Using WebBrowser credentials for WebRequest object : VB, C#, MS WebBrowser object

May 17, 2008 02:05am pdt

1. TheLearn... 196,575
2. Dhaest 81,930
3. jcoehoorn 67,480
4. jaime_ol... 63,381
5. GreenGhost 62,510
6. Velio 51,640
7. ZachSmith 45,350
8. jpaulino 41,270
9. JimBrandley 33,760
10. avnish_t... 33,650
11. surajguptha 31,750
12. SteveH_UK 31,525
13. angelIII 31,463
14. PaulHews 31,075
14. samtran0331 31,075

1. TheLearn... 562,953
2. samtran0331 210,390
3. surajguptha 199,472
4. Dhaest 167,453
5. Idle_Mind 143,595
6. jaime_ol... 141,466
7. emoreau 100,075
8. JimBrandley 99,622
9. Fernando... 90,534
10. McExp 87,513
11. jcoehoorn 85,780
12. GreenGhost 83,760
13. jpaulino 79,100
14. DarkoLord 76,876
15. Sancler 71,532

01.10.2008 at 11:13AM PST, ID: 23073523

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.2

Using WebBrowser credentials for WebRequest object

Zones: .NET Framework 2.0, Programming for ASP.NET, WebApplications

Tags: VB, C#, MS WebBrowser object

I'm building a .NET windows forms application to access an ASP.NET web app. The web app allows users to generate custom reports in Excel format and then download them.
I have used a WebBrowser control and DOM to log on to the site and generate the report I want. I'm now trying to download the report without getting the Open/Save UI dialog. I think I can do this by using system.net.webrequest to access the URI of the generated report. The problem is getting the appropriate credentials for the browser session to the webrequest. Running the webrequest now just returns a log-in page for the site. I've tried a number of methods that don't work and hope someone here can point me to the correct way to do this. Thanks.

Start your free trial to view this solution

Question Stats

Zone: Microsoft

Question Asked By: thefridgeVFA

Solution Provided By: the_crazed

Participating Experts: 1

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

01.11.2008 at 03:01AM PST, ID: 20635337

the_crazed:

you want to set Credentials and PreAuthenticate on your webrequest object

                       
                                webReq.Credentials = System.Net.CredentialCache.DefaultCredentials;
webReq.PreAuthenticate=true;

Open in New Window

01.12.2008 at 02:03PM PST, ID: 20645467

thefridgeVFA:

This is one of the things I tried unsuccessfully. It just returns the login page. I think I need to get the session credentials from the WebBrowser cookies and transfer them to the WebRequest Credentials.

01.14.2008 at 05:12AM PST, ID: 20652606

the_crazed:

is the ASP.net web app using forms authentication?

do you have any control over the web app or is it external?

01.14.2008 at 07:02AM PST, ID: 20653361

the_crazed:

Here's a thought, do you think you could get the user to type their login credentials into your app?

if so, If its forms authentication, you could use fiddler or something to enable you to spoof a login.

try this:

open up url you are trying to download in your browser (you should get the login page)
turn on fiddler (http://www.fiddlertool.com)
hit "log in"
get the form data from fiddler, use that info to create your web request, like:
(also seems to need a cookie set to work, but doesn't seem to care what that cookie is)

                       
                          
                             
                                1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:

                             
                             
                                            string UserName = "the_crazed";
            string Password = "password";
            string LoginUrl = "http://localhost/Reports/Login.aspx";
            string RequiredUrl = "/Reports/Report1.aspx?arg1=arg";
 
	    
	    ASCIIEncoding encoding=new ASCIIEncoding();
            string postData = "UserEmail=" + UserName;
            postData += ("&UserPass=" + Password);
            postData += ("&__VIEWSTATE=" + "dDwxNDk4NTExNDg3OztsPFBlcnNpc3Q7Pj6Eyncow4uVa/NxzavPfMvSqZKDFg==");
            postData += ("&Submit1=Log On");
	        byte[]  data = encoding.GetBytes(postData);
 
            System.Net.Cookie c = new Cookie("DUMMY", "");
 
            Uri u = new Uri(LoginUrl + "?ReturnUrl=" + RequiredUrl);
 
            System.Net.HttpWebRequest w = (HttpWebRequest)System.Net.WebRequest.Create(u);
 
            w.CookieContainer = new CookieContainer();
            w.CookieContainer.Add(u, c);
 
            w.Method = "POST";
	        w.ContentType="application/x-www-form-urlencoded";
	        w.ContentLength = data.Length;
	        Stream newStream=w.GetRequestStream();
	        // Send the data.
	        newStream.Write(data,0,data.Length);
	        newStream.Close();
            w.Credentials = System.Net.CredentialCache.DefaultCredentials;
            string str = "";
            try
            {
                WebResponse r = w.GetResponse();
                Stream s = r.GetResponseStream();
                StreamReader reader = new StreamReader(s);
                str = reader.ReadToEnd();
            }
            catch (Exception ex)
            {
                str=ex.Message;
 
            }
            MessageBox.Show(str);

                             
                          

                    

Open in New Window

01.16.2008 at 02:12PM PST, ID: 20676741

thefridgeVFA:

Excellent. I think we're on the right track. Yes, it's forms authentication and I do have access to the user credentials.
When I tried your technique I received the following error:

"An unexpected error has occurred.
Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation"

Do I need to grab an event validation token and return it?

01.17.2008 at 03:48AM PST, ID: 20680369

the_crazed:

ah, Event Validation to handle too?
the following seems to work for me..
(had to add reference to System.Web)

                       
                          
                             
                                1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:

                             
                             
                                            string UserName = "the_crazed";
            string Password = "password";
            string LoginUrl = "http://localhost:3871/FormsAuth/Login.aspx";
            string RequiredUrl = "/FormsAuth/Default.aspx?arg1=arg";
            
	        ASCIIEncoding encoding=new ASCIIEncoding();
            string postData = "__EVENTTARGET=&__EVENTARGUMENT=";
            postData += ("&__VIEWSTATE=" + HttpUtility.UrlEncode("/wEPDwUJMzE3NDg1ODg2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUHUGVyc2lzdGK4YPE96Ga3K7tCkMvgfg0xROmy"));
            postData += ("&UserEmail=" + UserName);
            postData += ("&UserPass=" + Password);
            postData += ("&Submit1=Log On");
            postData += ("&__EVENTVALIDATION=" + HttpUtility.UrlEncode("/wEWBgLnqtcEAqDzmJ4CAtSlzfsMAs/KzOANAt+L2uIOAtWjxq8OWVnf5o/N3BipezywbAuTJebjbRc="));
	        byte[]  data = encoding.GetBytes(postData);
 
            System.Net.Cookie c = new Cookie("DUMMY", "");
            Uri u = new Uri(LoginUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(RequiredUrl));
            MessageBox.Show(u.AbsoluteUri);
            System.Net.HttpWebRequest w = (HttpWebRequest)System.Net.WebRequest.Create(u);
 
            w.Referer = "http://localhost:3871/FormsAuth/Login.aspx";
            w.CookieContainer = new CookieContainer();
            w.CookieContainer.Add(u, c);
 
            w.Method = "POST";
	        w.ContentType="application/x-www-form-urlencoded";
	        w.ContentLength = data.Length;
	        Stream newStream=w.GetRequestStream();
	        // Send the data.
	        newStream.Write(data,0,data.Length);
	        newStream.Close();
            w.Credentials = System.Net.CredentialCache.DefaultCredentials;
            string str = "";
            try
            {
                WebResponse r = w.GetResponse();
                Stream s = r.GetResponseStream();
                StreamReader reader = new StreamReader(s);
                str = reader.ReadToEnd();
            }
            catch (Exception ex)
            {
                str=ex.Message;
 
            }
 
            MessageBox.Show(str);

                             
                          

                    

Open in New Window

Accepted Solution

01.24.2008 at 05:22PM PST, ID: 20739285

thefridgeVFA:

While I still haven't worked out the details of session, cookies, and event validation I think you've given me enough to get there soon. The Fiddler tool is great! Thanks for that tip.

20080236-EE-VQP-29 / EE_QW_2_20070628