Clever Geek Handbook

Redirect the user to an authenticated page that uses HTTP Location Header authentication, HttpWebRequest / Response and Response.Cookies.Add ()

I need to autorate on a site using forms authentication and then redirect the user to that site along with a session cookie. I have not figured out how to do this successfully. Here is my code so far. I am still redirected to the app login page. Any help is greatly appreciated!


protected void Button1_Click(object sender, EventArgs e)
{
 string data = "nickname=&login={0}&password={1}&action_login.x=70&action_login.y=14action_login=Login";
 string postdata = String.Format(data, "test", "test");
 string page = @"http://1.1.1.1/home.asp";
 string loginPage = @"http://1.1.1.1/auth.asp";
 HttpWebRequest request = (HttpWebRequest)WebRequest.Create(loginPage);
 request.Method = "POST";
 request.ContentType = "application/x-www-form-urlencoded";
 request.AllowAutoRedirect = false;
 ASCIIEncoding encoding = new ASCIIEncoding(); //encoder
 byte[] requestData = encoding.GetBytes(postdata); //encode post data
 request.ContentLength = requestData.Length;
 //write the post data to the request
 Stream requestStream = request.GetRequestStream();
 // Send the data.
 requestStream.Write(requestData, 0, requestData.Length);
 requestStream.Close();
 try
 {
  HttpWebResponse response = (HttpWebResponse) request.GetResponse();
  string cookieHeader = response.GetResponseHeader("Set-Cookie");
  string cookieValue = cookieHeader.Replace("pp_session_id=", "");
  HttpCookie cookie = new HttpCookie("pp_session_id",cookieValue);
  cookie.Domain = "1.1.1.1";
  cookie.Path = "/";
  Response.Clear();
  Response.StatusCode = 302;
  //Response.AddHeader("Set-Cookie", cookieHeader);
  Response.AddHeader("Location",page);
  Response.RedirectLocation = page;
  Response.Cookies.Add(cookie);
  Response.Flush();

 }
 catch (WebException ex)
 {
  Response.Write(ex.Message);
 }
}
+2


source to share


3 answers


Use Firebug in Mozilla Firefox to see what exactly the browser does when logging into a webapp. Then simulate the same sequence with code.

Or you can use wireshark to sniff the requests sent by the browser.



One thing I can see from your code is that you are adding the cookie explicitly. You shouldn't be doing this. You must set a CookieContainer in the request so that cookies are sent with all requests to this site.

hope this helps.

+1


source


What's wrong with using the class FormsAuthentication

? Specifically, have you tried the following sequence (or a variation of it):

FormsAuthentication.

Authenticate

();



FormsAuthentication.

SetAuthCookie

();

FormsAuthentication.

RedirectFromLoginPage

();

+1


source


I believe you need to make a request for an authenticated page in the remote web app.

you will need to grab the cookie it will give you in order for you to have a valid session. The aspnet session id is passed in the cookie. You will then need to provide the username and password required for this application, along with the cookie you received, so that you have a valid authenticated session.

0


source






More articles:


All Articles