Log Into Website using WebRequest

AksharRoop

Hi Guys, I am writing an application that logs to a website and read its contents. Log in page of a web i am trying to connect is as follow: document.cookie="ttAuthInfo=; expires=Sat, 03-Jan-70 00:00:01 GMT"; document.cookie="ttloggedoff=t"; function doSubmit() { document.cookie='ttloggedoff=f'; try { if (window.parent&&window.parent.opener&&window.parent.opener.document&&window.parent.opener.document.LoginForm&&window.parent.opener.document.LoginForm.ttAuthUID) { window.parent.opener.document.LoginForm.ttAuthUID.value = document.LoginForm.ttAuthUID.value; window.parent.opener.document.LoginForm.ttAuthPWD.value = document.LoginForm.ttAuthPWD.value; document.LoginForm.RequestURL.value="StdPage&Template=loginformcln"; } } catch( er ) { // Catch an error } return true; } User Password I know that by writing code like following would make it for me:

HttpWebRequest request;
HttpWebResponse response;
CookieContainer cookies;
string url = string.Format("http://site.com/login?.login={0}&passwd={1}", cboUserName.Text, txtPassWord.Text);
request = (HttpWebRequest)WebRequest.Create(url);
request.AllowAutoRedirect = false;
request.CookieContainer = new CookieContainer();
response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode != HttpStatusCode.Found)
{
//ToDo: if the page wasn't found raise Exception //instead of this textmessage MessageBox.Show("Something Wrong");
response.Close();
request.KeepAlive = false;
return;
}
cookies = request.CookieContainer;
response.Close();
request = (HttpWebRequest)WebRequest.Create(http://site.com/Reqyestedoage.html);
request.AllowAutoRedirect = false;
request.CookieContainer = cookies;
response = (HttpWebResponse)request.GetResponse(); using (Stream s = response.GetResponseStream())
{
StreamReader sr = new StreamReader(s);
string line;
while (!sr.EndOfStream)
{
//todo read the page contents
}

Can anyone please tell me in my case what would be

Ben Fair

The URL will be completely dependant upon how the site works. In the example above you are using 2 QueryString parameters of 'login' and 'password'. So, if the site has been created to expect and to handle those parameters then it should work as is. If not, then this approach won't work at all. Another way of doing it would be to programmatically fill in the HttpRequest's Form elements (usually a username textbox and a password textbox) and hand-craft the Request data to be in a manner that the site expects. Doing something like that takes a very in-depth knowledge of Web technologies, specifically the HttpRequest and HttpResponse objects and the HttpRequest's Form values. You're basically doing programmatically what the browser normally does. I've had to do it this way before and it is not an easy undertaking. In my case, I had to use a free Java product called WebScarab while browsing the site normally (in my browser) to capture the Request/Response traffic. Then, I was able to use that information to construct the Request data in exactly the same manner as my browser, but filling in a different username and password. The HttpRequest only takes the request data in binary, so you'll have to take the Request text that you construct (after filling in the username and password) and convert it to a byte[] and that will be the Request data. You also have to take into consideration that you'll be sending the Request to some sort of Login page and that the site will probably redirect to another page if the login is successful. One other small note, when working with the Request data be sure you add the CookieContainer to the Request before you do anything with the Request stream, as I found out the hard way that adding the CookieContainer after closing the Request stream does not produce any kind of error, but the Cookies are not included in the Request and since ASP.NET mostly uses Cookies for SessionID you'll probably get some very unexpected results.

Keep It Simple Stupid! (KISS)