Reputation: 556
Redirect user to authenticated page that uses forms authentication, using HTTP Location Header, HttpWebRequest/Response and Response.Cookies.Add()
I need to autheticate on a site using forms authentication and then redirect the user to that site along with the session cookie. I have not figured out how to successfully do this. Here's my code so far.. I still get redirected to that apps login page. Any help is much appreciated!
protected void Button1_Click(object sender, EventArgs e)
{
string data = "nickname=&login={0}&password={1}&action_login.x=70&action_login.y=14action_login=Login";
string postdata = String.Format(data, "test", "test");
string page = @"http://1.1.1.1/home.asp";
string loginPage = @"http://1.1.1.1/auth.asp";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(loginPage);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.AllowAutoRedirect = false;
ASCIIEncoding encoding = new ASCIIEncoding(); //encoder
byte[] requestData = encoding.GetBytes(postdata); //encode post data
request.ContentLength = requestData.Length;
//write the post data to the request
Stream requestStream = request.GetRequestStream();
// Send the data.
requestStream.Write(requestData, 0, requestData.Length);
requestStream.Close();
try
{
HttpWebResponse response = (HttpWebResponse) request.GetResponse();
string cookieHeader = response.GetResponseHeader("Set-Cookie");
string cookieValue = cookieHeader.Replace("pp_session_id=", "");
HttpCookie cookie = new HttpCookie("pp_session_id",cookieValue);
cookie.Domain = "1.1.1.1";
cookie.Path = "/";
Response.Clear();
Response.StatusCode = 302;
//Response.AddHeader("Set-Cookie", cookieHeader);
Response.AddHeader("Location",page);
Response.RedirectLocation = page;
Response.Cookies.Add(cookie);
Response.Flush();
}
catch (WebException ex)
{
Response.Write(ex.Message);
}
}
Upvotes: 2
Views: 2687
Answers (3)
Reputation: 1
i believe you have to do a request to an authenticated page on the remote web app.
you'll have to grab the cookie it gives you so you have a valid session. aspnet session id is passed in the cookie. Then you will need to pass the username and password required for that app along with the cookie you received so you will have a valid authenticated session.
Upvotes: 0
Reputation: 7594
Use Firebug on Mozilla Firefox to see what exactly the browser does when logging into the webapp. Then simulate the same sequence through code.
Or, you can use wireshark to sniff the requests sent by the browser.
One thing I can see from your code, is that you are adding the cookie explicitly. You shouldnt be doing this. You should set a CookieContainer on the request, so that the cookies get sent with all the requests to that site.
hope that helps.
Upvotes: 1
Reputation: 76021
What's wrong with using the FormsAuthentication class? In particular, have you tried the following sequence (or a variation of it):
FormsAuthentication.Authenticate();
FormsAuthentication.SetAuthCookie();
FormsAuthentication.RedirectFromLoginPage();
Upvotes: 1
Related Questions
- Redirect to another site with Authorization headers in ASP. Net
- redirect after authentication is successful
- Redirect to requested page after authentication
- How to redirect a user to a Specific Page with Forms Authentication
- Basic Authentication over redirection
- C# direct to another page
- Redirect to default page if the user has authentication cookie
- HttpWebRequest redirect with cookies
- Authenticate user without Leaving Page
- ASP.NET Forms Authentication without Redirect