For some purposes we needed to fetch data from an authenticated page of ASP.NET. When I try to browse that page it go to the login page. In the login page there have user name and password field and want to login to the page clicking on submit button.
In this case when user type user name and password and submit then in server side there has code on button click handler to check user name and password. So for authenticating to the page using
HTTPWebRequest
we need to know how ASP.NET send event to submit click handler. ASP.NET page has two hidden variables understand from server-side which button is clicked. Collapse
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
And also when button is clicked then a javascript function is called which set the name of the button in
__EVENTTARGET
and command argument in_EVENTARGUMENT
Collapse
function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } }
So if we set the
__EVENTTARGET
value as button name then in server side of ASP.NET page life cycle it it raise postback event and call the Button event with the argument. You can see the button argument to understand which event is set to __EVENTARGUMENT
hidden variable. The page which we want to authenticate have nothing as command argument. so it go as empty string. So when we request data we have to send username, password, and also __EVENTARGET as button name and __EVENTARGUMENT
as empty string. Then it will call the Button
event with user name and password.Our used HTTP web request class looks like this
Collapse
public WebPostRequest(string url, CookieContainer cookieContainer) { theRequest = (HttpWebRequest)WebRequest.Create(url); theRequest.CookieContainer = cookieContainer; theRequest.Method = "POST"; theQueryData = new ArrayList(); } public void Add(string key, string value) { theQueryData.Add(String.Format("{0}={1}", key, HttpUtility.UrlEncode(value))); }
Here you can see it create a request and set the cookie container with give cookie. As we are authenticating the page so authenticated session is stored in cookie. So we need to assign the cookie container were cookies will be stored so that sending the same cookie we can request other page which we want to actually request.
So for first time when we want to login to the page then the we create the request like
Collapse
CookieContainer cookieContainer = new CookieContainer(); WebPostRequest myPost = new WebPostRequest( http://samplehost/sample/LoginAdmin.aspx, cookieContainer); myPost.Add("LoginAdmin$UserName", "username"); myPost.Add("LoginAdmin$Password", "password"); myPost.Add("__EVENTTARGET", "LoginAdmin$SubmitButton"); myPost.Add("__EVENTARGUMENT", ""); myPost.GetResponse();
You can see here a cookie container is added and trying to authenticate by calling LoginAdmin.aspx page adding query data . Now when we try to GetResponse with post request then it will fill the cookie information in the cookie container. So next time we will send this cookie container for request and the site will treat me as authenticated user. So the response code here
Collapse
public string GetResponse() {// Set the encoding type theRequest.ContentType = "application/x-www-form-urlencoded"; // Build a string containing all the parameters string Parameters = String.Join("&", (String[])theQueryData.ToArray(typeof(string))); theRequest.ContentLength = Parameters.Length; // We write the parameters into the request StreamWriter sw = new StreamWriter(theRequest.GetRequestStream()); sw.Write(Parameters); sw.Close(); // Execute the query theResponse = (HttpWebResponse)theRequest.GetResponse(); StreamReader sr = new StreamReader(theResponse.GetResponseStream()); HttpStatusCode code = theResponse.StatusCode; return sr.ReadToEnd(); }
from the response string you can understand that you have authenticated to the page. But other target page was not the LoginAdmin.aspx. We called this page for authentication and also get authenticated cookie in our cookie container. So now we can send request again with then same cookie container to get the output of desired page.
Collapse
myPost = new WebPostRequest("http://samplehost/sample/Targetpage.aspx", cookieContainer); myPost.Add("ctl00$cphPage$txtDate", "04/11/2010"); myPost.Add("__EVENTTARGET", "ctl00_cphPage_btnSend"); myPost.Add("__EVENTARGUMENT", ""); string FinalRespose = myPost.GetResponse();
So far I have discussed here how we can request a authenticated authenticated ASP.NET authenticated page using HTTPWebRequest to fetch data from code. After that we can do anything with the retrieved output.
No comments:
Post a Comment