We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

How to login a user to a website using HttpWebRequest and HttpWebResponse

shanemay
shanemay asked
on
Medium Priority
4,360 Views
Last Modified: 2013-11-19
I am trying to log a user into a site using HttpWebRequest or WebClient Class.  I am having some trouble finding any really good resources or working examples.  

A way of doing it would be to programmatically fill in the HttpRequest's Form elements (usually a username textbox and a password textbox) and hand-craft the Request data to be in a manner that the site expects. Doing something like that takes a very in-depth knowledge of Web technologies, specifically the HttpRequest and HttpResponse objects and the HttpRequest's Form values. You're basically doing programmatically what the browser normally does.  I have a database with usernames and passwords and I am pulling the username and password and trying to programmatically submit login forms on their behalf.  

I appreciate anyone's help with this.  Thank you.
string AuthenticationUrl = "{0}://{1}/exchweb/bin/auth/owaauth.dll";
        string RequestContentType = "application/x-www-form-urlencoded";
        string RequestMethod = "POST";
        string PostData = "destination={0}&flags=0&username={1}\\{2}&password={3}&SubmitCreds=Log On&forcedownlevel=0&trusted=0";
        string scheme = "https";
        string destination = "https://url/exchange";
        string usernameDomain = "domain";
        string password = "password";
        string host = "host";
        string userName = "username";
 
 
        Uri serverUri = new Uri(string.Format(AuthenticationUrl, scheme, host));
 
        HttpWebRequest webRequest = WebRequest.Create(serverUri) as HttpWebRequest;
 
        CookieContainer owaCookies = new CookieContainer();
 
        webRequest.CookieContainer = new CookieContainer();
        webRequest.ContentType = RequestContentType;
        webRequest.Method = RequestMethod;
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = false;
 
        byte[] body = Encoding.UTF8.GetBytes(string.Format(PostData, destination, usernameDomain, userName, password));
 
        webRequest.ContentLength = body.Length;
 
        using(Stream stream = webRequest.GetRequestStream())
        {
            stream.Write(body, 0, body.Length);
        }
 
        using (HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse)
        {
            foreach (Cookie aCookie in webResponse.Cookies)
            {
                owaCookies.Add(new Cookie(aCookie.Name, aCookie.Value, aCookie.Path, aCookie.Domain));
            }
        }
 
        webRequest = WebRequest.Create("https://mailurl/exchange/") as HttpWebRequest;
        webRequest.CookieContainer = owaCookies;
        webRequest.ContentType = RequestContentType;
        webRequest.Method = "GET";
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = false;
 
        StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
 
        string responseData = responseStream.ReadToEnd();
 
        Response.Write(responseData);

Open in new window

Comment
Watch Question

use

System.Net.NetworkCredential cred = new System.Net.NetworkCredential( "user", "pwd" );
webRequest.Credentials = cred;

Author

Commented:
Thank you for the response, could you kindly explain a little more how that might work.
Tony McCreathTechnical SEO Consultant

Commented:
I cant see anything that stands out. Where is it failing?

I recently posted some code that helps post forms. It may help...

http://www.experts-exchange.com/Programming/Languages/C_Sharp/Q_24151758.html

This is not using integrated authentication but rather a posting to a form - ie replicating someone typing in a username and password in a web form and then authentication being done programmatically.
I would love to have a crack at this and I think I could do it but it would take quite a bit of time and I don't have that much spare time.
ensure that you not have an proxy between....

Author

Commented:
Tiggerito thank you for the reply, It seems to get past the login page, however, after that I get the mail box page with frames and each frame displays the login form.  
Tony McCreathTechnical SEO Consultant

Commented:
That sounds like the cookie collection you created is not being used to request the pages in the frames.

Author

Commented:
Thank you for the reply, I appreciate your help.  Looking at the code I posted, do you see how I might remedy it.  
Tony McCreathTechnical SEO Consultant

Commented:
I don't see anything in your code that loads the frames?

Is it some other code that requests the mailbox page? If so it won't have your cookies and therefore won't be in the session that you logged into.

Author

Commented:
Thank you for the response, I thought I was requesting the page with the code below, I may be doing this completely wrong, I have had trouble finding a good example of this being done before.  However, below is the code that I used to request the mail box page.  It is the last bit of code from my first post.  

webRequest = WebRequest.Create("https://mailurl/exchange/") as HttpWebRequest;
        webRequest.CookieContainer = owaCookies;
        webRequest.ContentType = RequestContentType;
        webRequest.Method = "GET";
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = false;
 
        StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
 
        string responseData = responseStream.ReadToEnd();
 
        Response.Write(responseData);

Open in new window

Tony McCreathTechnical SEO Consultant

Commented:
You state that the page has frames and they are displaying the login prompt.

How are you viewing this?

The code you show just requests data from a url. I presume this data contains html which contains references to frames, which reference other urls. etc.

Are you taking this data and putting it into some sort of browser to view it? The browser will request these frame urls itself and will not have access to your cookies.

Author

Commented:
Ok, I think I understand, the code form my first post is the code I have in button click event.  The idea is that the user will be authenticated and logged into the exchange mail box.   I just am not sure how programmitically authenticate the user.  

Thank you for the response.  Can you point me in the right direction.  Not sure how to get to where I want to go.  
Technical SEO Consultant
Commented:
So how do they view the page? Internet Explorer, Firefox, Built in .Net Browser.

Your logging in the user to your .net web requests only. This is controlled by the shared cookie collection you create.

Nothing else, such as an external browser has access to this session.

I don't think what you are doing can work. Maybe using an embedded browser, you can share the cookies with it. I'm sure there is no way to share cookies with external browsers.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Autentication via HTTPWebRequest can be doing in two ways:
 - with NetworkCredential, see sample above
 - thougth the url "http://user:pwd@destinationHost.com
 Enable 'Exchange over the Internet' with http
 http://technet.microsoft.com/en-us/library/bb124218(EXCHG.65).aspx

Listing Exchange Inbox Contents Using ADO
http://msdn.microsoft.com/pt-br/library/aa563007(en-us).aspx

Using Collaboration Data Objects (CDO) to check for new Exchange email
http://www.codeproject.com/KB/cs/gmcdoexmail.aspx
http://msdn.microsoft.com/en-us/library/ms526861.aspx

Author

Commented:
I know what you mean by the browser not having access to the cookie collection that I create.  It seems that I am going down the wrong path, do you by chance know of another method in which I can programmitcally authenticate users into web sites.  For example, exchange, hr, etc...  We have different services that do not authenticate against AD and I am trying to emulate Single Sign On.  Thank you for the advice, any help would be appreciated.  

Author

Commented:
What if I share the cookie with the browser using Response.Cookies.Add
Tony McCreathTechnical SEO Consultant

Commented:
No :-(

My only guess is you may be able to share cookies with an embedded browser. Could you clarify if this is what you are using, or a stand alone browser such as IE or firefox?

Maybe explaining more about the scenario could inspire a solution.

It seems you want to have an application that opens a browser application where the user is already logged in.

Author

Commented:
I am using firefox, however other user may be using any browser. what I'm trying to do is simulate a pseudo-autologin feature on my site into another website. So for example, my code does an HttpRequest to a remote server that returns the Authentication cookie. I then want to send that cookie to the client so they can make regular requests to the remote server as an authenticated user, without having to go through my application again.

So far, I have been able to get the authentication cookie just fine, but I can't figure out a way to send it to client. I was hoping i could just add it to the current HttpResponse and send it to the client that way, but it uses HttpCookies, not .Net.Cookies, which is what the HttpWebResponse object returns from my "behind-the-scenes" post.  Maybe there is a better way to achieve my goals.  

Again, I really appreciate your help.
Tony McCreathTechnical SEO Consultant

Commented:
cookies can't cross over websites nor clients so I don't think this path will work. Your server is logging into the website, but it can't transfer that to your clients web browser.

What has to happen is their browser loads the other websites login page and posts the login.

You may be able to do that by having your own login form on your website that posts to the other website. (some websites protect from this!)

This may then be automated by adding javascript to the page that auto fills and posts the form when it it loaded in the browser.

Finally, you could place this page in a tiny iframe on your website pages where login is needed. So it is silently loaded and automatically logs in the user.

Author

Commented:
Thank you for the reply, I tried having the javacript auto post the form for me, however, I do not know how to avoid showing the username and password.  Every attempt to do this has been insecure. Any thoughts on how I might do this without displaying (on screen or in the code) the username and password of the user?


Again, Thank you for your help.

Author

Commented:
Thank you for your help.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.