?
Solved

Change the domain of a Cookie

Posted on 2009-02-24
4
Medium Priority
?
988 Views
Last Modified: 2013-11-19
I have code that generates an httpwebrequest and obtains two cookies, I am then trying to use those cookies to authenticate onto a website.  The problem is translating System.Net cookies and System.Http cookies.  The code below is what I am using.  If I try to change the domain of the cookie, it will not authenticate correctly, however, I have noticed that the browser will not store the cookie with different domain.  Not sure what to do.  Any help would be greatly appreciated.  I am close to making this work.  When the user attempts the autologin they see the two frames of the exchange mail box however, each frame is a login page.  Also, the page they hit is their correct mailbox.  

Just not sure where to go next....


Uri serverUri = new Uri(string.Format(AuthenticationUrl, scheme, host));
        
        HttpWebRequest webRequest = WebRequest.Create(serverUri) as HttpWebRequest;
 
        CookieContainer owaCookies = new CookieContainer();
 
        webRequest.CookieContainer = new CookieContainer();
        webRequest.ContentType = RequestContentType;
        webRequest.Method = RequestMethod;
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = false;
 
        byte[] body = Encoding.UTF8.GetBytes(string.Format(PostData, destination, domain, userName, password));
 
        webRequest.ContentLength = body.Length;
 
        using (Stream stream = webRequest.GetRequestStream())
        {
            stream.Write(body, 0, body.Length);
        }
        
        using (HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse)
        {
            foreach (Cookie aCookie in webResponse.Cookies)
            {
                owaCookies.Add(new Cookie(aCookie.Name, aCookie.Value, aCookie.Path, aCookie.Domain));
                
                if (aCookie.Name.ToLower() == "cadata")
                {//cadata needs to be secure. 
                    HttpCookie cookie = new HttpCookie(aCookie.Name);
                    cookie.Value = aCookie.Value;
                    cookie.Path = aCookie.Path;
                    cookie.Secure = true;
                    Response.Cookies.Add(cookie);
 
                    Response.Cookies[aCookie.Name].Domain = "mail domain";
                }
                else
                {//nothing changes. 
                    HttpCookie cookie = new HttpCookie(aCookie.Name);
                    cookie.Value = aCookie.Value;
                    cookie.Path = aCookie.Path;
                    Response.Cookies.Add(cookie);
 
                    Response.Cookies[aCookie.Name].Domain = "mail domain";
                }
            }
        }
        //Response.Redirect(destination);
 
        webRequest = WebRequest.Create(destination) as HttpWebRequest;
        webRequest.CookieContainer = owaCookies;
        webRequest.ContentType = RequestContentType;
        webRequest.Method = "GET";
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = true;
 
        StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
 
        string responseData = responseStream.ReadToEnd();
 
        Response.Write(responseData);

Open in new window

0
Comment
Question by:shanemay
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23726428
Are your two applications in two completely seperate domains? or in a subdomain or subfolder?
0
 
LVL 15

Accepted Solution

by:
aibusinesssolutions earned 1500 total points
ID: 23726435
0
 

Author Comment

by:shanemay
ID: 23726480
Thank you for the reply, they are in completely separate domains, in fact, some of the applications are third party off site services, such as services for HR.  
0
 

Author Closing Comment

by:shanemay
ID: 31550741
Thank you for the help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month14 days, 12 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question