Click here to Skip to main content
13,860,826 members
Click here to Skip to main content
Add your own
alternative version


49 bookmarked
Posted 27 Oct 2003

Generate Valid MSNP9 ClientTicket

Rate this:
Please Sign up or sign in to vote.
This article shows you how to get a valid ClientTicket for connecting to a MSN server


MSN messenger is a well known program. It lets you communicate with other users through Instant Messaging. Some people like to write their own MSN messenger, so that they can make some own adjustments and cool features. I have written, together with another student, our own MSN client in C#.  Recently Microsoft no longer supported protocols below MSNP 8. So I had to adjust our program to use MSNP9 (it used MSNP7).

With this little article I would like to explain how you can connect to MSN again with use of the MSNP9 protocol. Note this article only describes how you can get a valid TicketId. The rest of the connection is another part. If somebody is interested in that part, email me so that I post that information right here.

Generating a Client Ticket

There are two functions that I have used to write this. You can do this in one function. But the function GetLoginServerAddres() is actually an optional function, because the addresses do not change often. First we define some variables, to make it a bit easier. We could use a IDictionary here to get a Key Mapping. But the response is a static response so we could leave it like this.

public int DARREALM         = 0;
public int DALOGIN          = 1;
public int DAREG            = 2;
public int PROPERTIES       = 3;
public int GENERALDIR       = 4;
public int HELP             = 5;
public int CONFIGVERSION    = 6;

public ArrayList PassportUrls;

Now we can start getting the ClientTicket.

First you call the function GetClientTicket() with 3 parameters, first the password, second a valid username and last a valid ChallengeString (you get a valid challengestring while connecting to a MSN server, after that you have to send a clienticket to a MSN server to get authenticated)

public string GetClientTicket(string Password, string Username, 
    string ChallengeString)

First thing that the function GetClientTicket() does is to call the GetLoginServerAdress() function.

This function does not need any parameters. Lets look at this function. First it connects to the nexus server.

HttpWebRequest ServerRequest = (HttpWebRequest)WebRequest.Create(
HttpWebResponse ServerResponse = (HttpWebResponse)ServerRequest.GetResponse();

If all succeeds, the response will look like this

<PRE class=server lang=text
HTTP/1.1 200 OK \r\n
Server: Microsoft-IIS/5.0\r\n
Date: Mon, 28 Okt 2003 11:57:47 GMT\r\n
Connection: close\r\n
Content-Length: 0\r\n
Content-Type: text/html\r\n
Cache-control: private\r\n
\r\n </CODE>

<p>If the result is OK </p><pre lang="cs">if (ServerResponse.StatusCode == HttpStatusCode.OK)
<p>Then pick up the result </p><pre lang="cs">string retrieveddata = ServerResponse.Headers.ToString();</pre>
<p>Get the line for <code>PassportURL
s and last split it and put it in the ArrayList

PassportUrls = new ArrayList();
string[] result = ServerResponse.Headers.Get("PassportURLs").Split(',');
foreach (string s in result)
    // The actual adres is provided behind the '=' sign
    PassportUrls.Add(s.Substring(s.IndexOf('=') + 1));

If the GetLoginServerAdress() is ready, return to the GetClientTicket()

Now we have a valid address on the DALOGIN position

string uri = "https://" + PassportUrls[DALOGIN];

HttpWebRequest ServerRequest;
HttpWebResponse ServerResponse;

The login can be redirected to another server. Because you can not predict the amount of attempts that you will need for login, so put this step in an endless loop.

while( true )

Make a new request, and set some properties. (protocol 1.0 works better that 1.1)

ServerRequest = (HttpWebRequest)HttpWebRequest.Create(uri);
ServerRequest.AllowAutoRedirect = false;
ServerRequest.Pipelined = false;
ServerRequest.KeepAlive = false;
ServerRequest.ProtocolVersion = new Version(1,0);

Build the authentication header, this will be sent to the TicketServer. And get the response.

  "Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in=" 
   + Username.Replace("@", "%40") + ",pwd=" + Password + "," 
   + ChallengeString + "\n");
ServerResponse = (HttpWebResponse)ServerRequest.GetResponse();

Know we look at the status-code of the response. If it is OK then we have to parse the Authentication-Info

if (ServerResponse.StatusCode == HttpStatusCode.OK)
    // Pick up the information of the authentications
    string AuthenticationInfo = ServerResponse.Headers.Get(
    // Get the startposition of the ticket id (note it is between two quotes)
    int startposition = AuthenticationInfo.IndexOf('\'');
    // Get the endposition 
    int endposition = AuthenticationInfo.LastIndexOf('\'');
    // Substract the startposition of the endposition
    endposition = endposition - startposition ;

    // Close connection

    // Generate a new substring and return it
    return AuthenticationInfo.Substring(startposition + 1, endposition -1 );


Here is a OK response from the MSN server, in the Authentication-Info line you see between two quotes a valid clientticket (start from "from-PP=").

<PRE class=server lang=text
HTTP/1.1 200 OK </CODE>\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Mon, 28 Okt 2003 11:57:49 GMT\r\n
PPServer: H: LAWPPIIS6B061\r\n
Connection: close\r\n
Content-Type: text/html\r\n
Expires: Mon, 02 Jun 2003 11:58:00 GMT\r\n
Cache-Control: no-cache\r\n
cachecontrol: no-store\r\n
Pragma: no-cache\r\n
    MSPSec1= ; expires=Thu, 30-Oct-1980 16:00:00 GMT;;path=/;HTTPOnly=;version=1 \r\n
    HTTPOnly= ;;path=/;secure=\r\n
    HTTPOnly= ;;path=/\r\n
    MSPProf=5a0mKE6PKDsxz!*4apQt0amnQOGLYqcCm78ie! MmHq0KnA
    HTTPOnly= ;;path=/\r\n
    HTTPOnly= ;;path=/;
            Expires=Wed, 30-Dec-2037 16:00:00 GMT \r\n
Set-Cookie: MSPShared= ; 
    HTTPOnly= ;;path=/;
            Expires=Thu, 30-Oct-1980 16:00:00 GMT\r\n
Content-Length: 0\r\n
\r\nIf the statuscode is 302, then there is a redirect, read the new 
address and connect again (we are still in the while loop) <pre lang="cs">else if (ServerResponse.StatusCode == HttpStatusCode.Found)
    uri = ServerResponse.Headers.Get("Location");
<p>Here is a redirect response from the server. You see in the location part 
that there is a new login address. </p><PRE class=server lang=text <code>HTTP/1.1 302 Found</CODE>\r\n
Date: Mon, 28 Okt 2003 11:57:48 GMT\r\n
PPServer: H: LAWPPLOG5C006\r\n
Connection: close\r\n
Content-Type: text/html\r\n
Expires: Mon, 02 Jun 2003 11:57:32 GMT\r\n
Cache-Control: no-cache\r\n
cachecontrol: no-store\r\n
Pragma: no-cache\r\n
Authentication-Info: Passport1.4 da-status=redir\r\n

<p>A last we have some error handling. If your credentials where not correct you 
get a 401 error. Give back the error to the calling function so that the can 
warn the user for instance. </p><pre lang="cs">catch (WebException e)
    if (e.Status == WebExceptionStatus.ProtocolError)
        return "401";
        return "0";
<p>A last here is a 401 response. The official MSN client uses the 
"WWW-Authenticate" part to give back a nice error message. </p><PRE class=server lang=text <code>HTTP/1.1 401 Unauthorized</CODE>\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Mon, 28 Okt 2003 11:58.03 GMT\r\n
PPServer: H: LAWPPIIS6B077\r\n
Connection: close\r\n
Content-Type: text/html\r\n
Expires: Mon, 15 Sep 2003 07:57:14 GMT\r\n
Cache-Control: no-cache\r\n
cachecontrol: no-store\r\n
Pragma: no-cache\r\n
PassportConfig: ConfigVersion=11\r\nWWW-Authenticate: Passport1.4 
Content-Length: 390\r\n\r\n
<h2>Points of Interest</h2>
<p>I noticed that this code won't work when you are trying to connect multiple 
times. I'm still finding what is causing the error. (I there is a delay in 
connecting another account it works quit well) 
<p>So now you have read this article you can make your own program that connects 
to the MSN server. I'm currently expanding our MSN client, maybe some day it 
will be freeware. If you want some more explanation or have some comments, <a>Email</a> me </p>


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Paul Wijntjes (dominion99)
Software Developer (Senior) Traxion
Netherlands Netherlands
I am 27 year and live in the Netherlands. I have graduated in 2004, for the study Computer Science. After my study I have started working as a Technical Consultant in the Identity & Access management branch (

I have acquired my MCSE and MCSD certifications. Currently I developing a lot of cool things in .NET & Java, I'm also upgrading my certifications to .NET 2.0.

I am the main programmer for the product that we are developing within our company it's called the IM Sequencer (Formally known as the MIIS Sequencer). This product enables users to control the execution from the management agents in MIIS (Microsoft Identity Integration Server) or as it is called now ILM 2007 (Identity Lifecycle Manager 2007) it also generates extensive reports that contains all the results from the management agents that enables administrators to easily track down errors or failures.

Check out the products website There are allot of cool features implemented, is uses WMI to connect and communicate with MIIS \ ILM, threading to execute multiple agents, XSLT for reporting transformation, XML for configuration, WinForms for displaying and Win Service for the scheduler engine, very cool!

You can reach me at

You may also be interested in...

Comments and Discussions

Generalhepinizin amina koyiyim Pin
esra nildem22-Jul-05 6:27
sussesra nildem22-Jul-05 6:27 
Confused | :confused: ne sikime yarıyo lan bu kodlar...
bi tanede türkçe açıklama yapsanız ölürmüsünüz ibneler....
Sikimin antenleri.... ne boka yarıyo laan bu kodlar ??
cevap versenize yawşaklar !!!
AnswerRe: hepinizin amina koyiyim Pin
can16358p17-Feb-07 1:12
membercan16358p17-Feb-07 1:12 
GeneralRe: hepinizin amina koyiyim Pin
İsmail Durmaz15-Dec-07 15:30
memberİsmail Durmaz15-Dec-07 15:30 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web04 | 2.8.190214.1 | Last Updated 28 Oct 2003
Article Copyright 2003 by Paul Wijntjes (dominion99)
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid