Clever Geek Handbook

How do I pass cookies to an external web browser?

I am writing an application that will have to open browser windows (could possibly be pasted in IE) to websites that use forms authentication. The trick is that they have to authenticate already to save time due to the large number of sites we need to get to. (Eventually, I'll be escaping them and processing the data ... but I still need to get some of the authentication to work so they can click on the real site when needed.)

I have a forms authentication part where I can use HttpWebRequest to get the html and just pass it to the browser. However, I cannot get it to transfer the cookies to the client browser so that it can navigate to the actual website.

I am getting System.Net.Cookies for authentication and I tried to copy them to System.Web.HttpCookies and add them to the Response object. If I put a link on the page or use Response.Redirect to go to the site, it doesn't work, it acts as if the user is not authenticated.

Anyone can think of how I would do this?

Here's the current code if it makes more sense:

Dictionary<string, string> formValues = new Dictionary<string, string>(4);
        formValues.Add("txbUserName", "USERNAME");
        formValues.Add("txbPassword", "PASSWORD");
        formValues.Add("SubmitB", "Log In");

        HttpWebRequest webRequest;
        StreamReader responseReader;
        string responseData;

        //This authenticates an HttpWebRequest and returns it
        webRequest = FormsAuthHttpWebRequest.Create("REQUESTURI", "LOGINURI", 
                                                    formValues) as HttpWebRequest;

        responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());

        responseData = responseReader.ReadToEnd();
        responseReader.Close();

        foreach (Cookie cookie in webRequest.CookieContainer.GetCookies(new Uri("SITEURI")))
        {
            HttpCookie httpCookie = new HttpCookie(cookie.Name, cookie.Value)
            {
                Domain = cookie.Domain,
                Expires = cookie.Expires,
                Path = cookie.Path,
                HttpOnly = cookie.HttpOnly,
                Secure = cookie.Secure                 
            };

            Response.Cookies.Add(httpCookie);
        }


        Response.Redirect("REQUESTURI");
0


source to share


2 answers


I don't think you can do this. The browser will ignore "Add-Cookie" headers from a web server that does not belong to the cookie-related domain. This is part of the built-in security for cookies - it would be disastrous (in terms of security and privacy) if other websites could read or write cookies for a different domain.



+3


source


I think the browser might be ignoring cookies in the response header due to the looming Response.Redirect. We ran into this problem recently and found that FF accepted cookies, but IE6 & 7 didn't.



I'm not sure if I understand exactly what you are trying to do. Are you trying to send cookies from site A to the browser that are actually for site B?

0


source






More articles:


All Articles