.NET HTTP GET request problem (return state 200 OK instead of 302 Found)

Question

i'm running the following code but received different result than a call made from browser (example chrome). The .net code gives me 200 (OK) while Chrome 302 with redirect url. Can anyone explain to me why?

System.Net.ServicePointManager.SecurityProtocol = Net.SecurityProtocolType.Tls12
Net.ServicePointManager.ServerCertificateValidationCallback = AddressOf certVerify

Dim client As New System.Net.Http.HttpClient
Dim requestMessage As New System.Net.Http.HttpRequestMessage
requestMessage.RequestUri = New Uri("https://iampe.agenziaentrate.gov.it/sam/UI/Logout?realm=/agenziaentrate")
requestMessage.Method = HttpMethod.Get
requestMessage.Headers.Accept.Add(New MediaTypeWithQualityHeaderValue("*/*"))
requestMessage.Headers.Host = "iampe.agenziaentrate.gov.it"
requestMessage.Headers.Add("Pragma", "no-cache")
requestMessage.Headers.Add("sec-ch-ua", """ Not A;Brand"";v=""99"", ""Chromium"";v=""96"", ""Google Chrome"";v=""96""")
requestMessage.Headers.Add("sec-ch-ua-mobile", "?0")
requestMessage.Headers.Add("sec-ch-ua-platform", """Windows""")
requestMessage.Headers.Add("Upgrade-Insecure-Requests", "1")
requestMessage.Headers.UserAgent.Add(New ProductInfoHeaderValue("ScraperBot", "1.0"))
requestMessage.Headers.Add("Accept", "*/*")
requestMessage.Headers.Add("Sec-Fetch-Site", "none")
requestMessage.Headers.Add("Sec-Fetch-Mode", "navigate")
requestMessage.Headers.Add("Sec-Fetch-User", "?1")
requestMessage.Headers.Add("Sec-Fetch-Dest", "document")
requestMessage.Headers.Add("Accept-Encoding", "gzip, deflate, br")
requestMessage.Headers.Add("Accept-Language", "it-IT,it;q=0.9")
Dim Risposta As System.Net.Http.HttpResponseMessage = client.SendAsync(requestMessage).Result



Public Function certVerify(se As Object, cert As System.Security.Cryptography.X509Certificates.X509Certificate, chain As System.Security.Cryptography.X509Certificates.X509Chain, sslerror As System.Net.Security.SslPolicyErrors)
        Return True
    End Function

enter image description here

Answer 1

HttpClientHandler.AllowAutoRedirect is defaulted to enabled. HttpClient is automatically following the redirect and returning the info from the redirected location.

If AllowAutoRedirect is set to false, all HTTP responses with an HTTP status code from 300 to 399 are returned to the application.

I'm not a VB developer so can't really show you how to do it in VB but there is C# code on the docs page for HttpClientHandler that shows how you can customize behaviour for HttpClient by passing it a instance on HttpClientHandler. You should be able to adapt that to your needs.

C#

   // Create an HttpClientHandler that doesn't follow redirects
   HttpClientHandler handler = new HttpClientHandler();
   handler.AllowAutoRedirect = false;

   // Create an HttpClient object
   HttpClient client = new HttpClient(handler);