daisukenishino2/hogehoge.txt

Last active February 25, 2020 04:23

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/daisukenishino2/4f8d7ba38a3041acaf2d10cf13050bb9.js"></script>
Save daisukenishino2/4f8d7ba38a3041acaf2d10cf13050bb9 to your computer and use it in GitHub Desktop.

Download ZIP

汎用認証サイトのAuthorization Code Flowをキャプチャする。

Raw

hogehoge.txt

ほげほげ

Author

daisukenishino2 commented Jan 27, 2020 •

edited

Loading

キャプチャ結果

少々、古いバージョンのキャプチャなので、
現在のモノとは、エンドポイント名などが違うカモ。

認可

リクエスト

GET http://hogehoge/MultiPurposeAuthSite/Account/OAuthAuthorize?client_id=67d328bfe8604aae83fb15fa44780d8b&response_type=code&scope=profile%20email%20phone%20address&state=7qhho1Uoe3
HTTP/1.1
Host: hogehoge
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Referer: http://localhost/MultiPurposeAuthSite/
Accept-Encoding: gzip, deflate
Accept-Language: ja,en-US;q=0.9,en;q=0.8

レスポンス

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Location: http://hogehoge/MultiPurposeAuthSite/Account/OAuthAuthorizationCodeGrantClient?code=10245b1583bf4c6787ce2e9092a5f4843ac3117a4704491e8aeed00eb3dd04e7&state=7qhho1Uoe3
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Dec 2019 08:53:30 GMT
Content-Length: 0

GET http://hogehoge/MultiPurposeAuthSite/Account/OAuthAuthorizationCodeGrantClient?code=10245b1583bf4c6787ce2e9092a5f4843ac3117a4704491e8aeed00eb3dd04e7&state=7qhho1Uoe3 HTTP/1.1
Host: hogehoge
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Referer: http://hogehoge/MultiPurposeAuthSite/Account/OAuthAuthorize?client_id=67d328bfe8604aae83fb15fa44780d8b&response_type=code&scope=profile%20email%20phone%20address&state=7qhho1Uoe3
Accept-Encoding: gzip, deflate
Accept-Language: ja,en-US;q=0.9,en;q=0.8
Cookie: SessionTimeOut=; _RequestVerificationToken_L011bHRpUHVycG9zZUF1dGhTaXRlMA2=vQMlVGXfH3LCEU0djFwqjTkS_HHDbYNVJnfSlQuW1Ym6oWnRiXr-emYd6lIZENQds8tOnCrjIQbG0sGTIOj0bAChX566U1EZ5Z5AdLWW3Y1; .AspNet.ApplicationCookie=4QiEZOoN_uDRsLaRAOSs9K620oEyanGO3fJ672eiyCTOPb5UvWmeMy6ZW6QDP4I_AgfOwUqYEIU1YgYo2-hUg2gTtgHCAJdvUm9xy13rGxaHzh5zncy9p3ueIAjhZuCOGgmMP63pWl4QnhNTMGRLfeQ8JZo1cS4G_yYEA4rEYyAeHt3G2yGInvq2qYMVoFy7s2IRTCMESDcD152aJ9Ha8qvyh7dU_4x5w1gSHD8lo4SJeEGDHEIiKKPu_pzOvn03sV4s4nojm7Ais5fWXVXHcTe6VUqx3lxhrch-Z93MGHtQmxqdl8u_Uyqx_qOK-NbeuY9tMnWf6KpkexWL_6iBdVNJm8q2Qx_K9gIeywSNvtihlkNd67e2pn7DTsqx8gSeNJ_ihk1F7F7n-FMG6J5RElk7TrmmMjfZ3seS6tfkfZA5FLksybiIY_JT4v0QVH1AD-5ApvKJ6_DuOxa0TlFt84-Qxt4IY6GpjfgAcEmsdKAKLxSkHhkTK2FKSGc4n6ZNgtq_bvzy2AMoUQ1gOw9IBoNRTUQXamcZOevFdU0hNda2yXUvKS9DpTLMpflXHrOM; ASP.NET_SessionId=tbb4i4khrve5fpkc1htnepjx

Token

リクエスト

POST http://hogehoge/MultiPurposeAuthSite/OAuthBearerToken HTTP/1.1
Authorization: Basic NjdkMzI4YmZlODYwNGFhZTgzZmIxNWZhNDQ3ODBkOGI6c19GaGp1alhHMFU2a0FELWM0UzVpZmlLZEFncUZvaWxfVXhLdU5fVXI1MA==
Content-Type: application/x-www-form-urlencoded
Host: hogehoge
Content-Length: 204
Expect: 100-continue
Connection: Keep-Alive

grant_type=authorization_code&code=10245b1583bf4c6787ce2e9092a5f4843ac3117a4704491e8aeed00eb3dd04e7&redirect_uri=http%3A%2F%2Fhogehoge%2FMultiPurposeAuthSite%2FAccount%2FOAuthAuthorizationCodeGrantClient

レスポンス

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Expires: -1
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 02 Dec 2019 08:53:31 GMT
Content-Length: 859

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vand0c3NvYXV0aC5vcGVudG91cnlvLmNvbSIsImF1ZCI6IjY3ZDMyOGJmZTg2MDRhYWU4M2ZiMTVmYTQ0NzgwZDhiIiwibm9uY2UiOiI3cWhobzFVb2UzIiwic3ViIjoiNGRmNjRkNTUtMzk4My00NjMyLWE5ZDMtMzk4MTVlYjJlMzNlIiwidXVpZCI6IjRkZjY0ZDU1LTM5ODMtNDYzMi1hOWQzLTM5ODE1ZWIyZTMzZSIsImlhdCI6IjE1NzUyNzY4MTEiLCJleHAiOiIxNTc1Mjk4NDExIiwiZ2l2ZW5fbmFtZSI6bnVsbCwiZmFtaWx5X25hbWUiOm51bGwsImVtYWlsIjoiZGFpc3VrZS5uaXNoaW5vLnpnQGhpdGFjaGktc29sdXRpb25zLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoiVHJ1ZSIsInBob25lX251bWJlciI6IiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwic2NvcGVzIjpbInByb2ZpbGUiLCJlbWFpbCIsInBob25lIiwiYWRkcmVzcyJdfQ.PWxWhNv2BQXETGhhciw-csMtxGm2Hy36Bz3UiM7wRfZtdQsMDK91CTjyTvh5DsoBMOEX7VJSVWGam9uXmCld_qSqeXu_PD60AEVE5Wipe1z4zIqMcOlEe8I9U6MzY35BoCYpxfVHocsbO5e3Ji-GASVdCHysXFqcXIo1E1vlleY","token_type":"bearer","expires_in":21599}

Userinfo

リクエスト

GET http://hogehoge/MultiPurposeAuthSite/userinfo HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vand0c3NvYXV0aC5vcGVudG91cnlvLmNvbSIsImF1ZCI6IjY3ZDMyOGJmZTg2MDRhYWU4M2ZiMTVmYTQ0NzgwZDhiIiwibm9uY2UiOiI3cWhobzFVb2UzIiwic3ViIjoiNGRmNjRkNTUtMzk4My00NjMyLWE5ZDMtMzk4MTVlYjJlMzNlIiwidXVpZCI6IjRkZjY0ZDU1LTM5ODMtNDYzMi1hOWQzLTM5ODE1ZWIyZTMzZSIsImlhdCI6IjE1NzUyNzY4MTEiLCJleHAiOiIxNTc1Mjk4NDExIiwiZ2l2ZW5fbmFtZSI6bnVsbCwiZmFtaWx5X25hbWUiOm51bGwsImVtYWlsIjoiZGFpc3VrZS5uaXNoaW5vLnpnQGhpdGFjaGktc29sdXRpb25zLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjoiVHJ1ZSIsInBob25lX251bWJlciI6IiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwic2NvcGVzIjpbInByb2ZpbGUiLCJlbWFpbCIsInBob25lIiwiYWRkcmVzcyJdfQ.PWxWhNv2BQXETGhhciw-csMtxGm2Hy36Bz3UiM7wRfZtdQsMDK91CTjyTvh5DsoBMOEX7VJSVWGam9uXmCld_qSqeXu_PD60AEVE5Wipe1z4zIqMcOlEe8I9U6MzY35BoCYpxfVHocsbO5e3Ji-GASVdCHysXFqcXIo1E1vlleY
Host: hogehoge
Connection: Keep-Alive

レスポンス

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Dec 2019 08:55:20 GMT
Content-Length: 254

{"sub":"4df64d55-3983-4632-a9d3-39815eb2e33e","uuid":"4df64d55-3983-4632-a9d3-39815eb2e33e","given_name":null,"family_name":null,"email":"nishi_74322014@ksj.biglobe.ne.jp","email_verified":"True","phone_number":"","phone_number_verified":"False"}

Author

daisukenishino2 commented Jan 27, 2020

キャプチャの方法

概要

以下に書いたような形で、

HttpClientの類の使い方 - マイクロソフト系技術情報 Wiki
HttpClientクラス > ポイント > デバッグ・プロシキを通す。
https://techinfoofmicrosofttech.osscons.jp/index.php?HttpClient%E3%81%AE%E9%A1%9E%E3%81%AE%E4%BD%BF%E3%81%84%E6%96%B9#o2f9ed91

バックエンドWebAPIへのHTTPキャプチャができます。

汎用認証サイトの設定

以下のように変更すると、キャプチャを取得可能になります。

Helper.cs

https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/CommonLibrary/Extensions/Sts/Helper.cs#L105

　this._oAuthHttpClient = HttpClientBuilder(EnumProxyType.Intranet);

↓ ↓ ↓

this._oAuthHttpClient = HttpClientBuilder(EnumProxyType.Debug);

appsettings.json

https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/MultiPurposeAuthSiteCore/MultiPurposeAuthSiteCore/appsettings.json#L70

"DebugProxyURL": "http://localhost:8888/",

↓ ↓ ↓

"DebugProxyURL": "http://hogehoge:8888/",

※ Fiddlerの問題でhostsファイルでlocalhostを別名に変更する必要がある。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment