HTTP Body Empty on POST Requests with Digest Authentication

Asked 2 years ago, Updated 2 years ago, 37 views

# We ask the same question in the Wankuma Alliance.

We are currently developing an application using Windows 10 Mobile.
The Windows 10 Mobile app recognizes that the HttpClient class needs to be used.
Due to the configuration of your environment, you must submit a POST request after Digest authentication.

I have tried some programming, but there is an error.
I checked the contents of HTTP and found that the HTTP header "Content-Length" was set correctly, but
Critical HTTP body does not have POST parameters.

I am writing the sample code below, but are there any deficiencies?
I would appreciate it if you could tell me as much as you can.

Imports System.Net
Imports System.Net.Http

Public Class Class 1
 Public Async Function registerOrderInfo() As Task(Of String)

 Dimurl As Uri = New Uri ("http://test.com/test/testGet.cgi")
 Dim sysHandler As HttpClientHandler = New HttpClientHandler()
 sysHandler.Credentials=New NetworkCredentials("testuser", "testpass")'Digest Authentication Account
Dim client As HttpClient=New HttpClient(sysHandler)

 Try
 Dimparam As List (Of KeyValuePair(Of String, String)) = New List(Of KeyValuePair(Of String, String))
 param.Add(New KeyValuePair(Of String, String) ("test1", "aaa"))
 param.Add(New KeyValuePair(Of String, String) ("test2", "bbb"))

 Dim content As HttpContent = New FormUrlEncodedContent (param)
 Dim response As HttpResponseMessage=Await client.PostAsync (url, content)

 Dim statusCode As HttpResponseMessage=response.EnsureSuccessStatusCode()
 Dim message As String=Await response.Content.ReadAsStringAsync()
 Catch ex As Exception
 httpResponseBody="Error:"+ex.HResult.ToString("X")+"Message:"+ex.Message
 End Try

 US>"Return"
 End Function

End Class

(Added January 11)
I'm very sorry to have noticed this late, but
Due to this Digest authentication, I will access it twice.

The first time, of course, was returned as 401, but the body of the first httpRequest had POST parameters set, but the body of the second httpRequest was empty.

I understand that the first and second access is running within PostAsync, but
Is there any way to resolve this issue?

windows .net

2022-09-29 22:41

2 Answers

The first time, of course, was returned as 401, but the body of the first httpRequest had POST parameters set, but the body of the second httpRequest was empty.

I understand that the first and second access is running within PostAsync, but
Is there any way to resolve this issue?

Data should not be POST left unauthenticated when authentication is requested.The reason is

  • Authentication does not always pass
  • POSTSending data in that state could be a DoS attack from the perspective of the server
  • Could leak information from the client's perspective

Therefore, the HttpClient class may be implicitly designed not to POST data twice.

In principle, pgrho's proposed PreAuthenticate, but Digest authentication cannot calculate the hash value without receiving nonce from the server.

Would it be possible to access GET to any page of the same server and complete Digest authentication before POST?

2022-09-29 22:41

You may need to specify the PreAuthenticate property of the HttpClientHandler.

sysHandler.PreAuthenticate=True

2022-09-29 22:41

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

712 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

549 PHP ssh2_scp_send fails to send files as intended

542 Unable to install versioned in Google Colab

538 Uncaught (inpromise) Error on Electron: An object could not be cloned

981 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

© 2024 OneMinuteCode. All rights reserved.