2013-11-15 260 views
1

我正試圖模擬接受蒸汽交易報價的過程。我已經要求蒸汽支持,並確認只要我不打擾他們對其他球員的服務,就允許這種行動。c#web客戶端返回403禁止

因此,這裏的細節: 接受交易提供的網址https://steamcommunity.com/tradeoffer/OfferID/accept

這裏是這樣做的

return $J.ajax(
{ 
    url: 'https://steamcommunity.com/tradeoffer/' + nTradeOfferID + '/accept', 
    data: rgParams, 
    type: 'POST', 
    crossDomain: true, 
    xhrFields: { withCredentials: true } 
} 

這裏的AJAX代碼是我使用IE10

跟蹤頭
Request    POST /tradeoffer/xxxxxxx/accept HTTP/1.1 
Accept    */* 
Content-Type  application/x-www-form-urlencoded; charset=UTF-8 
Referer    http://steamcommunity.com/tradeoffer/xxxxxxx/ 
Accept-Language  en-CA 
Origin    http://steamcommunity.com 
Accept-Encoding  gzip, deflate 
User-Agent   Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) 
Host    steamcommunity.com 
Content-Length  51 
DNT     1 
Connection   Keep-Alive 
Cache-Control  no-cache 

帖子正文:

會話ID = SESSIONID & tradeofferid = OFFERID

的Cookie:

Sent sessionid    SessionID   
Sent __utmc     XXXXX    
Sent steamLogin    XXXXX 
Sent webTradeEligibility  XXXXXXX 
Sent Steam_Language   XXXXXXX      
Sent timezoneOffset   XXXXXXXX     
Sent __utma     XXXXXXXXXXXXX    
Sent __utmz     XXXXXXXXXXXXX    
Sent steamMachineAuth   XXXXXXXXXXXXX     
Sent strInventoryLastContext XXXXXXXXX     
Sent steamRememberLogin  XXXXXXXXXXXX     
Sent steamCC_XXXXXXXXXXXX  XXXXXXX      
Sent __utmb     XXXXXXX     
Sent tsTradeOffersLastRead XXXXXXX 

請求的發起者是XMLHttpRequest的

在我的代碼,我沒有

public bool AcceptOffer(string offerID) 
{ 
    string path = "tradeoffer/" + offerID + "/"; 
    //Simulate the browser opening the trade offer window 
    _steamWeb.Get(new Uri(WebAPI.SteamCommunity + path)); 
    NameValueCollection data = new NameValueCollection(); 
    data.Add("sessionid", _steamWeb.SessionID); 
    data.Add("tradeofferid", offerID); 

    string result = _steamWeb.Post(new Uri("https://steamcommunity.com/" + path + "accept"), data); 

    return true; 
} 

_steamWeb包含一個cookie意識到Web客戶端這是用來做所有的post/get請求

這裏有餅乾知道的WebClient

protected override WebRequest GetWebRequest(Uri address) 
{ 
    HttpWebRequest request = base.GetWebRequest(address) as HttpWebRequest; 

    if (request != null) 
    request.CookieContainer = _cookieContainer; 

    if (_lastPage != null) 
     request.Referer = _lastPage; 

     _lastPage = address.ToString(); 
     return request; 
} 

protected override WebResponse GetWebResponse(WebRequest request) 
{ 
    WebResponse response = base.GetWebResponse(request);//403 exception here 
    ReadCookies(response); 
    return response; 
} 

這裏的代碼的部分是我設置標頭

void SetCommonHeaders(Uri uri) 
{ 
    _webClient.Headers[HttpRequestHeader.Accept] = "text/html, application/xhtml+xml, */*"; 
    _webClient.Headers[HttpRequestHeader.AcceptLanguage] = "en-CA"; 
    _webClient.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded; charset=UTF-8"; 
    _webClient.Headers[HttpRequestHeader.UserAgent] = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"; 
    _webClient.Headers[HttpRequestHeader.Host] = uri.Host; 
    _webClient.Headers.Add("DNT", "1"); 
} 

這裏有要求我的cookie頭我發送

sessionid=XXXX; 
steamMachineAuthXXXXX=XXXXXX; 
steamLogin=XXXXXXX; 
steamRememberLogin=XXXXXXXX; 
Steam_Language=english; 
webTradeEligibility=XXXXXXXXX; 
steamCC_XXXXX=CA; 
tsTradeOffersLastRead=XXXXXXXXX 

我沒有manuelly設置這些cookies,所有這些cookie都通過GET請求來註冊steamcommunity.com

我幾乎發送了與瀏覽器相同的請求,但我的帖子中收到403 Forbidden。我試圖設置X-Requested-With = XMLHttpRequest頭,但它沒有幫助。我發現他們在ajax調用中做了一些憑證方面的事情,所以我想在我的HttpWebRequest帖子中做一些事情?由於

+2

你能試着跟蹤兩個不同的請求使用Fiddler並比較結果? – scheien

+0

我同意@scheien,使用Fidler跟蹤您的請求。只是一些額外的信息,你可以下載菲德勒[這裏](http://fiddler2.com/get-fiddler) – user65439

+0

蒸汽貿易是關閉的,我想我將不得不等待,直到他們完成瓦特/它 – Steve

回答

0

問題解決了,有兩件事情:

  1. 保活頭沒有被正確地發送,由於.NET錯誤
  2. 我編碼的SessionID的兩倍