Click here to Skip to main content
13,089,943 members (42,667 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as

Stats

23.9K views
6 bookmarked
Posted 11 Jan 2011

Fetching ASP.NET Authenticated Page with HTTPWebRequest

, 15 Jan 2011
Rate this:
Please Sign up or sign in to vote.
How to fetch ASP.NET authenticated page with HTTPWebRequest

For some purposes, we needed to fetch data from an authenticated page of ASP.NET. When I tried to browse that page, it went to the login page. In the login page, there is user name and password field and we want to login to the page clicking on submit button.

In this case, when user types user name and password and submits, then in server side, there has code on button click handler to check user name and password. So for authenticating to the page using HTTPWebRequest, we need to know how ASP.NET sends event to submit click handler. ASP.NET page has two hidden variables to understand from server-side which button is clicked.

<input type="hidden" name="__EVENTTARGET" 

id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" 

id="__EVENTARGUMENT" value="" />

And also when button is clicked, then a JavaScript function is called which sets the name of the button in __EVENTTARGET and command argument in _EVENTARGUMENT:

function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}

So if we set the __EVENTTARGET value as button name, then in server side of ASP.NET page life cycle, it raises a postback event and calls the Button event with the argument. You can see the button argument to understand which event is set to __EVENTARGUMENT hidden variable. The page which we want to authenticate has nothing as command argument. so it goes as empty string. So when we request data, we have to send username, password, and also __EVENTARGET as button name and __EVENTARGUMENT as empty string. Then it will call the Button event with user name and password.

Our used HTTP web request class looks like this:

public WebPostRequest(string url, CookieContainer  cookieContainer) 
       { 
            theRequest = (HttpWebRequest)WebRequest.Create(url); 
            theRequest.CookieContainer = cookieContainer; 
           theRequest.Method = "POST"; 
           theQueryData = new ArrayList(); 
       }
public void Add(string key, string value) 
      { 
          theQueryData.Add(String.Format("{0}={1}", key, HttpUtility.UrlEncode(value))); 
      }

Here, you can see it creates a request and sets the cookie container with the given cookie. As we are authenticating the page so authenticated session is stored in cookie. So we need to assign the cookie container where cookies will be stored so that sending the same cookie, we can request other page which we want to actually request.

So for the first time when we want to login to the page, then we create the request like:

CookieContainer cookieContainer = new CookieContainer(); 
          WebPostRequest myPost = new WebPostRequest(
               http://samplehost/sample/LoginAdmin.aspx, cookieContainer); 
               myPost.Add("LoginAdmin$UserName", "username"); 
          myPost.Add("LoginAdmin$Password", "password"); 
          myPost.Add("__EVENTTARGET", "LoginAdmin$SubmitButton"); 
          myPost.Add("__EVENTARGUMENT", "");
myPost.GetResponse();

You can see here a cookie container is added and trying to authenticate by calling LoginAdmin.aspx page adding query data. Now when we try to GetResponse with post request, then it will fill the cookie information in the cookie container. So next time, we will send this cookie container for request and the site will treat me as authenticated user. So the response code here:

public string GetResponse() 
       {// Set the encoding type 
           theRequest.ContentType = "application/x-www-form-urlencoded"; 
           // Build a string containing all the parameters 
           string Parameters = String.Join("&", 
               (String[])theQueryData.ToArray(typeof(string))); 
           theRequest.ContentLength = Parameters.Length; 
           // We write the parameters into the request 
           StreamWriter sw = new StreamWriter(theRequest.GetRequestStream()); 
           sw.Write(Parameters); 
           sw.Close(); 
           // Execute the query 
           theResponse = (HttpWebResponse)theRequest.GetResponse(); 
           StreamReader sr = new StreamReader(theResponse.GetResponseStream()); 
           HttpStatusCode code = theResponse.StatusCode; 
           return sr.ReadToEnd(); 
       }

From the response string, you can understand that you have authenticated to the page. But other target page was not the LoginAdmin.aspx. We called this page for authentication and also get authenticated cookie in our cookie container. So now, we can send request again with then same cookie container to get the output of desired page.

myPost = new WebPostRequest("http://samplehost/sample/Targetpage.aspx", cookieContainer); 
            myPost.Add("ctl00$cphPage$txtDate", "04/11/2010"); 
                    myPost.Add("__EVENTTARGET", "ctl00_cphPage_btnSend"); 
            myPost.Add("__EVENTARGUMENT", ""); 
            string FinalRespose = myPost.GetResponse();

So far, I have discussed here how we can request an authenticated ASP.NET authenticated page using HTTPWebRequest to fetch data from code. After that, we can do anything with the retrieved output.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Syed BASHAR
Software Developer
Bangladesh Bangladesh
Name SYED MD. ABUL BASHAR
Email ID: miltoncse00@gmail.com

I am now working as software engineer in Malaysia. I am from Bangladesh and I have completed my B.Sc (Engg.) in CSE from Rajshahi University of Engineering and Technology (RUET).I spend much time in learning latest technology.

My LinkedIn Profile : http://bd.linkedin.com/in/miltoncse00[^]

My blog :http://ciintelligence.blogspot.com/[^]

You may also be interested in...

Comments and Discussions

 
GeneralReg: how to get data from any asp web page Pin
prasun prakash31-May-11 0:08
memberprasun prakash31-May-11 0:08 
GeneralError on this code Pin
prasun prakash26-May-11 5:58
memberprasun prakash26-May-11 5:58 
GeneralRe: Error on this code Pin
Syed BASHAR27-May-11 23:04
memberSyed BASHAR27-May-11 23:04 
GeneralRe: Error on this code Pin
prasun prakash30-May-11 23:46
memberprasun prakash30-May-11 23:46 
GeneralRe: Error on this code Pin
prasun prakash30-May-11 23:49
memberprasun prakash30-May-11 23:49 
Generalthanks for sharing - have 5 Pin
Pranay Rana15-Jan-11 8:04
memberPranay Rana15-Jan-11 8:04 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170813.1 | Last Updated 15 Jan 2011
Article Copyright 2011 by Syed BASHAR
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid