“您输入的帐户名或密码不正确” Steam Api 错误答案

【问题标题】："The account name or password that you have entered is incorrect" Steam Api error“您输入的帐户名或密码不正确” Steam Api 错误
【发布时间】：2020-03-08 11:48:44
【问题描述】：

尝试使用此 api 端点登录时出现“您输入的帐户名或密码不正确”错误：https://steamcommunity.com/login/dologin/

我使用的是通过 Steam 应用程序或 Steam 网站登录时使用的凭据，所以我认为我的凭据没有问题。

这里代码我使用哪个代码：

public bool DoLogin(string username, string password)
{
    var data = new NameValueCollection { { "username", username } };
    // First get the RSA key with which we will encrypt our password.
    string response = Fetch("https://steamcommunity.com/login/getrsakey", "POST", data, false);
    GetRsaKey rsaJson = JsonConvert.DeserializeObject<GetRsaKey>(response);

    // Validate, if we could get the rsa key.
    if (!rsaJson.success)
    {
        return false;
    }

    // RSA Encryption.
    RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
    RSAParameters rsaParameters = new RSAParameters
    {
        Exponent = HexToByte(rsaJson.publickey_exp),
        Modulus = HexToByte(rsaJson.publickey_mod)
    };

    rsa.ImportParameters(rsaParameters);

    // Encrypt the password and convert it.
    byte[] bytePassword = Encoding.ASCII.GetBytes(password);
    byte[] encodedPassword = rsa.Encrypt(bytePassword, false);
    string encryptedBase64Password = Convert.ToBase64String(encodedPassword);

    SteamResult loginJson = null;
    CookieCollection cookieCollection;
    string steamGuardText = "";
    string steamGuardId = "";

    // Do this while we need a captcha or need email authentification. Probably you have misstyped the captcha or the SteamGaurd code if this comes multiple times.
    do
    {
        Console.WriteLine("SteamWeb: Logging In...");

        bool captcha = loginJson != null && loginJson.captcha_needed;
        bool steamGuard = loginJson != null && loginJson.emailauth_needed;

        string time = Uri.EscapeDataString(rsaJson.timestamp);

        string capGid = string.Empty;
        // Response does not need to send if captcha is needed or not.
        // ReSharper disable once MergeSequentialChecks
        if (loginJson != null && loginJson.captcha_gid != null)
        {
            capGid = Uri.EscapeDataString(loginJson.captcha_gid);
        }

        data = new NameValueCollection { { "password", encryptedBase64Password }, { "username", username } };

        // Captcha Check.
        string capText = "";
        if (captcha)
        {
            Console.WriteLine("SteamWeb: Captcha is needed.");
            System.Diagnostics.Process.Start("https://steamcommunity.com/public/captcha.php?gid=" + loginJson.captcha_gid);
            Console.WriteLine("SteamWeb: Type the captcha:");
            string consoleText = Console.ReadLine();
            if (!string.IsNullOrEmpty(consoleText))
            {
                capText = Uri.EscapeDataString(consoleText);
            }
        }

        data.Add("captchagid", captcha ? capGid : "-1");
        data.Add("captcha_text", captcha ? capText : "");
        // Captcha end.
        // Added Header for two factor code.
        data.Add("twofactorcode", "");

        // Added Header for remember login. It can also set to true.
        data.Add("remember_login", "false");

        // SteamGuard check. If SteamGuard is enabled you need to enter it. Care probably you need to wait 7 days to trade.
        // For further information about SteamGuard see: https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519&l=english.
        if (steamGuard)
        {
            Console.WriteLine("SteamWeb: SteamGuard is needed.");
            Console.WriteLine("SteamWeb: Type the code:");
            string consoleText = Console.ReadLine();
            if (!string.IsNullOrEmpty(consoleText))
            {
                steamGuardText = Uri.EscapeDataString(consoleText);
            }
            steamGuardId = loginJson.emailsteamid;

            // Adding the machine name to the NameValueCollection, because it is requested by steam.
            Console.WriteLine("SteamWeb: Type your machine name:");
            consoleText = Console.ReadLine();
            var machineName = string.IsNullOrEmpty(consoleText) ? "" : Uri.EscapeDataString(consoleText);
            data.Add("loginfriendlyname", machineName != "" ? machineName : "defaultSteamBotMachine");
        }

        data.Add("emailauth", steamGuardText);
        data.Add("emailsteamid", steamGuardId);
        // SteamGuard end.

        // Added unixTimestamp. It is included in the request normally.
        var unixTimestamp = (int)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
        // Added three "0"'s because Steam has a weird unix timestamp interpretation.
        data.Add("donotcache", unixTimestamp + "000");

        data.Add("rsatimestamp", time);

        // Sending the actual login.
        using (HttpWebResponse webResponse = Request("https://steamcommunity.com/login/dologin/", "POST", data, false))
        {
            var stream = webResponse.GetResponseStream();
            if (stream == null)
            {
                return false;
            }
            using (StreamReader reader = new StreamReader(stream))
            {
                string json = reader.ReadToEnd();
                loginJson = JsonConvert.DeserializeObject<SteamResult>(json);
                cookieCollection = webResponse.Cookies;
            }
        }
    } while (loginJson.captcha_needed || loginJson.emailauth_needed);

    // If the login was successful, we need to enter the cookies to steam.
    if (loginJson.success)
    {
        _cookies = new CookieContainer();
        foreach (Cookie cookie in cookieCollection)
        {
            _cookies.Add(cookie);
        }
        SubmitCookies(_cookies);
        return true;
    }
    else
    {
        Console.WriteLine("SteamWeb Error: " + loginJson.message);
        return false;
    }

}

enter image description here

还有其他解决方案如何登录steam并获取html吗？

【问题讨论】：

你有没有考虑过使用像Steamworks这样已经构建好的steam认证系统？自从我使用 Steam 作为身份验证提供程序以来已经有一段时间了，但是对我来说，在你端做 RSA 似乎不合适......

标签： c# .net steam

【解决方案1】：

好的，所以我检查了你的加密，它看起来很好。你的代码有点混乱，所以我会用我的：

我更喜欢使用 RestSharp 和 Newton Soft JSON 来执行此操作，因此在 Class body 中添加了一些强制性内容：

 private IRestClient restClientTemporary;
 private string getKeysURL = "/login/getrsakey/";
 private string loginWithKey = "/login/dologin/";

创建 RestClient 和 RestRequests：

restClientTemporary = new RestClient("https://steamcommunity.com");
var request = new RestRequest(getKeysURL, Method.POST);
request.AddParameter("username", "YourSteamLogin");

var resp = restClientTemporary.Execute(request);
GetRsaResult response = Newtonsoft.Json.JsonConvert.DeserializeObject<GetRsaResult>(resp.Content);

然后我使用您的代码作为加密方法：

    public static string EncryptionSof(string password, GetRsaResult response)
        {
            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
            RSAParameters rsaParameters = new RSAParameters
            {
                Exponent = HexToByte(response.publickey_exp),
                Modulus = HexToByte(response.publickey_mod)
            };

            rsa.ImportParameters(rsaParameters);

            // Encrypt the password and convert it.
            byte[] bytePassword = Encoding.ASCII.GetBytes(password);
            byte[] encodedPassword = rsa.Encrypt(bytePassword, false);
            return Convert.ToBase64String(encodedPassword);
        }

然后用这个方法：

string password = EncryptionSof("admin123/*its your steam password i think*/", response);

下一步是请求获取登录数据：

var loginRequest = new RestRequest(loginWithKey);
loginRequest.AddParameter("username", "YourSteamLogin");
loginRequest.AddParameter("password", password);
loginRequest.AddParameter("rsatimestamp", response.timestamp);
loginRequest.AddParameter("remember_login", false);
//Captcha stuff if needed:
loginRequest.AddParameter("captchagid", 3086601225255895896);
loginRequest.AddParameter("captcha_text", "LHYJ2P");

最后执行：

var responseFinal = restClientTemporary.Execute(loginRequest);

作为回应，我在 responseFinal.Content 中收到了我需要的一切：

{
   "success":true,
   "requires_twofactor":false,
   "login_complete":true,
   "transfer_urls":[
      "https:\\/\\/store.steampowered.com\\/login\\/transfer",
      "https:\\/\\/help.steampowered.com\\/login\\/transfer"
   ],
   "transfer_parameters":{
      "steamid":"12344567898765432",
      "token_secure":"xDDDDDDDDD",
      "auth":"LOOOOOL",
      "remember_login":false
   }
}

GetRsaResult 模型如下所示：

    public class GetRsaResult
    {
        public bool success { get; set; }
        public string publickey_mod { get; set; }
        public string publickey_exp { get; set; }
        public string timestamp { get; set; }
        public string token_gid { get; set; }
    }

啊，我忘记了将 16-string 更改为 byte[]，它的方法在 Stackoverflow 上找到：

public static byte[] HexToByte(string hex)
        {
            return Enumerable.Range(0, hex.Length)
                             .Where(x => x % 2 == 0)
                             .Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
                             .ToArray();
        }

而且你必须记住一件事你永远不想将明文密码发送到 Steam。第一个请求/login/getrsakey/ 仅用于获取密钥以加密密码。 Steam 为您提供加密密码的密钥。因此，您将在程序中使用您的明文密码（在我的示例中为 admin123 ）使用您从 Steam 收到的密钥对其进行加密。

在第二个请求/login/dologin/ 中，您必须发送加密密码（EncryptionSoF 方法的结果）

【讨论】：