Re: HttpWebRequest and posting login data

From: John Saunders (john.saunders_at_surfcontrol.com)
Date: 09/16/03 

Date: Tue, 16 Sep 2003 12:39:00 -0400

"buran" <buran@buran.com> wrote in message
news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...
> Dear ASP.NET Programmers,
>
> How can I post data to an ASP.NET login page and pass authentication? The
> login page uses forms
> authentication, users must supply usernames and password and have to click
> on a submit button. I
> want to automate this process by supplying values with HttpWebRequest and
> then download a file on
> the site. I think that I cannot invoke the submit button. Pleeeasee help,
> thanks in advance

I could swear I answered this question before...

You are attempting to substitute code for a browser. Your code will have to
do what the browser would have done:

1) Browser attempts to reach a protected page, for instance, protected.aspx
2) Forms Authentication sees that the request does not include a Forms
Authentication Ticket in the proper cookie, so the server replies with a
"302 Page Moved" status, and a Location header pointing to the login page.
3) The browser requests the login page specified.
4) The server responds with the login page
5) The user fills in the login page and submits the form, so the browser
POSTs the form back to the login page
6) If the credentials are valid, the server responds with another "302 Page
Moved" status, a Location header pointing to protected.aspx, and a
Set-Cookie header providing the encrypted Forms Authentication Ticket.
7) The browser then requests protected.aspx, but this time supplies the
Forms Authentication Ticket in a Cookie header
8) Forms Authentication sees that the request includes a valid Forms
Authentication Ticket, so it permits the access. The server responds with
the protected page.

This is what your code will need to duplicate. 

-- 
John Saunders
Internet Engineer
john.saunders@surfcontrol.com