Ask a Question related to ASP.NET Security, Design and Development.
-
Matthew Judd #1
HttpWebRequest and Forms Authentication
I am using Forms Authentication on my site, this process mostly works fine.
The problem I am having is that I have a page that uses an HttpWebRequest
object to get the html generated from one of the aspx pages within my site,
which it then emails to somebody. The problem I have with this is that the
email gets the login page instead of the page I requested, because when I do
the WebRequest it gets sent to the forms authentication login page that I
have specified. I need to be able to get my WebRequest to bypass the forms
authentication for this request, but I do not know how. Any suggestions would
be appreciated.
Matthew Judd
Matthew Judd Guest
-
Accessing htm files without authentication (forms authentication)
I have application with forms authentication. All works fine. When user opens .aspx file gets login form, login and then get the .aspx page. But... -
ASP.Net Forms authentication with basic authentication popup
Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user... -
Forms authentication then redirection to a secure web with NT authentication?
Hi, I want to allow access to particular secured intranet web sites. These intranet are stored in sharepoint (2003 version) Actually I've... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
Forms authentication with Windows authentication
Hi, I have an ASP.NET web site that uses IIS Basic Authentication and accesses an OLAP Server at various stages. The OLAP Server authentication... -
Jorge Matos #2 RE: HttpWebRequest and Forms Authentication
You probably need to add the Forms Authentication cookie as a http header in
your request to the other web page. The WebRequest type has a "headers"
property that you can use to add the Forms Authentication cookie to - then
when you make the request with the WebRequest object, your forms auth cookie
will go along for the ride.
hth
Jorge
"Matthew Judd" wrote:
> I am using Forms Authentication on my site, this process mostly works fine.
> The problem I am having is that I have a page that uses an HttpWebRequest
> object to get the html generated from one of the aspx pages within my site,
> which it then emails to somebody. The problem I have with this is that the
> email gets the login page instead of the page I requested, because when I do
> the WebRequest it gets sent to the forms authentication login page that I
> have specified. I need to be able to get my WebRequest to bypass the forms
> authentication for this request, but I do not know how. Any suggestions would
> be appreciated.
>
> Matthew JuddJorge Matos Guest
-
Joe Kaplan \(MVP - ADSI\) #3 Re: HttpWebRequest and Forms Authentication
Before that, you will probably need to make a separate request to the
authentication page and post some credentials so that you can get the cookie
value to begin with. It may be possible to hardcode a cookie value that
will work, but generally these things expire, so you'd probably need to get
one dynamically. Use an HTTP debugger like Fiddler to see the exact format
of the post so that you can replicate it in code.
In general, forms auth is not well suited for screen scraping or web
services-type of authentication. However, you can do it if you really want
to.
Joe K.
"Jorge Matos" <JorgeMatos@discussions.microsoft.com> wrote in message
news:5E2C9A0A-0A1F-43B2-A78C-B012657A9744@microsoft.com...> You probably need to add the Forms Authentication cookie as a http header
> in
> your request to the other web page. The WebRequest type has a "headers"
> property that you can use to add the Forms Authentication cookie to - then
> when you make the request with the WebRequest object, your forms auth
> cookie
> will go along for the ride.
>
> hth
> Jorge
>
> "Matthew Judd" wrote:
>>> I am using Forms Authentication on my site, this process mostly works
>> fine.
>> The problem I am having is that I have a page that uses an HttpWebRequest
>> object to get the html generated from one of the aspx pages within my
>> site,
>> which it then emails to somebody. The problem I have with this is that
>> the
>> email gets the login page instead of the page I requested, because when I
>> do
>> the WebRequest it gets sent to the forms authentication login page that I
>> have specified. I need to be able to get my WebRequest to bypass the
>> forms
>> authentication for this request, but I do not know how. Any suggestions
>> would
>> be appreciated.
>>
>> Matthew Judd
Joe Kaplan \(MVP - ADSI\) Guest
-
Jorge Matos #4 Re: HttpWebRequest and Forms Authentication
I didn't know about Fiddler - gotta look into that. I disagree about the
separate request though, if the user is already authenticated then you can
programmatically access the Forms Auth Cookie that is already present as a
header in the current request context, and since Matthew is hitting a web
page that is already in the site this should work. I agree with you only if
you are hitting an external web site that is using Forms Auth.
"Joe Kaplan (MVP - ADSI)" wrote:
> Before that, you will probably need to make a separate request to the
> authentication page and post some credentials so that you can get the cookie
> value to begin with. It may be possible to hardcode a cookie value that
> will work, but generally these things expire, so you'd probably need to get
> one dynamically. Use an HTTP debugger like Fiddler to see the exact format
> of the post so that you can replicate it in code.
>
> In general, forms auth is not well suited for screen scraping or web
> services-type of authentication. However, you can do it if you really want
> to.
>
> Joe K.
>
> "Jorge Matos" <JorgeMatos@discussions.microsoft.com> wrote in message
> news:5E2C9A0A-0A1F-43B2-A78C-B012657A9744@microsoft.com...>> > You probably need to add the Forms Authentication cookie as a http header
> > in
> > your request to the other web page. The WebRequest type has a "headers"
> > property that you can use to add the Forms Authentication cookie to - then
> > when you make the request with the WebRequest object, your forms auth
> > cookie
> > will go along for the ride.
> >
> > hth
> > Jorge
> >
> > "Matthew Judd" wrote:
> >> >> I am using Forms Authentication on my site, this process mostly works
> >> fine.
> >> The problem I am having is that I have a page that uses an HttpWebRequest
> >> object to get the html generated from one of the aspx pages within my
> >> site,
> >> which it then emails to somebody. The problem I have with this is that
> >> the
> >> email gets the login page instead of the page I requested, because when I
> >> do
> >> the WebRequest it gets sent to the forms authentication login page that I
> >> have specified. I need to be able to get my WebRequest to bypass the
> >> forms
> >> authentication for this request, but I do not know how. Any suggestions
> >> would
> >> be appreciated.
> >>
> >> Matthew Judd
>
>Jorge Matos Guest
-
Joe Kaplan \(MVP - ADSI\) #5 Re: HttpWebRequest and Forms Authentication
I Agree with you as well. I missed the part about this being on the same
site and already having the cookie.
Fiddler is quite cool. I think you will find it quite useful.
Joe K.
"Jorge Matos" <JorgeMatos@discussions.microsoft.com> wrote in message
news:D545634D-3B7B-4722-A1F4-5B8E68C603F9@microsoft.com...>I didn't know about Fiddler - gotta look into that. I disagree about the
> separate request though, if the user is already authenticated then you can
> programmatically access the Forms Auth Cookie that is already present as a
> header in the current request context, and since Matthew is hitting a web
> page that is already in the site this should work. I agree with you only
> if
> you are hitting an external web site that is using Forms Auth.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>>> Before that, you will probably need to make a separate request to the
>> authentication page and post some credentials so that you can get the
>> cookie
>> value to begin with. It may be possible to hardcode a cookie value that
>> will work, but generally these things expire, so you'd probably need to
>> get
>> one dynamically. Use an HTTP debugger like Fiddler to see the exact
>> format
>> of the post so that you can replicate it in code.
>>
>> In general, forms auth is not well suited for screen scraping or web
>> services-type of authentication. However, you can do it if you really
>> want
>> to.
>>
>> Joe K.
>>
>> "Jorge Matos" <JorgeMatos@discussions.microsoft.com> wrote in message
>> news:5E2C9A0A-0A1F-43B2-A78C-B012657A9744@microsoft.com...>>>> > You probably need to add the Forms Authentication cookie as a http
>> > header
>> > in
>> > your request to the other web page. The WebRequest type has a
>> > "headers"
>> > property that you can use to add the Forms Authentication cookie to -
>> > then
>> > when you make the request with the WebRequest object, your forms auth
>> > cookie
>> > will go along for the ride.
>> >
>> > hth
>> > Jorge
>> >
>> > "Matthew Judd" wrote:
>> >
>> >> I am using Forms Authentication on my site, this process mostly works
>> >> fine.
>> >> The problem I am having is that I have a page that uses an
>> >> HttpWebRequest
>> >> object to get the html generated from one of the aspx pages within my
>> >> site,
>> >> which it then emails to somebody. The problem I have with this is that
>> >> the
>> >> email gets the login page instead of the page I requested, because
>> >> when I
>> >> do
>> >> the WebRequest it gets sent to the forms authentication login page
>> >> that I
>> >> have specified. I need to be able to get my WebRequest to bypass the
>> >> forms
>> >> authentication for this request, but I do not know how. Any
>> >> suggestions
>> >> would
>> >> be appreciated.
>> >>
>> >> Matthew Judd
>>
>>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
