + actionPathAndQuery, new FormUrlEncodedContent(postData));
var wsfedcontent = await wsfedresponse.Content.ReadAsStringAsync();
var namevaluepairs = GetHiddenInputNameValues(wsfedcontent);
var finalpost = await client.PostAsync(authurl, new FormUrlEncodedContent(namevaluepairs));
// at this point, the fedauth cookie is set, we are good to go
return client;
});
return task;
}
private static string GetAction(string htmlContent)
{
var d = new HtmlDocument();
d.LoadHtml(htmlContent);
var node = d.DocumentNode.SelectSingleNode("//form[@action]");
var result = node.GetAttributeValue("action", string.Empty);
return result;
}
private static IEnumerable<KeyValuePair<string, string>> GetHiddenInputNameValues(string htmlContent)
{
var d = new HtmlDocument();
d.LoadHtml(htmlContent);
var nodes = d.DocumentNode.SelectNodes("//input[@type='hidden']");
return nodes.Select(p =>
new KeyValuePair<string, string>(
p.GetAttributeValue("name", string.Empty),
System.Web.HttpUtility.HtmlDecode(p.GetAttributeValue("value", string.Empty))
));
}
答案 1 :(得分:0)
EmbeddedSts执行ws-federation。这不是为网络Apis设计的。你更想要Oauth2。