J3EsqdNvELL2KcwvUCn3ni7ktSt0Vzl6G7v元AfZhDQb41bn90l4haR9UGvLOqSkZ_cu5IiHzvsFrps6QJ3HJ8d-Dcb4A2soVjnozh7SsZxnz-HppwhV2UaWĪNvi6MsD4kwvBreJrO9nLMOBRBXhzEInoL0baqkn_nhEtxqAndZHiHcbuoPfz8xGmgV-ilTxZRAnJ8ZAwD3yHREgJsodVg" "accept-encoding"="gzip HHnWqF6LGVr79nWG3R1pqI62S3UKgEXOjhFTpEA3fD3clPti4ShG88PWnxa5ypGGDjUolcqjkusylpLAWZ3Jc8K4y-K_WnA-3EX_nN圜Hp3Tk8omXHq1LgvQ ZsXHXIpqzro6t_C5-m8BC_s2xev5SINoI-0316o7ITb6dsRA5b5oYJX2MXIWD2iaMWGADqAZeLDLoeQPHo6B6a8dQ-j2YkI17I4cjQ7SQKBiUCwN3DIZckY8 Invoke-WebRequest -Uri " -Headers "pragma"="no-cache" "cookie"="_RequestVerificationToken=3gvrynl8SRhi5CBG-umg5eGii3yUOrHJAQQ7jMXhN_hOk0EGS2XdIDISĪfhbBZuS3JCCJdP6V60K_crzcQF71aw2totf9CUTPheHBmTNBRM1 io=iki1JghnuzWahlUBAAAJ XXX=SUdlUpzYNbXJbhPxj4KY6-GC31hHyyPN_IZ88 Postman cookie value in UTF-8: XXX=_1gQcJZ_zwNNS6f5OO0mD5y4pPHATpzw7uRHQZnZidNfYYec9S3MkR-d9aaxx1AilQSCK_h1-9LVS1uVM_JLJDTty5Nilsx4njjOCsrefgBOvnkt9CIzt_fGu0kzgsi_VbrCSO-txXtLhrOBT61bFskQd0i2yF_xrnqdOoW6yzKmUPrdomxiABMsC-NYw5aSGD9d81ht-oreUGqJKoDQ7EJ0BzUc-Y6BDqrJv5TrIfdgwgOsk2cFN9gfrlN9DQQQpRAAEv5mgiXDmMpUpNvsP-k-CFu69sl1ZlTXOLR5ECSrq7woeIhea6-L9g1mwpslqAV_saLtv0DcbR525gR0tSrpEIuHLwj_TSqTQ1IPHqfcqSP-RzP2jGoz85y6W2glFkfFxAXJBMTjoz4U1fvjURL5qMEuC2IpQZqKGoSbp8xICFA01yY1zzHKxXnKL8MIqDNAe9urQn2W-gmwje9bzFAkft3eYYjctrCrGMRocgQ _RequestVerificationToken=HOA5v8aiHqUhzZP3fkKMUyi336D7JydqWMSWI-VThQgMrVRZEllKglaGaLOUP0z49ZEuJsrEaYbrLaLCxMgAwxJtfSJhGvsRaB6e3tlMPjc1īURP cookie value in UTF-8: XXX=_1gQcJZ_zwNNS6f5OO0mD5y4pPHATpzw7uRHQZnZidNfYYec9S3MkR-d9aaxx1AilQSCK_h1-9LVS1uVM_JLJDTty5Nilsx4njjOCsrefgBOvnkt9CIzt_fGu0kzgsi_VbrCSO-txXtLhrOBT61bFskQd0i2yF_xrnqdOoW6yzKmUPrdomxiABMsC-NYw5aSGD9d81ht-oreUGqJKoDQ7EJ0BzUc-Y6BDqrJv5TrIfdgwgOsk2cFN9gfrlN9DQQQpRAAEv5mgiXDmMpUpNvsP-k-CFu69sl1ZlTXOLR5ECSrq7woeIhea6-L9g1mwpslqAV_saLtv0DcbR525gR0tSrpEIuHLwj_TSqTQ1IPHqfcqSP-RzP2jGoz85y6W2glFkfFxAXJBMTjoz4U1fvjURL5qMEuC2IpQZqKGoSbp8xICFA01yY1zzHKxXnKL8MIqDNAe9urQn2W-gmwje9bzFAkft3eYYjctrCrGMRocgQ _RequestVerificationToken=HOA5v8aiHqUhzZP3fkKMUyi336D7JydqWMSWI-VThQgMrVRZEllKglaGaLOUP0z49ZEuJsrEaYbrLaLCxMgAwxJtfSJhGvsRaB6e3tlMPjc1įrom the command Copy as PowerShell from Chrome Developer Tools -> Network tab. Postman Gui does a line break on - but the copied value works in Burp so nothing wrong there. With Postman the exact same request gives = false. The application uses IAppBuilder - app.UseCookieAuthentication with AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie and a custom CookieName. I used the command Copy as PowerShell from Chrome Developer Tools -> Network tab from a working request and I got the same result with Invoke-WebRequest. I don't think it is Postman specific either. There is nothing misspelled in the request itself, I can copy the request generated by Postman and it works with BURP, if it is sent via Postman it fails. What is happening here? It must be some sort of session that is stored on the server but I don't get why the values differ with an identical requests. I can even stop the application and IIS Express, start it again and the result is the same. How can two identical HTTP Requests from the same machine generate different response in this case? The requests can be sent over and over again with the same result. I then tried to use .User instead but this gives the same result. If (!) return false Īccording to MSDN ClaimsPrincipal.Current just calls Thread.CurrentPrincipal by default but I still do not understand how this can happen. I narrowed it down to ClaimsPrincipal.Current being the culprit. When executing an identical request to ASP.NET Web API 2 from two different applications I get a different response. This is something I have never seen before.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |