POST data getting 'lost' somewhere

Question

UPDATE

So it turns out internet exploder's stranglehold on "security" to "make up" for being so bad at security was causing my problems. I should have checked that out first haha. Thanks everyone for the input, it has given me ideas on how to optimize my application :D

---

I am writing a web app (in ASP.NET 3.5) that integrates with a platform app. The platform app takes the user's credentials and puts them into an "empty" HTML page that consists of a form with hidden items containing said credentials and POSTS to the webapp (default.aspx):

<HTML>
<HEAD>
<SCRIPT LANGUAGE=JSCRIPT>
    function OnLoad(){
        try {
            document.form1.submit();
        }
        catch(e){
        }
    }
</SCRIPT>
</HEAD>
<BODY OnLoad="OnLoad()">
    <FORM ACTION="http://localhost:51816/gs_ontheweb/default.aspx" METHOD=POST NAME=form1 TARGET="_NEW">
    <INPUT TYPE="HIDDEN" NAME="ClientID" VALUE="123456">
    <INPUT TYPE="HIDDEN" NAME="Password" VALUE="2830088828">
    <INPUT TYPE="HIDDEN" NAME="PracType" VALUE="051">
    <INPUT TYPE="HIDDEN" NAME="Encrypt" VALUE="12345620081111">
</FORM>
</BODY>
</HTML>

When my default.aspx page gets loaded up, it calls the following function:

Dim ClientID As String = Request.Form("ClientID")
Dim PassWord As String = Request.Form("Password")
Dim PracType As String = Request.Form("PracType")

Each one of them result in empty strings. Any ideas on why this is happening? Thanks in advance.

EDIT: Is there something I need to configure in my web.config file to make this work properly? Request.Params("<param name>") does not work.

Answer 1

Your issue is the "Target" property on the Form. Why is this here?

(I also took the liberty of cleaning your HTML up a little)

<html>
    <head>
    <title>Test JS Post</title>
    <script type="text/javascript" language="javascript">
    <!--
        function OnLoad(){
            try
            {
                alert("Posting...");
                document.form1.submit();
            }
            catch(e)
            {
                alert("ERROR!");
                alert(e);
            }
        }
    //-->
    </script>
</head>
<body onload="OnLoad()">

    <form action="http://localhost:49684/Default.aspx" method="post" name="form1">

        <input type="hidden" name="ClientID" value="123456" />
        <input type="hidden" name="Password" value="2830088828" />
        <input type="hidden" name="PracType" value="051" />
        <input type="hidden" name="Encrypt" value="12345620081111" />

        <h1>This is in the form.  Submit me here:</h1><input type="submit" value="foo" />

    </form>

</body>
</html>

In the code behind of Default.aspx:

Private Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init

    For Each value As String In Request.Form.Keys
        Debug.WriteLine(String.Format("{0} = ""{1}""", value, Request.Form.Item(value)))
    Next

End Sub

Answer 2

Why not use System.Net.WebClient?

Some sample code (sorry, it's C#. Looks like your looking for VB. I can't translate quickly.)

System.Net.WebClient wc = new System.Net.WebClient();
byte[] b;
byte[] res;
string formdata = "text=test text&password=secret&checkbox=on&textarea=a longer text sentence&submit=submit";

//    encode the form data string into a byte array 
b = System.Text.Encoding.ASCII.GetBytes(formdata);

// set the content type for a form 
wc.Headers.Add("Content-Type", "application/x-www-form-urlencoded");

// POST and get data
res = wc.UploadData("http://localhost:51816/gs_ontheweb/default.aspx", b);

//convert the return page from byte[] to ascii
string s = System.Text.Encoding.ASCII.GetString(res);

Answer 3

That HTML is just on the user's harddrive? Maybe the browser security won't let that POST because it's deemed to be a risk.

As a test -- take that exact HTML file and put it on your webserver and then browse to it. If it works, might be the browser refusing to send the data. You could check with Fiddler (for IE) or Firebug in FireFox.