Roblox Web API:身份验证失败“令牌验证失败”提供了 CSRF 令牌

问题描述 投票:0回答:1
static async Task SendPostRequest()
{
    // Create an instance of HttpClient
    using (HttpClient client = new HttpClient())
    {
        // Specify the URL to which you want to send the POST request
        //string url = "https://privatemessages.roblox.com/v1/messages/send";
        string url = "https://auth.roblox.com/";

        HttpClientHandler handler = new HttpClientHandler();

        // Create a cookie container
        handler.CookieContainer = new CookieContainer();

        // Set the cookie for the specific website
        Uri uri = new Uri("https://roblox.com");
        handler.CookieContainer.Add(uri, new Cookie(".ROBLOSECURITY", "MY_SECURITY_COOKIE_HERE"));

        client.DefaultRequestHeaders.Add("X-CSRF-TOKEN", "MY_TOKEN");

        // ignore this
        var postData = new FormUrlEncodedContent(new[]
        {
            new KeyValuePair<string, string>("userId", "2222602108"),
            new KeyValuePair<string, string>("subject", "hey"),
            new KeyValuePair<string, string>("body", "thank you for adding me as a friend"),
            new KeyValuePair<string, string>("recipientId", "2222602108"),
            new KeyValuePair<string, string>("replyMessageId", "0"),
            new KeyValuePair<string, string>("includePreviousMessage", "false")
        });

        // Send the POST request
        HttpResponseMessage response = await client.PostAsync(url, postData);

        // Check if the request was successful
        if (response.IsSuccessStatusCode)
        {
            // Read the response content as a string
            string responseContent = await response.Content.ReadAsStringAsync();

            // Output the response content
            Console.WriteLine("Response:");
            Console.WriteLine(responseContent);
        }
        else
        {
            // If the request was not successful, output the status code
            Console.WriteLine($"Error: {response.StatusCode}");
            Console.WriteLine("Response:");
            string responseContent = await response.Content.ReadAsStringAsync();
            Console.WriteLine(responseContent);
        }
    }
}


我正在尝试让 ROBLOX Web API 来验证来自 C# 的调用,

我有一个有效的安全 cookie 和 CSRF 令牌,但它似乎仍然不想对我进行身份验证。

我尝试在发送请求之前将 CSRF 令牌添加为 cookie 和标头。我还尝试过在几个不同的端点上进行身份验证。

c# .net http roblox
1个回答
0
投票

@Yorick 对这个问题的回答非常有帮助。

事实证明,如果您从浏览器中抓取 CSRF 令牌来使用它将不起作用,您必须使用有效的 .ROBLOSECURITY cookie 向 https://auth.roblox.com/ 发送请求并使用标头中提供的 CSRF 令牌。这是我添加到上面的代码中以获得

x-csrf-token

HttpResponseMessage response = await client.PostAsync(url, postData);

if (response.Headers.TryGetValues("x-csrf-token", out var values))
{
    csrfToken = string.Join(",", values);
    Console.WriteLine("x-csrf-token recv: " + csrfToken);
}

这将获取响应中包含的所有标头,并设置要在应用程序中其他地方使用的

csrfToken
值。

希望这对遇到此问题的任何人都有帮助。

© www.soinside.com 2019 - 2024. All rights reserved.