Click here to Skip to main content
Click here to Skip to main content

Tagged as

Go to top

Fetching ASP.NET authenticated page with HTTPWebRequest

, 15 Jan 2011
Rate this:
Please Sign up or sign in to vote.
CodeProjectFor some purposes we needed to fetch data from an authenticated page of asp.net. When I try to browse that page it go to the login page. In the login page there have user name and password field and want to login to the page clicking on submit button. In this case when user type user name

For some purposes we needed to fetch data from an authenticated page of ASP.NET. When I try to browse that page it go to the login page. In the login page there have user name and password field and want to login to the page clicking on submit button.

In this case when user type user name and password and submit then in server side there has code on button click handler to check user name and password. So for authenticating to the page using HTTPWebRequest we need to know how ASP.NET send event to submit click handler. ASP.NET page has two hidden variables understand from server-side which button is clicked.

<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />

And also when button is clicked then a javascript function is called which set the name of the button in __EVENTTARGET and command argument in _EVENTARGUMENT

function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}

So if we set the __EVENTTARGET value as button name then in server side of ASP.NET page life cycle it it raise postback event and call the Button event with the argument. You can see the button argument to understand which event is set to __EVENTARGUMENT hidden variable. The page which we want to authenticate have nothing as command argument. so it go as empty string. So when we request data we have to send username, password, and also __EVENTARGET as button name and __EVENTARGUMENT as empty string. Then it will call the Button event with user name and password.

Our used HTTP web request class looks like this

public WebPostRequest(string url, CookieContainer  cookieContainer) 
       { 
            theRequest = (HttpWebRequest)WebRequest.Create(url); 
            theRequest.CookieContainer = cookieContainer; 
           theRequest.Method = "POST"; 
           theQueryData = new ArrayList(); 
       }
public void Add(string key, string value) 
      { 
          theQueryData.Add(String.Format("{0}={1}", key, HttpUtility.UrlEncode(value))); 
      }

Here you can see it create a request and set the cookie container with give cookie. As we are authenticating the page so authenticated session is stored in cookie. So we need to assign the cookie container were cookies will be stored so that sending the same cookie we can request other page which we want to actually request.

So for first time when we want to login to the page then the we create the request like

CookieContainer cookieContainer = new CookieContainer(); 
          WebPostRequest myPost = new WebPostRequest(
               http://samplehost/sample/LoginAdmin.aspx, cookieContainer); 
               myPost.Add("LoginAdmin$UserName", "username"); 
          myPost.Add("LoginAdmin$Password", "password"); 
          myPost.Add("__EVENTTARGET", "LoginAdmin$SubmitButton"); 
          myPost.Add("__EVENTARGUMENT", "");
myPost.GetResponse();

You can see here a cookie container is added and trying to authenticate by calling LoginAdmin.aspx page adding query data . Now when we try to GetResponse with post request then it will fill the cookie information in the cookie container. So next time we will send this cookie container for request and the site will treat me as authenticated user. So the response code here

public string GetResponse() 
       {// Set the encoding type 
           theRequest.ContentType = "application/x-www-form-urlencoded"; 
           // Build a string containing all the parameters 
           string Parameters = String.Join("&", 
               (String[])theQueryData.ToArray(typeof(string))); 
           theRequest.ContentLength = Parameters.Length; 
           // We write the parameters into the request 
           StreamWriter sw = new StreamWriter(theRequest.GetRequestStream()); 
           sw.Write(Parameters); 
           sw.Close(); 
           // Execute the query 
           theResponse = (HttpWebResponse)theRequest.GetResponse(); 
           StreamReader sr = new StreamReader(theResponse.GetResponseStream()); 
           HttpStatusCode code = theResponse.StatusCode; 
           return sr.ReadToEnd(); 
       }

from the response string you can understand that you have authenticated to the page. But other target page was not the LoginAdmin.aspx. We called this page for authentication and also get authenticated cookie in our cookie container. So now we can send request again with then same cookie container to get the output of desired page.

myPost = new WebPostRequest("http://samplehost/sample/Targetpage.aspx", cookieContainer); 
            myPost.Add("ctl00$cphPage$txtDate", "04/11/2010"); 
                    myPost.Add("__EVENTTARGET", "ctl00_cphPage_btnSend"); 
            myPost.Add("__EVENTARGUMENT", ""); 
            string FinalRespose = myPost.GetResponse();

So far I have discussed here how we can request a authenticated authenticated ASP.NET authenticated page using HTTPWebRequest to fetch data from code. After that we can do anything with the retrieved output.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Syed BASHAR
Software Developer
Bangladesh Bangladesh
Name SYED MD. ABUL BASHAR
Email ID: miltoncse00@gmail.com
 
I am now working as software engineer in Malaysia. I am from Bangladesh and I have completed my B.Sc (Engg.) in CSE from Rajshahi University of Engineering and Technology (RUET).I spend much time in learning latest technology.
 
My LinkedIn Profile : http://bd.linkedin.com/in/miltoncse00[^]
 
My blog :http://ciintelligence.blogspot.com/[^]

Comments and Discussions

 
GeneralReg: how to get data from any asp web page Pinmemberprasun prakash31-May-11 0:08 
GeneralError on this code Pinmemberprasun prakash26-May-11 5:58 
GeneralRe: Error on this code PinmemberSyed BASHAR27-May-11 23:04 
GeneralRe: Error on this code Pinmemberprasun prakash30-May-11 23:46 
GeneralRe: Error on this code Pinmemberprasun prakash30-May-11 23:49 
Generalthanks for sharing - have 5 PinmemberPranay Rana15-Jan-11 8:04 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140926.1 | Last Updated 15 Jan 2011
Article Copyright 2011 by Syed BASHAR
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid