I have created the following code to login on a site using HttpClient:
static async Task Main(string[] args)
{
var cookieContainer = new CookieContainer();
var handler = new HttpClientHandler
{
CookieContainer = cookieContainer
};
using (HttpClient client = new HttpClient(handler))
{
await FirstHeadersAdd(client); //Cabelaçho da request - primeiro GET
HttpResponseMessage response = await client.GetAsync("https://www.santandernegocios.com.br/portaldenegocios/#/externo");
if (response.IsSuccessStatusCode) //First GET request, okay
{
await RunGetRequests(client);
await Task.Delay(new Random().Next(50, 90));
await RunPostRequests(client);
await Task.Delay(new Random().Next(30, 45));
//await AddFirstOptionsHeaders(client);
client.DefaultRequestHeaders.Add("Accept", "*/*");
client.DefaultRequestHeaders.Add("Origin", "https://www.santandernegocios.com.br");
client.DefaultRequestHeaders.Add("Access-Control-Request-Headers", "content-type");
client.DefaultRequestHeaders.Add("Access-Control-Request-Method", "POST");
client.DefaultRequestHeaders.Add("Method", "OPTIONS");
response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Options, "https://esbapi.santander.com.br/cryptographic-security/v1/key/public/js?gw-app-key=bfa4d8e04f460137b98e005056a171c8"));
var content = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode) //First options request, OK
{
client.DefaultRequestHeaders.Remove("Accept");
client.DefaultRequestHeaders.Remove("Method");
client.DefaultRequestHeaders.Add("Method", "POST");
client.DefaultRequestHeaders.Add("Accept", "application/json, text/plain, */*");
var clientKeyPayload = await CreateJSONClientKeyPayload();
var firstPostRequest = new HttpRequestMessage(HttpMethod.Post, "https://esbapi.santander.com.br/cryptographic-security/v1/key/public/js?gw-app-key=bfa4d8e04f460137b98e005056a171c8")
{
Content = new StringContent(clientKeyPayload, Encoding.UTF8, "application/json")
};
response = await client.SendAsync(firstPostRequest);
if (response.IsSuccessStatusCode) //Primeiro post OK
{
string payloadResponse = await response.Content.ReadAsStringAsync(); //Ticket and public key
var secondOptionsRequest = new HttpRequestMessage(HttpMethod.Options, "https://esbapi.santander.com.br/business-partners-security-leg/v2/login?gw-app-key=bfa4d8e04f460137b98e005056a171c8");
client.DefaultRequestHeaders.Remove("Accept");
client.DefaultRequestHeaders.Remove("Method");
client.DefaultRequestHeaders.Add("Access-Control-Request-Method", "GET");
client.DefaultRequestHeaders.Add("Accept", "*/*");
client.DefaultRequestHeaders.Add("Method", "OPTIONS");
client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, br, zstd");
client.DefaultRequestHeaders.Add("Access-Control-Request-Headers", "password,system,ticket,user");
client.DefaultRequestHeaders.Add("Path", "/business-partners-security-leg/v2/login?gw-app-key=bfa4d8e04f460137b98e005056a171c8");
response = await client.SendAsync(secondOptionsRequest);
if (response.IsSuccessStatusCode) //Second OPTIONS request, okay
{
string z = await response.Content.ReadAsStringAsync();
var headerInfo = response.Headers;
JsonDocument doc = JsonDocument.Parse(payloadResponse);
string serverPublicKey = doc.RootElement.GetProperty("serverPublicKey").GetString();
string ticket = doc.RootElement.GetProperty("ticket").GetString();
client.DefaultRequestHeaders.Add("Ticket", $"{ticket}");
client.DefaultRequestHeaders.Add("System", "PNG");
client.DefaultRequestHeaders.Add("User", "Ds5YZt7WCAdvQ2CQlDw+lQ==");
client.DefaultRequestHeaders.Remove("Method");
client.DefaultRequestHeaders.Add("Method", "GET");
client.DefaultRequestHeaders.Remove("Access-Control-Request-Method");
client.DefaultRequestHeaders.Remove("Access-Control-Request-Headers");
client.DefaultRequestHeaders.Remove("Path");
client.DefaultRequestHeaders.Add("Path", "/business-partners-security-leg/v2/login?gw-app-key=bfa4d8e04f460137b98e005056a171c8");
//can't get authorized here, when i try the GET request it says unauthorized
var getRequest = await client.GetAsync("https://esbapi.santander.com.br/business-partners-security-leg/v2/login?gw-app-key=bfa4d8e04f460137b98e005056a171c8");
content = await getRequest.Content.ReadAsStringAsync();
}
}
}
}
} //closing httpclient handler
}//closing main
Howver i can’t get authenticated. I’ve been stuck on this last step for about a week, with no advances. Here’s what i did:
- analyzed each network request when logging on the site using Chrome Developer Tools
- Reproduced each request on the code, using httpclient and adding specific headers.
However, for the last GET request, there seems to be some token data i can’t figure out where it comes from. I’ve noticed those request response headers:
x-access-token
x-access-token-expiry
x-access-token-jwt
x-access-token-sequence
x-access-token-type
x-apigee-access-token
I believe i do get this info when the GET request is okay. However, i noticed that there’s an parameter on the GET request header:
I can’t find out where the parameter “Password” comes from. I’ve analyzed all response headers (i saved them all on each request to an List and analyzed calmly) but still can’t find where it comes from.
Of course, i can get it to work by using Selenium. But Selenium reproduces an user navigating, and its kinda slow for my needs.
Ps: The headers added during the login process, i analyzed each one of them on the network developer tools and decided to add them trying to get the login process to work.
Any input is appreciated. I know the code is ugly for now, but i’m focusing on getting things done for now. Thanks a lot!