HttpWebRequest and posting login data

[buran]

Dear ASP.NET Programmers,

How can I post data to an ASP.NET login page and pass authentication? The
login page uses forms
authentication, users must supply usernames and password and have to click
on a submit button. I
want to automate this process by supplying values with HttpWebRequest and
then download a file on
the site. I think that I cannot invoke the submit button. Pleeeasee help,
thanks in advance

Dim myWebReq As HttpWebRequest
Dim myWebResp As HttpWebResponse
Dim encoding As New System.Text.ASCIIEncoding()
Dim postData As String
Dim data() As Byte
Dim sr As StreamReader
Dim sw As StreamWriter

postData += "txtUsername=b"
postData += "&"
postData += "txtPassword=k"
data = encoding.GetBytes(postData)
myWebReq =
WebRequest.Create("http://burak/database/medicalDocs/F325_fittoflyreport.asp
x")
myWebReq.Method = "POST"
myWebReq.ContentType = "application/x-www-form-urlencoded"
myWebReq.ContentLength = data.Length
Dim myStream As Stream = myWebReq.GetRequestStream()
myStream.Write(data, 0, data.Length)
myStream.Close()
myWebResp = myWebReq.GetResponse
sr = New StreamReader(myWebResp.GetResponseStream)
Dim strHTML As String = sr.ReadToEnd
sw = File.CreateText("d:\Downloads\1.htm")
sw.WriteLine(strHTML)
sw.Close()
Response.WriteFile("d:\Downloads\1.htm")

[John Saunders]

"buran" <buran@buran.com> wrote in message
news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...

> Dear ASP.NET Programmers,
>
> How can I post data to an ASP.NET login page and pass authentication? The
> login page uses forms
> authentication, users must supply usernames and password and have to click
> on a submit button. I
> want to automate this process by supplying values with HttpWebRequest and
> then download a file on
> the site. I think that I cannot invoke the submit button. Pleeeasee help,
> thanks in advance

I could swear I answered this question before...

You are attempting to substitute code for a browser. Your code will have to
do what the browser would have done:

1) Browser attempts to reach a protected page, for instance, protected.aspx
2) Forms Authentication sees that the request does not include a Forms
Authentication Ticket in the proper cookie, so the server replies with a
"302 Page Moved" status, and a Location header pointing to the login page.
3) The browser requests the login page specified.
4) The server responds with the login page
5) The user fills in the login page and submits the form, so the browser
POSTs the form back to the login page
6) If the credentials are valid, the server responds with another "302 Page
Moved" status, a Location header pointing to protected.aspx, and a
Set-Cookie header providing the encrypted Forms Authentication Ticket.
7) The browser then requests protected.aspx, but this time supplies the
Forms Authentication Ticket in a Cookie header
8) Forms Authentication sees that the request includes a valid Forms
Authentication Ticket, so it permits the access. The server responds with
the protected page.

This is what your code will need to duplicate.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]

[buran]

I am using following code but for no good. Maybe you can help me on this...

On the logindeneme.aspx page

Private Sub btnValidate_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnValidate.Click
If FormsAuthentication.Authenticate(txtUsername.Text,
txtPassword.Text) Then
Dim tkt As FormsAuthenticationTicket
Dim cookiestr As String
Dim ck As HttpCookie

tkt = New FormsAuthenticationTicket(txtUsername.Text, False,
120)
cookiestr = FormsAuthentication.Encrypt(tkt)
Session.Add("c", cookiestr)
ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
cookiestr)
Response.Cookies.Add(ck)

Dim strRedirect As String
strRedirect = Request("ReturnURL")
If strRedirect <> "" Then
Response.Redirect(strRedirect, True)
Else
strRedirect = "logindeneme.aspx"
Response.Redirect(strRedirect, True)
End If
Else
lblMessage.Text = "Invalid username/password"
End If
End Sub

and then in the page where I am requesting the page to be downloaded..

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim myWebReq As HttpWebRequest
Dim myWebResp As HttpWebResponse
Dim strHTML As String
Dim c As New Cookie()
Dim sr As StreamReader
Dim sw As StreamWriter
Dim cc As New CookieContainer()

myWebReq = WebRequest.Create("http://burak/LoginDeneme/secret.aspx")
c.Name = FormsAuthentication.FormsCookieName()
c.Value = Session("c")
c.Domain = "http://burak/LoginDeneme"
cc.Add(c)
myWebReq.CookieContainer = cc
myWebResp = myWebReq.GetResponse
sr = New StreamReader(myWebResp.GetResponseStream)
strHTML = sr.ReadToEnd
sw = File.CreateText("d:\Downloads\1.htm")
sw.WriteLine(strHTML)
sw.Close()
Response.WriteFile("d:\Downloads\1.htm")
End Sub

What am I missing? Thank you very much for your help..

buran


"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:esQrrFHfDHA.392@TK2MSFTNGP12.phx.gbl...

> "buran" <buran@buran.com> wrote in message
> news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...

> > Dear ASP.NET Programmers,
> >
> > How can I post data to an ASP.NET login page and pass authentication?

The

> > login page uses forms
> > authentication, users must supply usernames and password and have to

click

> > on a submit button. I
> > want to automate this process by supplying values with HttpWebRequest

and

> > then download a file on
> > the site. I think that I cannot invoke the submit button. Pleeeasee

help,

> > thanks in advance

>
> I could swear I answered this question before...
>
> You are attempting to substitute code for a browser. Your code will have

to

> do what the browser would have done:
>
> 1) Browser attempts to reach a protected page, for instance,

protected.aspx

> 2) Forms Authentication sees that the request does not include a Forms
> Authentication Ticket in the proper cookie, so the server replies with a
> "302 Page Moved" status, and a Location header pointing to the login page.
> 3) The browser requests the login page specified.
> 4) The server responds with the login page
> 5) The user fills in the login page and submits the form, so the browser
> POSTs the form back to the login page
> 6) If the credentials are valid, the server responds with another "302

Page

> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication Ticket.
> 7) The browser then requests protected.aspx, but this time supplies the
> Forms Authentication Ticket in a Cookie header
> 8) Forms Authentication sees that the request includes a valid Forms
> Authentication Ticket, so it permits the access. The server responds with
> the protected page.
>
> This is what your code will need to duplicate.
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>

[buran]

I am using following code but for no good. Maybe you can help me on this...

On the logindeneme.aspx page

Private Sub btnValidate_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnValidate.Click
If FormsAuthentication.Authenticate(txtUsername.Text,
txtPassword.Text) Then
Dim tkt As FormsAuthenticationTicket
Dim cookiestr As String
Dim ck As HttpCookie

tkt = New FormsAuthenticationTicket(txtUsername.Text, False,
120)
cookiestr = FormsAuthentication.Encrypt(tkt)
Session.Add("c", cookiestr)
ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
cookiestr)
Response.Cookies.Add(ck)

Dim strRedirect As String
strRedirect = Request("ReturnURL")
If strRedirect <> "" Then
Response.Redirect(strRedirect, True)
Else
strRedirect = "logindeneme.aspx"
Response.Redirect(strRedirect, True)
End If
Else
lblMessage.Text = "Invalid username/password"
End If
End Sub

and then in the page where I am requesting the page to be downloaded..

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim myWebReq As HttpWebRequest
Dim myWebResp As HttpWebResponse
Dim strHTML As String
Dim c As New Cookie()
Dim sr As StreamReader
Dim sw As StreamWriter
Dim cc As New CookieContainer()

myWebReq = WebRequest.Create("http://burak/LoginDeneme/secret.aspx")
c.Name = FormsAuthentication.FormsCookieName()
c.Value = Session("c")
c.Domain = "http://burak/LoginDeneme"
cc.Add(c)
myWebReq.CookieContainer = cc
myWebResp = myWebReq.GetResponse
sr = New StreamReader(myWebResp.GetResponseStream)
strHTML = sr.ReadToEnd
sw = File.CreateText("d:\Downloads\1.htm")
sw.WriteLine(strHTML)
sw.Close()
Response.WriteFile("d:\Downloads\1.htm")
End Sub

What am I missing? Thank you very much for your help..

buran


"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:esQrrFHfDHA.392@TK2MSFTNGP12.phx.gbl...

> "buran" <buran@buran.com> wrote in message
> news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...

> > Dear ASP.NET Programmers,
> >
> > How can I post data to an ASP.NET login page and pass authentication?

The

> > login page uses forms
> > authentication, users must supply usernames and password and have to

click

> > on a submit button. I
> > want to automate this process by supplying values with HttpWebRequest

and

> > then download a file on
> > the site. I think that I cannot invoke the submit button. Pleeeasee

help,

> > thanks in advance

>
> I could swear I answered this question before...
>
> You are attempting to substitute code for a browser. Your code will have

to

> do what the browser would have done:
>
> 1) Browser attempts to reach a protected page, for instance,

protected.aspx

> 2) Forms Authentication sees that the request does not include a Forms
> Authentication Ticket in the proper cookie, so the server replies with a
> "302 Page Moved" status, and a Location header pointing to the login page.
> 3) The browser requests the login page specified.
> 4) The server responds with the login page
> 5) The user fills in the login page and submits the form, so the browser
> POSTs the form back to the login page
> 6) If the credentials are valid, the server responds with another "302

Page

> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication Ticket.
> 7) The browser then requests protected.aspx, but this time supplies the
> Forms Authentication Ticket in a Cookie header
> 8) Forms Authentication sees that the request includes a valid Forms
> Authentication Ticket, so it permits the access. The server responds with
> the protected page.
>
> This is what your code will need to duplicate.
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>

[John Saunders]

"buran" <buran@buran.com> wrote in message
news:e7m0CYTfDHA.2576@TK2MSFTNGP11.phx.gbl...

> I am using following code but for no good. Maybe you can help me on

this...

Please tell us what you mean when you say "but for no good". What is the
specific problem? Perhaps an exception is thrown? Perhaps there is a
timeout? Please be more specific.

....

> and then in the page where I am requesting the page to be downloaded..
>
> Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles Button1.Click
> myWebReq =

WebRequest.Create("http://burak/LoginDeneme/secret.aspx")

> c.Name = FormsAuthentication.FormsCookieName()
> c.Value = Session("c")
> c.Domain = "http://burak/LoginDeneme"
> cc.Add(c)

[url]http://burak/LoginDeneme[/url] is not a domain. "burak" is a domain. Please try
that, and if it doesn't work, let us know in detail what the result is.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]

[buran]

"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:O16mNdTfDHA.3228@tk2msftngp13.phx.gbl...

> "buran" <buran@buran.com> wrote in message
> news:e7m0CYTfDHA.2576@TK2MSFTNGP11.phx.gbl...

> > I am using following code but for no good. Maybe you can help me on

> this...
>
> Please tell us what you mean when you say "but for no good". What is the
> specific problem? Perhaps an exception is thrown? Perhaps there is a
> timeout? Please be more specific.
>

Ok you're right. I am getting the login page
([url]http://burak/LoginDeneme/LoginDeneme.aspx[/url]) on the browser instead of the
the [url]http://burak/LoginDeneme/al.aspx[/url].
So the code writes the contents of the login page to the disk
(d:\Downloads\1.htm). It cannot pass the authentication.

Yeesss, changing to c.Domain = "burak" worked. Thank you very very much..
:))

> ...

> > and then in the page where I am requesting the page to be downloaded..
> >
> > Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles Button1.Click
> > myWebReq =

> WebRequest.Create("http://burak/LoginDeneme/secret.aspx")

> > c.Name = FormsAuthentication.FormsCookieName()
> > c.Value = Session("c")
> > c.Domain = "http://burak/LoginDeneme"
> > cc.Add(c)

>
> [url]http://burak/LoginDeneme[/url] is not a domain. "burak" is a domain. Please try
> that, and if it doesn't work, let us know in detail what the result is.

> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>

[Jim J]

"John Saunders" <john.saunders@surfcontrol.com> wrote in message news:<esQrrFHfDHA.392@TK2MSFTNGP12.phx.gbl>...

> "buran" <buran@buran.com> wrote in message
> news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...

>>

> I could swear I answered this question before...
>
> You are attempting to substitute code for a browser. Your code will have to
> do what the browser would have done:
>
> 1) Browser attempts to reach a protected page, for instance, protected.aspx
> 2) Forms Authentication sees that the request does not include a Forms
> Authentication Ticket in the proper cookie, so the server replies with a
> "302 Page Moved" status, and a Location header pointing to the login page.
> 3) The browser requests the login page specified.
> 4) The server responds with the login page
> 5) The user fills in the login page and submits the form, so the browser
> POSTs the form back to the login page
> 6) If the credentials are valid, the server responds with another "302 Page
> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication Ticket.
> 7) The browser then requests protected.aspx, but this time supplies the
> Forms Authentication Ticket in a Cookie header
> 8) Forms Authentication sees that the request includes a valid Forms
> Authentication Ticket, so it permits the access. The server responds with
> the protected page.
>
> This is what your code will need to duplicate.

Okay, I understand the steps.... but I have been unable to perform
them.

When I try to post my userid and password to my login.aspx page, I
keep getting the html for the login page back. I assume that this is
because I do nto successfully login. There are only 3 fields on the
login page __viewstate, userid, and password. The login screen is
using "forms" authentication.

I have scoured the web looking for a simple example of this type of
login, but have not been successful.

Once logged in, I realize that I need to grab the auth cookie and use
it on future requests of pages.

I am really surprised that I can not find an example of this. Is it so
simple that everyone else is able to do it without problems.... or am
I missing something.

Please help.

Thanks.

[John Saunders]

"Jim J" <download9096@hotmail.com> wrote in message
news:a0ea5ad3.0310102349.2d496a90@posting.google.c om...

> "John Saunders" <john.saunders@surfcontrol.com> wrote in message

news:<esQrrFHfDHA.392@TK2MSFTNGP12.phx.gbl>...

> > "buran" <buran@buran.com> wrote in message
> > news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...

> >>

> > I could swear I answered this question before...
> >
> > You are attempting to substitute code for a browser. Your code will have

to

> > do what the browser would have done:
> >
> > 1) Browser attempts to reach a protected page, for instance,

protected.aspx

> > 2) Forms Authentication sees that the request does not include a Forms
> > Authentication Ticket in the proper cookie, so the server replies with a
> > "302 Page Moved" status, and a Location header pointing to the login

page.

> > 3) The browser requests the login page specified.
> > 4) The server responds with the login page
> > 5) The user fills in the login page and submits the form, so the browser
> > POSTs the form back to the login page
> > 6) If the credentials are valid, the server responds with another "302

Page

> > Moved" status, a Location header pointing to protected.aspx, and a
> > Set-Cookie header providing the encrypted Forms Authentication Ticket.
> > 7) The browser then requests protected.aspx, but this time supplies the
> > Forms Authentication Ticket in a Cookie header
> > 8) Forms Authentication sees that the request includes a valid Forms
> > Authentication Ticket, so it permits the access. The server responds

with

> > the protected page.
> >
> > This is what your code will need to duplicate.

>
> Okay, I understand the steps.... but I have been unable to perform
> them.
>
> When I try to post my userid and password to my login.aspx page, I
> keep getting the html for the login page back. I assume that this is
> because I do nto successfully login.

Jim, you know what they say about assumptions...

What happens if you assume that your assumption is incorrect, since that
seems to be the case?
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]