Intranet Screen Scrape (Passing Authentication)

[Johnny Quest]

I would like to read a page programmatically with an ASP.NET intranet site.
I am using forms authentication. No matter what I have tried, the login
screen always comes back because the web server itself knows nothing about
the authentication information already stored away. I admit that I am a
little bit clueless about this whole process, so any info would help. I
have read where people say that you need to pass a cookie, using a cookie
container, but I'm not sure how exactly that is done and what cookie to
pass. I'm using tickets when a comes in under the login screen.

Will post the code later, but for now, just wondering if someone has a clear
consice example (or at least an explanation) of what I have to do to get
past the forms authentication?

[Kevin Kenny]

Johnny Quest wrote:

>I would like to read a page programmatically with an ASP.NET intranet site.
>I am using forms authentication. No matter what I have tried, the login
>screen always comes back because the web server itself knows nothing about
>the authentication information already stored away. I admit that I am a
>little bit clueless about this whole process, so any info would help. I
>have read where people say that you need to pass a cookie, using a cookie
>container, but I'm not sure how exactly that is done and what cookie to
>pass. I'm using tickets when a comes in under the login screen.
>
>Will post the code later, but for now, just wondering if someone has a clear
>consice example (or at least an explanation) of what I have to do to get
>past the forms authentication?
>
>
>
>

Johnny,

Have a look at System.Net.HttpRequest.

Is the page being screen scraped an ASP.NET page using forms authentication?

Kevin

[Johnny Quest]

Yes, forms authentication. The part I don't understand (and obviously
critical) is what is needed to satisfy the following piece of code in
global.asax? I always, always, always get the login page. When I try and
use CookieContainer, there is some quirks with using the Cookie object from
System.Net versus System.Web and I don't fully understand that either.

Hope someone can shed some light on this?

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (HttpContext.Current.User != null)

{

if (HttpContext.Current.User.Identity.IsAuthenticated )

{

if (HttpContext.Current.User.Identity is FormsIdentity)

{

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;

FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles

string userData = ticket.UserData;

string[] roles = userData.Split(',');

HttpContext.Current.User = new GenericPrincipal(id, roles);

}

}

}

}

After authentication, login page goes like this:



// Create a new ticket used for authentication

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

1, // Ticket version

UserName.Text, // Username associated with ticket

DateTime.Now, // Date/time issued

DateTime.Now.AddMinutes(1000), // Date/time to expire

true, // "true" for a persistent user cookie

cmrRoles, // User-data, in this case the roles

FormsAuthentication.FormsCookiePath); // Path cookie valid for


// Hash the cookie for transport

string hash = FormsAuthentication.Encrypt(ticket);

HttpCookie cookie = new HttpCookie(

FormsAuthentication.FormsCookieName, // Name of auth cookie

hash); // Hashed ticket


// Add the cookie to the list for outgoing response

// this I am hoping will stop the frequent timeouts from occurring.

cookie.Expires=ticket.Expiration;

Response.Cookies.Add(cookie);

----- Original Message -----
From: "Kevin Kenny" <kevin.kenny@snip.me.zygonia.net>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Sent: Sunday, August 31, 2003 5:57 AM
Subject: Re: Intranet Screen Scrape (Passing Authentication)

> Johnny Quest wrote:
>

> >I would like to read a page programmatically with an ASP.NET intranet

site.

> >I am using forms authentication. No matter what I have tried, the login
> >screen always comes back because the web server itself knows nothing

about

> >the authentication information already stored away. I admit that I am a
> >little bit clueless about this whole process, so any info would help. I
> >have read where people say that you need to pass a cookie, using a cookie
> >container, but I'm not sure how exactly that is done and what cookie to
> >pass. I'm using tickets when a comes in under the login screen.
> >
> >Will post the code later, but for now, just wondering if someone has a

clear

> >consice example (or at least an explanation) of what I have to do to get
> >past the forms authentication?
> >
> >
> >
> >

> Johnny,
>
> Have a look at System.Net.HttpRequest.
>
> Is the page being screen scraped an ASP.NET page using forms

authentication?

>
> Kevin
>

Yes, forms authentication. The part I don't understand (and obviously
critical) is what is needed to satisfy the following piece of code in
global.asax? I always, always, always get the login page. When I try and
use CookieContainer, there is some quirks with using the Cookie object from
System.Net versus System.Web and I don't fully understand that either.

Hope someone can shed some light on this?

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (HttpContext.Current.User != null)

{

if (HttpContext.Current.User.Identity.IsAuthenticated )

{

if (HttpContext.Current.User.Identity is FormsIdentity)

{

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;

FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles

string userData = ticket.UserData;

string[] roles = userData.Split(',');

HttpContext.Current.User = new GenericPrincipal(id, roles);

}

}

}

}

After authentication, login page goes like this:



// Create a new ticket used for authentication

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

1, // Ticket version

UserName.Text, // Username associated with ticket

DateTime.Now, // Date/time issued

DateTime.Now.AddMinutes(1000), // Date/time to expire

true, // "true" for a persistent user cookie

cmrRoles, // User-data, in this case the roles

FormsAuthentication.FormsCookiePath); // Path cookie valid for


// Hash the cookie for transport

string hash = FormsAuthentication.Encrypt(ticket);

HttpCookie cookie = new HttpCookie(

FormsAuthentication.FormsCookieName, // Name of auth cookie

hash); // Hashed ticket


// Add the cookie to the list for outgoing response

// this I am hoping will stop the frequent timeouts from occurring.

cookie.Expires=ticket.Expiration;

Response.Cookies.Add(cookie);

----- Original Message -----
From: "Kevin Kenny" <kevin.kenny@snip.me.zygonia.net>
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Sent: Sunday, August 31, 2003 5:57 AM
Subject: Re: Intranet Screen Scrape (Passing Authentication)

> Johnny Quest wrote:
>

> >I would like to read a page programmatically with an ASP.NET intranet

site.

> >I am using forms authentication. No matter what I have tried, the login
> >screen always comes back because the web server itself knows nothing

about

> >the authentication information already stored away. I admit that I am a
> >little bit clueless about this whole process, so any info would help. I
> >have read where people say that you need to pass a cookie, using a cookie
> >container, but I'm not sure how exactly that is done and what cookie to
> >pass. I'm using tickets when a comes in under the login screen.
> >
> >Will post the code later, but for now, just wondering if someone has a

clear

> >consice example (or at least an explanation) of what I have to do to get
> >past the forms authentication?
> >
> >
> >
> >

> Johnny,
>
> Have a look at System.Net.HttpRequest.
>
> Is the page being screen scraped an ASP.NET page using forms

authentication?

>
> Kevin
>