I'm trying to logon into an API hosted in Azure using Python and requests is my go-to library for http requests. Tried this:
import requests
url = f"https://{SERVER}/{PLATFORM}/Account/Logon"
payload = f'LicenseType=&Password={PASSWORD}&RedirectToMyselfInCaseOfError=false&RememberMe=false&UserName={USERNAME}'
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json',
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
but got:
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>Microsoft-Azure-Application-Gateway/v2</center>
</body>
</html>
if I use another python library such as http.client it will work finely:
import http.client
conn = http.client.HTTPSConnection(SERVER)
payload = f'LicenseType=&Password={PASSWORD}&RedirectToMyselfInCaseOfError=false&RememberMe=false&UserName={USERNAME}'
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json',
}
conn.request("POST", f"/{PLATFORM}/Account/Logon", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
Is there any way to avoid Azure to flag my "requests" lib request as malicious?
CodePudding user response:
Found the reason: Curl and Python Requests (get) reporting different http status code
Just add a User-Agent field to the headers