Link to home
Start Free TrialLog in
Avatar of shanemay
shanemayFlag for United States of America

asked on

Change the domain of a Cookie

I have code that generates an httpwebrequest and obtains two cookies, I am then trying to use those cookies to authenticate onto a website.  The problem is translating System.Net cookies and System.Http cookies.  The code below is what I am using.  If I try to change the domain of the cookie, it will not authenticate correctly, however, I have noticed that the browser will not store the cookie with different domain.  Not sure what to do.  Any help would be greatly appreciated.  I am close to making this work.  When the user attempts the autologin they see the two frames of the exchange mail box however, each frame is a login page.  Also, the page they hit is their correct mailbox.  

Just not sure where to go next....


Uri serverUri = new Uri(string.Format(AuthenticationUrl, scheme, host));
        
        HttpWebRequest webRequest = WebRequest.Create(serverUri) as HttpWebRequest;
 
        CookieContainer owaCookies = new CookieContainer();
 
        webRequest.CookieContainer = new CookieContainer();
        webRequest.ContentType = RequestContentType;
        webRequest.Method = RequestMethod;
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = false;
 
        byte[] body = Encoding.UTF8.GetBytes(string.Format(PostData, destination, domain, userName, password));
 
        webRequest.ContentLength = body.Length;
 
        using (Stream stream = webRequest.GetRequestStream())
        {
            stream.Write(body, 0, body.Length);
        }
        
        using (HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse)
        {
            foreach (Cookie aCookie in webResponse.Cookies)
            {
                owaCookies.Add(new Cookie(aCookie.Name, aCookie.Value, aCookie.Path, aCookie.Domain));
                
                if (aCookie.Name.ToLower() == "cadata")
                {//cadata needs to be secure. 
                    HttpCookie cookie = new HttpCookie(aCookie.Name);
                    cookie.Value = aCookie.Value;
                    cookie.Path = aCookie.Path;
                    cookie.Secure = true;
                    Response.Cookies.Add(cookie);
 
                    Response.Cookies[aCookie.Name].Domain = "mail domain";
                }
                else
                {//nothing changes. 
                    HttpCookie cookie = new HttpCookie(aCookie.Name);
                    cookie.Value = aCookie.Value;
                    cookie.Path = aCookie.Path;
                    Response.Cookies.Add(cookie);
 
                    Response.Cookies[aCookie.Name].Domain = "mail domain";
                }
            }
        }
        //Response.Redirect(destination);
 
        webRequest = WebRequest.Create(destination) as HttpWebRequest;
        webRequest.CookieContainer = owaCookies;
        webRequest.ContentType = RequestContentType;
        webRequest.Method = "GET";
        webRequest.KeepAlive = true;
        webRequest.AllowAutoRedirect = true;
 
        StreamReader responseStream = new StreamReader(webRequest.GetResponse().GetResponseStream());
 
        string responseData = responseStream.ReadToEnd();
 
        Response.Write(responseData);

Open in new window

Avatar of aibusinesssolutions
aibusinesssolutions
Flag of United States of America image

Are your two applications in two completely seperate domains? or in a subdomain or subfolder?
ASKER CERTIFIED SOLUTION
Avatar of aibusinesssolutions
aibusinesssolutions
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of shanemay

ASKER

Thank you for the reply, they are in completely separate domains, in fact, some of the applications are third party off site services, such as services for HR.  
Thank you for the help.