Re: HttpWebRequest and posting login data

From: Jim J (download9096_at_hotmail.com)
Date: 10/11/03 

Date: 11 Oct 2003 00:49:37 -0700

"John Saunders" <john.saunders@surfcontrol.com> wrote in message news:<esQrrFHfDHA.392@TK2MSFTNGP12.phx.gbl>...
> "buran" <buran@buran.com> wrote in message
> news:OJag06GfDHA.1872@TK2MSFTNGP09.phx.gbl...
>>
> I could swear I answered this question before...
>
> You are attempting to substitute code for a browser. Your code will have to
> do what the browser would have done:
>
> 1) Browser attempts to reach a protected page, for instance, protected.aspx
> 2) Forms Authentication sees that the request does not include a Forms
> Authentication Ticket in the proper cookie, so the server replies with a
> "302 Page Moved" status, and a Location header pointing to the login page.
> 3) The browser requests the login page specified.
> 4) The server responds with the login page
> 5) The user fills in the login page and submits the form, so the browser
> POSTs the form back to the login page
> 6) If the credentials are valid, the server responds with another "302 Page
> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication Ticket.
> 7) The browser then requests protected.aspx, but this time supplies the
> Forms Authentication Ticket in a Cookie header
> 8) Forms Authentication sees that the request includes a valid Forms
> Authentication Ticket, so it permits the access. The server responds with
> the protected page.
>
> This is what your code will need to duplicate.

Okay, I understand the steps.... but I have been unable to perform
them.

When I try to post my userid and password to my login.aspx page, I
keep getting the html for the login page back. I assume that this is
because I do nto successfully login. There are only 3 fields on the
login page __viewstate, userid, and password. The login screen is
using "forms" authentication.

I have scoured the web looking for a simple example of this type of
login, but have not been successful.

Once logged in, I realize that I need to grab the auth cookie and use
it on future requests of pages.

I am really surprised that I can not find an example of this. Is it so
simple that everyone else is able to do it without problems.... or am
I missing something.

Please help.

Thanks.

Relevant Pages

  • Re: HttpWebRequest and posting login data
    ... Private Sub btnValidate_Click(ByVal sender As System.Object, ... >> How can I post data to an ASP.NET login page and pass authentication? ... > You are attempting to substitute code for a browser. ... > Set-Cookie header providing the encrypted Forms Authentication Ticket. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: HttpWebRequest and posting login data
    ... Private Sub btnValidate_Click(ByVal sender As System.Object, ... >> How can I post data to an ASP.NET login page and pass authentication? ... > You are attempting to substitute code for a browser. ... > Set-Cookie header providing the encrypted Forms Authentication Ticket. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Posting to another server and end up there?
    ... > it so basically I am starting at the remote login page, ... What needs to happen is the browser needs to think it already logged ... the cookie being tied to your first (login) domain, ... >> to be re-stated in your next response. ...
    (microsoft.public.inetserver.asp.general)
  • Re: Attribute value of
  • Re: browser output
    ... -the scipts are to login in remote linux machine and list the directory ... -tst.php scipt is to output the data in the browser. ... that you've provided us with details on only one, and the symptom ...
    (comp.lang.tcl)