HTTPWebRequest

[Eric Newton]

Well, here's the scenario:

In your base app, the user's credentials are verified. If the rest of those
apps "hang under" the base app, then you could write another cookie just
before the FormsAuth.RedirectFromLoginPage in your base app that writes this
cookie indicating proper auth.

Now, in your child apps, the login page could check to see if this special
"auth" cookie is already present, and perform what I call a "Soft Login,"
whereas upon login's load, it makes a check, then calls the
FormsAuth.RedirectFromLogin using the "master cookie's" contents.

Obviously if you dont properly encrypt this "master cookie" then security is
blown, since a hacker could easily craft a this cookie to gain "soft login"
priveledges to all the base apps, this being, only AFTER he found out that
the base cookie even exists

In summary,
- login to base app, create a "master cookie" for soft logins to child apps
- child apps' login pages check for "master cookie" and perform soft login
if true

This would only work if you set the cookie's path to be "/" or whatever the
base app's path is.


--
Eric Newton
[email]eric@ensoft-software.com[/email]
C#/ASP.net Solutions developer

"Anthony Leuzzi" <AvantiJunk@comcast.net> wrote in message
news:utBLvVyYDHA.1744@TK2MSFTNGP12.phx.gbl...

> I currently have a ASP website which requires a user to provide a user

name

> a password. There is a section of the page will lists all of the ASP.NET
> applications the user has access to. These web sites will be secured
> through forms authentication.
>
> I am trying to figure out a way to authenticate the user with having them

to

> log in again. I was thinking that I could manually post the user name and
> password to the login page for that application and I have had some

success

> using the HTTPWebRequest. However, I can get the click event of the login
> button to fire. I know I need to indicate that the login button caused

the

> postback, but I haven't figured out a way to do that.
>
> Is there another way to have a single signon for multiple websites?
>
> Thanks in advance.
> Anthony
>
>
>

[nissim]

i need to read about 100 diffrent html pages from my site,
every 1 hour,
i do it with HttpWebRequest and HttpWebResponse and wth
full success,
the problem is that every time i call HttpWebRequest.Create
() method it open a new session in my site (i can see it
in the statistic page), i want to do that with only one
session.
is it possible?

[Paolo Pialorsi [DevLeap]]

You need to use a CookieContainer instance shared by all the requests, I
guess.

Paolo Pialorsi [ DevLeap - Bridge The Gap! ]
Blog: [url]http://blogs.devleap.com/paolo.blog[/url]

"nissim" <nis_krigh@hotmail.com> wrote in message
news:038e01c3d0ad$2645e3e0$a001280a@phx.gbl...

> i need to read about 100 diffrent html pages from my site,
> every 1 hour,
> i do it with HttpWebRequest and HttpWebResponse and wth
> full success,
> the problem is that every time i call HttpWebRequest.Create
> () method it open a new session in my site (i can see it
> in the statistic page), i want to do that with only one
> session.
> is it possible?
>

[Nissim]

Thanks
But i to do that, where i can find a code sample?
thanks again

>-----Original Message-----
>You need to use a CookieContainer instance shared by all

the requests, I

>guess.
>
>Paolo Pialorsi [ DevLeap - Bridge The Gap! ]
>Blog: [url]http://blogs.devleap.com/paolo.blog[/url]
>
>"nissim" <nis_krigh@hotmail.com> wrote in message
>news:038e01c3d0ad$2645e3e0$a001280a@phx.gbl...

>> i need to read about 100 diffrent html pages from my

site,

>> every 1 hour,
>> i do it with HttpWebRequest and HttpWebResponse and wth
>> full success,
>> the problem is that every time i call

HttpWebRequest.Create

>> () method it open a new session in my site (i can see it
>> in the statistic page), i want to do that with only one
>> session.
>> is it possible?
>>

>
>
>.
>

[Paolo Pialorsi [DevLeap]]

[url]http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemNetHttpWebRequestClassCookieContainerTo pic.asp[/url]

May be your problem is different. Try to send more details...

Paolo Pialorsi [ DevLeap - Bridge The Gap! ]
Blog: [url]http://blogs.devleap.com/paolo.blog[/url]

"Nissim" <nis_krigh@hotmail.com> wrote in message
news:05ba01c3d1e4$65b5fc80$a601280a@phx.gbl...

> Thanks
> But i to do that, where i can find a code sample?
> thanks again
>
>

> >-----Original Message-----
> >You need to use a CookieContainer instance shared by all

> the requests, I

> >guess.
> >
> >Paolo Pialorsi [ DevLeap - Bridge The Gap! ]
> >Blog: [url]http://blogs.devleap.com/paolo.blog[/url]
> >
> >"nissim" <nis_krigh@hotmail.com> wrote in message
> >news:038e01c3d0ad$2645e3e0$a001280a@phx.gbl...

> >> i need to read about 100 diffrent html pages from my

> site,

> >> every 1 hour,
> >> i do it with HttpWebRequest and HttpWebResponse and wth
> >> full success,
> >> the problem is that every time i call

> HttpWebRequest.Create

> >> () method it open a new session in my site (i can see it
> >> in the statistic page), i want to do that with only one
> >> session.
> >> is it possible?
> >>

> >
> >
> >.
> >

[Nissim]

Thanks again ...
i'm sorry, May be my problem was not explained properly.
i need to read from console app several HTML content.
i know how to do that with HttpWebRequest and
HttpWebResponse , and its work .
the problem is that every page i read is a new session in
the web server.
i want to read all the 100 html pages in only one session.
is that possible?
Thanks
Nissim

[Martin Honnen]

Nissim wrote:

> i need to read from console app several HTML content.
> i know how to do that with HttpWebRequest and
> HttpWebResponse , and its work .
> the problem is that every page i read is a new session in
> the web server.
> i want to read all the 100 html pages in only one session.
> is that possible?

I think the answers you have already got suggest that you need to use
the CookieContainer of the first HttpWebResponse with all following
HttpWebRequests. Have you tried that?
Usually a web server application keeps track of sessions by sending out
a cookie with the session id and the client sends that sesssion id
cookie back. Thus if you use the CookieContainer containing the session
id cookie the server sends back on the first request then all your
following requests should be in the same session.

--

Martin Honnen
[url]http://JavaScript.FAQTs.com/[/url]

[Feroze [MSFT]]

What exactly do you mean by "Session" ? Do you mean application sessions
(implemented using cookies for example) or TCP connection sessions ?

If former, use CookieContainer as the other posters have suggested.

If latter, you should be using KeepAlive=true on the webrequest ( which is
the default). One of the reasons that you are not seeing this default
behavior could be that you are using Windows Integrated Authentication on
the server. Is that the case ?

feroze.

--
Remove "user" from the email address to reply to the author.

This posting is provided "AS IS" with no warranties, and confers no rights

Use of included script samples are subject to the terms specified at
[url]http://www.microsoft.com/info/cpyright.htm[/url]




"Martin Honnen" <Martin.Honnen@t-online.de> wrote in message
news:#74nfYr0DHA.1336@TK2MSFTNGP12.phx.gbl...

>
>
> Nissim wrote:
>
>

> > i need to read from console app several HTML content.
> > i know how to do that with HttpWebRequest and
> > HttpWebResponse , and its work .
> > the problem is that every page i read is a new session in
> > the web server.
> > i want to read all the 100 html pages in only one session.
> > is that possible?

>
> I think the answers you have already got suggest that you need to use
> the CookieContainer of the first HttpWebResponse with all following
> HttpWebRequests. Have you tried that?
> Usually a web server application keeps track of sessions by sending out
> a cookie with the session id and the client sends that sesssion id
> cookie back. Thus if you use the CookieContainer containing the session
> id cookie the server sends back on the first request then all your
> following requests should be in the same session.
>
> --
>
> Martin Honnen
> [url]http://JavaScript.FAQTs.com/[/url]
>