Sample forms authentication test in C#

Posted: Aug 23, 2006  20 comments  

Average Rating

Tags
FormsAuthentication

Kanwaljeet Singla's Blog RSS

ksingla
Contact Me

This sample test is doing the following:
1. Sending request to a page which requires forms authentication. This results in 302 to login page.
2. Send request to login page.
3. Parse response from 2 and create response entity containing username/password to be used in next post request to login page.
4. Do a POST to login page. If successful this should return a 302 with Set-Cookie and location header.
5. Send request to location pointed to in last response (this is original page we requested in 1) with request cookie as returned in 4. Read more ...

View the original post

Comments

  1. vbbcvbvbc
    August 15, 2007

    cvbcvbvcbcvb
  2. dotnetuncle
    August 21, 2007

    Pretty Interesting. Tried it!
  3. Maurizio Poletto
    October 15, 2007

    Hi Singla

    I have used your code for testing a forms authentication.

    The last request.GetResponse() (see below) including the cookie exits always for timeout. I am sure about the url so that I would ask you your opinion about the solution of this drawback.

    Best regards.

    //

    // Send request to originalUri with the cookie

    // We should be able to see originalUri contents

    //

    //Requesting http://localhost" + locationHeader + " with cookie");

    request = (HttpWebRequest)WebRequest.Create("http://localhost" + locationHeader);

    request.AllowAutoRedirect = false;            request.Headers.Add(HttpRequestHeader.Cookie, cookie);

    response = (HttpWebResponse)request.GetResponse();
  4. ksingla
    October 17, 2007

    Maurizio,

    Can you try disabling forms authentication and sending a request so that you can know if problem occurs only in forms authentication scenario or if there is some wrong with application?

    Thanks.

    Kanwal
  5. Steven Gieng
    December 5, 2007

    Kanwaljeet,

    This was exactly what I was looking for. Thanks for this.

    Just a question though, what was the point of this section of code

               Stream requestStream = request.GetRequestStream();

               requestStream.Write(requestData, 0, requestData.Length);

               requestStream.Close();

    Also, I haven't really figured this out yet, but when is the postString (with username/password) stored in the request? I only see the code that determines the lenght of it.
  6. Dale Sides
    December 30, 2007

    I have tried your app and I can get logged in and I see the asp.ASPXFORMSAUTH cookie is returned and I include that ticket on my post back and I get returned back to the logon.aspx page again.

    I modified the code to include a CookieContainer object to store the cookies that is returned and return the associated cookies and can tell that the cookies are getting added to the container and a Status Code 500 is returned. Is there any way you can post a working sample? I have screwed with this for about 3 or 4 days now and can not get it working.

    Thanks in advance.
  7. ksingla
    January 3, 2008

    Steven,

    request.GetRequestStream() is called for the POST request and the returned request stream is then to put the data which need to be sent to the server. requestData is the postString containing username/password and requestStream.Write() call is puting this poststring in request.

    Thanks,

    Kanwal
  8. ksingla
    January 3, 2008

    Dale Sides,

    If I understand you correctly, you want to make this sample work using HttpWebRequest.CookieContainer. Here is what you need to do.

    Instead of getting into cookie parsing, lets read the cookie returned in the response using HttpWebResponse.Cookies instead of reading Set-Cookie header. This property is not valid if CookieContainer property of HttpWebRequest object which was used was null. So after each WebRequest.Create calls, add the following.

    request.CookieContainer = new CookieContainer();

    Here is how you get CookieCollection from HttpWebResponse.

    trace.WriteLine("Location header is " + locationHeader);

    CookieCollection cookies = response.Cookies;

    Below is how you can add Cookies to HttpWebRequest.

    //request.Headers.Add(HttpRequestHeader.Cookie, cookie);

    request.CookieContainer = new CookieContainer();

    foreach (Cookie oneCookie in cookies)

    {

       request.CookieContainer.Add(oneCookie);

    }

    With these changes, sample should work just fine.

    Thanks.

    Kanwal
  9. Anonymous
    July 3, 2008

    I had the same problem as Dale Sides (using the original script).

    However the solution of using CookieCollection just work fine

    Thank you very much
  10. Anonymous
    August 6, 2008

    Great article, helped alot.  Thanks!

    NOTE, however:  Be sure to call "response.Close()" after you're done with each response!!  Has to be done before calling the next "request.GetRequestStream()" or the request could (will) time out.  (Works perfectly w/ localhost WS, was timing out on me hitting remote WS.)  See forums.msdn.microsoft.com/.../98460ac0-d7c8-4775-866a-4375f82ec131

    Cheers.
  11. Anonymous
    August 21, 2008

    I have tried it on an asp.net site and it works! Thanks. But I am not able to get data from a non asp.net site. Could you please post the code for this.

    Thanks in advance
  12. Anonymous
    October 16, 2008

    Excellent post. Thanks for the code.

    CookieCollection fix worked for me.

    Gareth

    garethroberts.blogspot.com
  13. Anonymous
    November 7, 2008

    I got the code working and thank you very much. I am getting the response stream from the secure page. I know need to display this page in a webBrowser control on a winform.

    I can get the page to display but link on the page will not work. I am passing the response stream to the webbrowser.documentstream property and stuffing the set cookie  (from the post 302 return) in the webbrowser.document.cookie property.

    Still no luck, any help would be appreciated.

    Thank you very much, Yves
  14. Anonymous
    December 4, 2008

    In my case, when I perform the HttpWebRequest with the specified MethodType="POST", the HttpWebResponse is OK as opposed to FOUND, which I believe is why the location header is null.  Any thoughts as to why I would receive a 200 response as opposed to 302?
  15. Anonymous
    December 9, 2008

    Just what I needed... anyway, just a question, i'm doing something like this, only, my website requires request headers only, and not actually post the username and password.  could anyone please help me...
  16. Anonymous
    January 21, 2009

    The last WebRequest keeps timing out.  I have tried with and without using a CookieContainer, but have had no luck.  Any thoughts as to how I can get a secure response as opposed to timing out?
  17. Eugenio Miro
    February 3, 2009

    Hi there,

    I was adapting this sample to fit my site's page and it worked with Visual Studio 2008 development environment.

    After I pointed the test to my development server which is an IIS 6.0 and there I started to get requests timeouts.

    I can still read my resulting page in Visual Studio 2008 test server without code modification, but IIS 6.0 times out.

    Any clue about this?

    Thanks in advance.

    Eugenio
  18. Anonymous
    February 16, 2009

    Is there any way to use this to get around windows authentication?  I've got a login and password for the site but I'm trying to screen scrape a little of the data to automate a process and can not get around the NTFS style login.
  19. shanwajsk
    April 23, 2009

    Hi kanwaljeet

     Actually I am sending a report  page as email in my application which is forms authentication.

      The originaluri is http:l//localhost/abc/xyz/report.aspx and the login url is localhost/.../login.aspx

     In my application the user will get company.aspx page after login then he should select the company name from given dropdown,after selecting company only he will redirect to specified page.

     I tried your code,it is successfully loged in and redirected to company.aspx page.In aspx page the company selection will be the user choice ,so I could not pass the parameter to company.aspx page.how can i do this,Please suggest me
  20. shanwajsk
    April 29, 2009

    Hi Kanwaljeet,

      Thanks for your reply,Here I am passing the company name with query string to each and every page except login and company pages.

    When I tried to send report with the help of your article it was sending company.aspx.

    my report url is like

      localhost/.../repQuotation.aspx & vno & "&Value=" & DecryptUserValue() & "&cp=" & ecCompany()

    In above link cp is company name.

    I tried a lot to make it success but I could't ,

    I struck here,Please help me

Submit a Comment