How to login a user to a website using HttpWebRequest and HttpWebResponse
I am trying to log a user into a site using HttpWebRequest or WebClient Class. I am having some trouble finding any really good resources or working examples.
A way of doing it would be to programmatically fill in the HttpRequest's Form elements (usually a username textbox and a password textbox) and hand-craft the Request data to be in a manner that the site expects. Doing something like that takes a very in-depth knowledge of Web technologies, specifically the HttpRequest and HttpResponse objects and the HttpRequest's Form values. You're basically doing programmatically what the browser normally does. I have a database with usernames and passwords and I am pulling the username and password and trying to programmatically submit login forms on their behalf.
I appreciate anyone's help with this. Thank you.
A way of doing it would be to programmatically fill in the HttpRequest's Form elements (usually a username textbox and a password textbox) and hand-craft the Request data to be in a manner that the site expects. Doing something like that takes a very in-depth knowledge of Web technologies, specifically the HttpRequest and HttpResponse objects and the HttpRequest's Form values. You're basically doing programmatically what the browser normally does. I have a database with usernames and passwords and I am pulling the username and password and trying to programmatically submit login forms on their behalf.
I appreciate anyone's help with this. Thank you.
string AuthenticationUrl = "{0}://{1}/exchweb/bin/auth/owaauth.dll";
string RequestContentType = "application/x-www-form-urlencoded";
string RequestMethod = "POST";
string PostData = "destination={0}&flags=0&username={1}\\{2}&password={3}&SubmitCreds=Log On&forcedownlevel=0&trusted=0";
string scheme = "https";
string destination = "https://url/exchange";
string usernameDomain = "domain";
string password = "password";
string host = "host";
string userName = "username";
Uri serverUri = new Uri(string.Format(AuthenticationUrl, scheme, host));
HttpWebRequest webRequest = WebRequest.Create(serverUri) as HttpWebRequest;
CookieContainer owaCookies = new CookieContainer();
webRequest.CookieContainer = new CookieContainer();
webRequest.ContentType = RequestContentType;
webRequest.Method = RequestMethod;
webRequest.KeepAlive = true;
webRequest.AllowAutoRedirect = false;
byte[] body = Encoding.UTF8.GetBytes(string.Format(PostData, destination, usernameDomain, userName, password));
webRequest.ContentLength = body.Length;
using(Stream stream = webRequest.GetRequestStream())
{
stream.Write(body, 0, body.Length);
}
using (HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse)
{
foreach (Cookie aCookie in webResponse.Cookies)
{
owaCookies.Add(new Cookie(aCookie.Name, aCookie.Value, aCookie.Path, aCookie.Domain));
}
}
webRequest = WebRequest.Create("https://mailurl/exchange/") as HttpWebRequest;
webRequest.CookieContainer = owaCookies;
webRequest.ContentType = RequestContentType;
webRequest.Method = "GET";
webRequest.KeepAlive = true;
webRequest.AllowAutoRedirect = false;
StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
string responseData = responseStream.ReadToEnd();
Response.Write(responseData);
ASKER
Thank you for the response, could you kindly explain a little more how that might work.
I cant see anything that stands out. Where is it failing?
I recently posted some code that helps post forms. It may help...
https://www.experts-exchange.com/questions/24151758/C-autonomous-web-browsing.html
I recently posted some code that helps post forms. It may help...
https://www.experts-exchange.com/questions/24151758/C-autonomous-web-browsing.html
This is not using integrated authentication but rather a posting to a form - ie replicating someone typing in a username and password in a web form and then authentication being done programmatically.
I would love to have a crack at this and I think I could do it but it would take quite a bit of time and I don't have that much spare time.
I would love to have a crack at this and I think I could do it but it would take quite a bit of time and I don't have that much spare time.
ensure that you not have an proxy between....
ASKER
Tiggerito thank you for the reply, It seems to get past the login page, however, after that I get the mail box page with frames and each frame displays the login form.
That sounds like the cookie collection you created is not being used to request the pages in the frames.
ASKER
Thank you for the reply, I appreciate your help. Looking at the code I posted, do you see how I might remedy it.
I don't see anything in your code that loads the frames?
Is it some other code that requests the mailbox page? If so it won't have your cookies and therefore won't be in the session that you logged into.
Is it some other code that requests the mailbox page? If so it won't have your cookies and therefore won't be in the session that you logged into.
ASKER
Thank you for the response, I thought I was requesting the page with the code below, I may be doing this completely wrong, I have had trouble finding a good example of this being done before. However, below is the code that I used to request the mail box page. It is the last bit of code from my first post.
webRequest = WebRequest.Create("https://mailurl/exchange/") as HttpWebRequest;
webRequest.CookieContainer = owaCookies;
webRequest.ContentType = RequestContentType;
webRequest.Method = "GET";
webRequest.KeepAlive = true;
webRequest.AllowAutoRedirect = false;
StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
string responseData = responseStream.ReadToEnd();
Response.Write(responseData);
You state that the page has frames and they are displaying the login prompt.
How are you viewing this?
The code you show just requests data from a url. I presume this data contains html which contains references to frames, which reference other urls. etc.
Are you taking this data and putting it into some sort of browser to view it? The browser will request these frame urls itself and will not have access to your cookies.
How are you viewing this?
The code you show just requests data from a url. I presume this data contains html which contains references to frames, which reference other urls. etc.
Are you taking this data and putting it into some sort of browser to view it? The browser will request these frame urls itself and will not have access to your cookies.
ASKER
Ok, I think I understand, the code form my first post is the code I have in button click event. The idea is that the user will be authenticated and logged into the exchange mail box. I just am not sure how programmitically authenticate the user.
Thank you for the response. Can you point me in the right direction. Not sure how to get to where I want to go.
Thank you for the response. Can you point me in the right direction. Not sure how to get to where I want to go.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Autentication via HTTPWebRequest can be doing in two ways:
- with NetworkCredential, see sample above
- thougth the url "http://user:pwd@destinationHost.com
Enable 'Exchange over the Internet' with http
http://technet.microsoft.com/en-us/library/bb124218(EXCHG.65).aspx
Listing Exchange Inbox Contents Using ADO
http://msdn.microsoft.com/pt-br/library/aa563007(en-us).aspx
Using Collaboration Data Objects (CDO) to check for new Exchange email
http://www.codeproject.com/KB/cs/gmcdoexmail.aspx
http://msdn.microsoft.com/en-us/library/ms526861.aspx
- with NetworkCredential, see sample above
- thougth the url "http://user:pwd@destinationHost.com
Enable 'Exchange over the Internet' with http
http://technet.microsoft.com/en-us/library/bb124218(EXCHG.65).aspx
Listing Exchange Inbox Contents Using ADO
http://msdn.microsoft.com/pt-br/library/aa563007(en-us).aspx
Using Collaboration Data Objects (CDO) to check for new Exchange email
http://www.codeproject.com/KB/cs/gmcdoexmail.aspx
http://msdn.microsoft.com/en-us/library/ms526861.aspx
ASKER
I know what you mean by the browser not having access to the cookie collection that I create. It seems that I am going down the wrong path, do you by chance know of another method in which I can programmitcally authenticate users into web sites. For example, exchange, hr, etc... We have different services that do not authenticate against AD and I am trying to emulate Single Sign On. Thank you for the advice, any help would be appreciated.
ASKER
What if I share the cookie with the browser using Response.Cookies.Add
No :-(
My only guess is you may be able to share cookies with an embedded browser. Could you clarify if this is what you are using, or a stand alone browser such as IE or firefox?
Maybe explaining more about the scenario could inspire a solution.
It seems you want to have an application that opens a browser application where the user is already logged in.
My only guess is you may be able to share cookies with an embedded browser. Could you clarify if this is what you are using, or a stand alone browser such as IE or firefox?
Maybe explaining more about the scenario could inspire a solution.
It seems you want to have an application that opens a browser application where the user is already logged in.
ASKER
I am using firefox, however other user may be using any browser. what I'm trying to do is simulate a pseudo-autologin feature on my site into another website. So for example, my code does an HttpRequest to a remote server that returns the Authentication cookie. I then want to send that cookie to the client so they can make regular requests to the remote server as an authenticated user, without having to go through my application again.
So far, I have been able to get the authentication cookie just fine, but I can't figure out a way to send it to client. I was hoping i could just add it to the current HttpResponse and send it to the client that way, but it uses HttpCookies, not .Net.Cookies, which is what the HttpWebResponse object returns from my "behind-the-scenes" post. Maybe there is a better way to achieve my goals.
Again, I really appreciate your help.
So far, I have been able to get the authentication cookie just fine, but I can't figure out a way to send it to client. I was hoping i could just add it to the current HttpResponse and send it to the client that way, but it uses HttpCookies, not .Net.Cookies, which is what the HttpWebResponse object returns from my "behind-the-scenes" post. Maybe there is a better way to achieve my goals.
Again, I really appreciate your help.
cookies can't cross over websites nor clients so I don't think this path will work. Your server is logging into the website, but it can't transfer that to your clients web browser.
What has to happen is their browser loads the other websites login page and posts the login.
You may be able to do that by having your own login form on your website that posts to the other website. (some websites protect from this!)
This may then be automated by adding javascript to the page that auto fills and posts the form when it it loaded in the browser.
Finally, you could place this page in a tiny iframe on your website pages where login is needed. So it is silently loaded and automatically logs in the user.
What has to happen is their browser loads the other websites login page and posts the login.
You may be able to do that by having your own login form on your website that posts to the other website. (some websites protect from this!)
This may then be automated by adding javascript to the page that auto fills and posts the form when it it loaded in the browser.
Finally, you could place this page in a tiny iframe on your website pages where login is needed. So it is silently loaded and automatically logs in the user.
ASKER
Thank you for the reply, I tried having the javacript auto post the form for me, however, I do not know how to avoid showing the username and password. Every attempt to do this has been insecure. Any thoughts on how I might do this without displaying (on screen or in the code) the username and password of the user?
Again, Thank you for your help.
Again, Thank you for your help.
ASKER
Thank you for your help.
System.Net.NetworkCredenti
webRequest.Credentials = cred;