thefridgeVFA
asked on
Using WebBrowser credentials for WebRequest object
I'm building a .NET windows forms application to access an ASP.NET web app. The web app allows users to generate custom reports in Excel format and then download them.
I have used a WebBrowser control and DOM to log on to the site and generate the report I want. I'm now trying to download the report without getting the Open/Save UI dialog. I think I can do this by using system.net.webrequest to access the URI of the generated report. The problem is getting the appropriate credentials for the browser session to the webrequest. Running the webrequest now just returns a log-in page for the site. I've tried a number of methods that don't work and hope someone here can point me to the correct way to do this. Thanks.
I have used a WebBrowser control and DOM to log on to the site and generate the report I want. I'm now trying to download the report without getting the Open/Save UI dialog. I think I can do this by using system.net.webrequest to access the URI of the generated report. The problem is getting the appropriate credentials for the browser session to the webrequest. Running the webrequest now just returns a log-in page for the site. I've tried a number of methods that don't work and hope someone here can point me to the correct way to do this. Thanks.
ASKER
This is one of the things I tried unsuccessfully. It just returns the login page. I think I need to get the session credentials from the WebBrowser cookies and transfer them to the WebRequest Credentials.
is the ASP.net web app using forms authentication?
do you have any control over the web app or is it external?
do you have any control over the web app or is it external?
Here's a thought, do you think you could get the user to type their login credentials into your app?
if so, If its forms authentication, you could use fiddler or something to enable you to spoof a login.
try this:
open up url you are trying to download in your browser (you should get the login page)
turn on fiddler (http://www.fiddlertool.com)
hit "log in"
get the form data from fiddler, use that info to create your web request, like:
(also seems to need a cookie set to work, but doesn't seem to care what that cookie is)
if so, If its forms authentication, you could use fiddler or something to enable you to spoof a login.
try this:
open up url you are trying to download in your browser (you should get the login page)
turn on fiddler (http://www.fiddlertool.com)
hit "log in"
get the form data from fiddler, use that info to create your web request, like:
(also seems to need a cookie set to work, but doesn't seem to care what that cookie is)
string UserName = "the_crazed";
string Password = "password";
string LoginUrl = "http://localhost/Reports/Login.aspx";
string RequiredUrl = "/Reports/Report1.aspx?arg1=arg";
ASCIIEncoding encoding=new ASCIIEncoding();
string postData = "UserEmail=" + UserName;
postData += ("&UserPass=" + Password);
postData += ("&__VIEWSTATE=" + "dDwxNDk4NTExNDg3OztsPFBlcnNpc3Q7Pj6Eyncow4uVa/NxzavPfMvSqZKDFg==");
postData += ("&Submit1=Log On");
byte[] data = encoding.GetBytes(postData);
System.Net.Cookie c = new Cookie("DUMMY", "");
Uri u = new Uri(LoginUrl + "?ReturnUrl=" + RequiredUrl);
System.Net.HttpWebRequest w = (HttpWebRequest)System.Net.WebRequest.Create(u);
w.CookieContainer = new CookieContainer();
w.CookieContainer.Add(u, c);
w.Method = "POST";
w.ContentType="application/x-www-form-urlencoded";
w.ContentLength = data.Length;
Stream newStream=w.GetRequestStream();
// Send the data.
newStream.Write(data,0,data.Length);
newStream.Close();
w.Credentials = System.Net.CredentialCache.DefaultCredentials;
string str = "";
try
{
WebResponse r = w.GetResponse();
Stream s = r.GetResponseStream();
StreamReader reader = new StreamReader(s);
str = reader.ReadToEnd();
}
catch (Exception ex)
{
str=ex.Message;
}
MessageBox.Show(str);
ASKER
Excellent. I think we're on the right track. Yes, it's forms authentication and I do have access to the user credentials.
When I tried your technique I received the following error:
"An unexpected error has occurred.
Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.Regist
Do I need to grab an event validation token and return it?
When I tried your technique I received the following error:
"An unexpected error has occurred.
Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.Regist
Do I need to grab an event validation token and return it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
While I still haven't worked out the details of session, cookies, and event validation I think you've given me enough to get there soon. The Fiddler tool is great! Thanks for that tip.
Open in new window