屏幕抓取的eventvalidation错误

Question

我正在尝试抓取我工作的站点的登录页面，并通过代码提交用户名/密码以登录到该站点。出于站点健康的原因，我想在检查服务中这样做。我遇到了几个问题，第一个问题是如何获得这个消息：

Exception information: Exception type: ArgumentException Exception message: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

我找到了一些网站，说我必须关闭eventvalidation，但出于安全考虑，我不想这么做。有没有办法绕过这个问题？

下面是代码。我基本上是直接从K.Scott Allen的文章中删除的：http://odetocode.com/Articles/162.aspx

  StringBuilder sb = new StringBuilder();
        var encryptedConnectionString = GlobalDataObject.EncryptSecure("conn string here", GlobalDataObject.Seed);
        sb.AppendFormat("client_id={0};", "client");
        sb.AppendFormat("client_directory={0};", "client");
        sb.AppendFormat("user_id={0};", "12");
        sb.AppendFormat("conn_string={0};", encryptedConnectionString);
        StringBuilder cookiesString = sb;

        HttpWebRequest webRequest = WebRequest.Create("http://localhost/site/login.aspx?c=client") as HttpWebRequest;
        webRequest.Headers.Add("Cookie", cookiesString.ToString());
        StreamReader responseReader = new StreamReader(
              webRequest.GetResponse().GetResponseStream()
           );
        string responseData = responseReader.ReadToEnd();
        responseReader.Close();

        // extract the viewstate value and build out POST data
        string viewState = ExtractViewState(responseData);
        string postData = string.Format("__VIEWSTATE={0}&Login1$Password={1}&Login1$UserName={2}&Login1$LoginButton={3}",
                                                            viewState,
                                                  HttpUtility.UrlEncode(username),
                                                  HttpUtility.UrlEncode(password),
                                                  "Log In");

        // have a cookie container ready to receive the forms auth cookie
        CookieContainer cookies = new CookieContainer();

        // now post to the login form
        webRequest = WebRequest.Create("http://localhost/site/login.aspx") as HttpWebRequest;
        webRequest.Method = "POST";
        webRequest.ContentType = "application/x-www-form-urlencoded";
        webRequest.CookieContainer = cookies;

        // write the form values into the request message
        StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
        requestWriter.Write(postData);
        requestWriter.Close();
        webRequest.AuthenticationLevel = AuthenticationLevel.None;
        // we don't need the contents of the response, just the cookie it issues
        webRequest.GetResponse().Close();  ///ERROR HAPPENS HERE

        // now we can send out cookie along with a request for the protected page
        webRequest = WebRequest.Create("http://localhost/site/user/home.aspx") as HttpWebRequest;
        webRequest.CookieContainer = cookies;
        responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());

        // and read the response
        responseData = responseReader.ReadToEnd();
        responseReader.Close();

        return responseData;

谢谢。

Answer 1

这个错误的想法是，它正在寻找可能会危及应用程序的畸形请求。由于它是一个登录页面，我打赌您不会试图传入未编码的HTML或其他内容。

viewstate：捕获构建的事件验证数据，并将其与登录请求一起发送回去，这与相同。