我有一个在服务器上验证我的凭据的URL.有没有办法让它看不见?简单的代码看起来完全像这样:
public void DoAuth()
{
String uri = GetUri();
ProcessStartInfo startInfo = new ProcessStartInfo(uri);
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(startInfo);
}
但是ProcessWindowStyle.Hidden似乎没有做到这一点.如果我将UseShellExecute设置为false然后我得到Win32Exception,并显示消息系统找不到指定的文件
该网址是Spotify服务器上的身份验证,用于获取播放列表,它看起来像这样https://accounts.spotify.com/authorize/client_id=26d287105as12315e12ds56e31491889f3cd293 ..
还有其他方法可以使这个过程不可见吗?
编辑:http示例
public void DoAuth()
{
String uri = GetUri();
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
HttpWebResponse webResponse;
try
{
webResponse = (HttpWebResponse)request.GetResponse();
Console.WriteLine("Error code: {0}",webResponse.StatusCode);
using (Stream data = webResponse.GetResponseStream())
using (var reader = new StreamReader(data))
{
//do what here?
}
}
catch (Exception e)
{
throw;
}
}
包含上述示例的整个.cs文件:
using SpotifyAPI.Web.Enums;
using SpotifyAPI.Web.Models;
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Threading;
namespace SpotifyAPI.Web.Auth
{
public class ImplicitGrantAuth
{
public delegate void OnResponseReceived(Token token,String state);
private SimpleHttpServer _httpServer;
private Thread _httpThread;
public String ClientId { get; set; }
public String RedirectUri { get; set; }
public String State { get; set; }
public Scope Scope { get; set; }
public Boolean ShowDialog { get; set; }
public event OnResponseReceived OnResponseReceivedEvent;
/// <summary>
/// Start the auth process (Make sure the internal HTTP-Server ist started)
/// </summary>
public void DoAuth()
{
String uri = GetUri();
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
HttpWebResponse webResponse;
try
{
webResponse = (HttpWebResponse)request.GetResponse();
Console.WriteLine("Error code: {0}",webResponse.StatusCode);
using (Stream data = webResponse.GetResponseStream())
using (var reader = new StreamReader(data))
{
//nothing
}
}
catch (Exception e)
{
throw;
}
/*ProcessStartInfo startInfo = new ProcessStartInfo(uri);
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(startInfo);
*/
}
private String GetUri()
{
StringBuilder builder = new StringBuilder("https://accounts.spotify.com/authorize/?");
builder.Append("client_id=" + ClientId);
builder.Append("&response_type=token");
builder.Append("&redirect_uri=" + RedirectUri);
builder.Append("&state=" + State);
builder.Append("&scope=" + Scope.GetStringAttribute(" "));
builder.Append("&show_dialog=" + ShowDialog);
return builder.ToString();
}
/// <summary>
/// Start the internal HTTP-Server
/// </summary>
public void StartHttpServer(int port = 80)
{
_httpServer = new SimpleHttpServer(port,AuthType.Implicit);
_httpServer.OnAuth += HttpServerOnOnAuth;
_httpThread = new Thread(_httpServer.Listen);
_httpThread.Start();
}
private void HttpServerOnOnAuth(AuthEventArgs e)
{
OnResponseReceivedEvent?.Invoke(new Token
{
AccessToken = e.Code,TokenType = e.TokenType,ExpiresIn = e.ExpiresIn,Error = e.Error
},e.State);
}
/// <summary>
/// This will stop the internal HTTP-Server (Should be called after you got the Token)
/// </summary>
public void StopHttpServer()
{
_httpServer.Dispose();
_httpServer = null;
}
}
}
它们被称为这样:
_auth.OnResponseReceivedEvent += _auth_OnResponseReceivedEvent; _auth.StartHttpServer(8000); _auth.DoAuth();
带有完整可运行样品的github url在这里:https://github.com/JohnnyCrazy/SpotifyAPI-NET
下载并运行Spotify测试以连接Spotify的web api以重现我的样本.
解决方法
经典XY问题,你不是在寻找隐藏窗口的方法,you want to authenticate a user without user-actions involved.
由于ImplicitGrantAuth不适用于简单的HTTP请求,因此您需要一种解决方法:
无用户操作进行身份验证:无头浏览器
虽然ImplicitGrantAuth不是为这种任务而制作的,但它仍然可能但不干净.您将需要一个无头浏览器,您可以在C#应用程序中控制它,如Selenium.
考虑使用Selenium(related SO Question)代码:
void DoAuth()
{
IWebDriver driver = new FirefoxDriver();
driver.Navigate().GoToUrl(GetUri());
IWebElement query = driver.FindElement(By.Name("username")); //You need to search for the correct element
query.SendKeys("username");
query = driver.FineElement(By.Name("password"));
query.SendKeys("password");
//Somehow submit the form and wait till you get the Token via URL
//Thread.Sleep(5000);
String urlWithToken = driver.Url;
//Analyze it and get the token out of it
driver.Quit();
}
这只是伪正确的代码,但你应该明白这个想法.使用您可以控制的无头浏览器,填写所有表单输入,提交和分析URL. Facebook登录将是相同的原则.
但是请注意:OAuth不是为这种类型的使用而设计的,并且您可能不应该在生产中使用这种hacky变通方法
