Monday, January 10, 2011

Fetching ASP.NET authenticated page with HTTPWebRequest


For some purposes we needed to fetch data from an authenticated page of asp.net. When I try to browse that page it go to the login page. In the login page there have user name and password field and want to login to the page clicking on submit button.
In this case when user type user name and password and submit then in server side there has code on button click handler to check user name and password. So for authenticating to the page using HTTPWebRequest we need to know how ASP.NET send event to submit click handler. ASP.NET page has two hidden variables understand from server-side which button is clicked.
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />

And also when button is clicked then a javascript  function is called which set the name of the button in __EVENTTARGET and command argument in _EVENTARGUMENT




function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}

So if we set the __EVENTTARGET value as button name then in server side of ASP.NET page life cycle it it raise postback event and call the Button event with the argument. You can see the button argument to understand which event is set to __EVENTARGUMENT hidden variable. The page which we want to authenticate have nothing as command argument. so it go as empty string. So when we request data we have to send username, password, and also __EVENTARGET as button name and   __EVENTARGUMENT as empty string. Then it will call the Button event with user name and password.


Our used HTTP web request class looks like this




public WebPostRequest(string url, CookieContainer  cookieContainer) 
{
theRequest = (HttpWebRequest)WebRequest.Create(url);
theRequest.CookieContainer = cookieContainer;
theRequest.Method = "POST";
theQueryData = new ArrayList();
}
public void Add(string key, string value)
{
theQueryData.Add(String.Format("{0}={1}", key, HttpUtility.UrlEncode(value)));
}

Here you can see it create a request and set the cookie container with give cookie. As we are authenticating the page so authenticated session is stored in cookie. So we need to assign the cookie container were cookies will be stored so that sending the same cookie we can request other page which we want to actually request.


So for first time when we want to login to the page then the we create the request like




CookieContainer cookieContainer = new CookieContainer(); 
WebPostRequest myPost = new WebPostRequest(http://samplehost/sample/LoginAdmin.aspx, cookieContainer);
myPost.Add("LoginAdmin$UserName", "username");
myPost.Add("LoginAdmin$Password", "password");
myPost.Add("__EVENTTARGET", "LoginAdmin$SubmitButton");
myPost.Add("__EVENTARGUMENT", "");
myPost.GetResponse();

You can see here a cookie container is added and  trying to authenticate by calling LoginAdmin.aspx page adding query data . Now when we try to GetResponse with post request then it will fill the cookie information in the  cookie container . So next time we will send this cookie container for request and the site will treat me as authenticated user. So the response code here




public string GetResponse() 
{// Set the encoding type
theRequest.ContentType = "application/x-www-form-urlencoded";
// Build a string containing all the parameters
string Parameters = String.Join("&", (String[])theQueryData.ToArray(typeof(string)));
theRequest.ContentLength = Parameters.Length;
// We write the parameters into the request
StreamWriter sw = new StreamWriter(theRequest.GetRequestStream());
sw.Write(Parameters);
sw.Close();
// Execute the query
theResponse = (HttpWebResponse)theRequest.GetResponse();
StreamReader sr = new StreamReader(theResponse.GetResponseStream());
HttpStatusCode code = theResponse.StatusCode;
return sr.ReadToEnd();
}

from the response string you can understand that you have authenticated to the page.


But other target page was not the LoginAdmin.aspx. We called this page for authentication and also get authenticated cookie in our cookie container . So now we can send request again with then same cookie container to get the output of desired page.




myPost = new WebPostRequest("http://samplehost/sample/Targetpage.aspx", cookieContainer); 
myPost.Add("ctl00$cphPage$txtDate", "04/11/2010");
myPost.Add("__EVENTTARGET", "ctl00_cphPage_btnSend");
myPost.Add("__EVENTARGUMENT", "");
string FinalRespose = myPost.GetResponse();

So far I have discussed here how we can request a authenticated authenticated asp.net authenticated page using HTTPWebRequest to fetch data from code. After that we can do anything with the retrieved output.

No comments:

Post a Comment