Help...Replicating IE HTTP protocol to communicate with ASP.NET


Tim Smith


We have an ASP.NET web application which is suffering performance
problems. Since setting up robot scripting interacting with the
browser would take a while I hoped I could open a two-way socket with
IIS and replicate the HTTP session information e.g. starting out with

POST / HTTP/1.1\r\n
Accept-Language: en-us\r\n
ontent-Type: application/x-www-form-urlencoded\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.0.3705)\r\n
ontent-Length: 68\r\n
Connection: Keep-Alive\r\n
Cache-Control: no-cache\r\n

When I network sniff IE I see the ASPSESSIONIDAAADTQR, without it I
get a security timeout from the server. I could probably comment out
that code but can I generate than value from somewhere?? Do I need
more than the SessionId to make this work. Is this all even possible?

Roger Willcocks

Make an initial request to the server, no cookie, to an unsecured page
then the response should contain a Set-Cookie: header that will tell you
what to use.

ASPSESSIONID<STUFF> is for ASP not ASP.NET session management
the <STUFF> bit changes every time the server/site process restarts

bruce barker

if you do the first GET, will send the cookie values need for the
rest of the session. to do postback (POST) you will need to send the hidden
__Viewstate field that came from the matching GET.

-- bruce (

Tim Smith

Ok, I do an intial request with no cookie info, I get back
Set-Cookie: ASP.NET_SessionId=5zaasakdhaksfg34; path=/

So on my next request, which is a POST of the login username and
password I include the session id variable. The login succeeds and
rerturns more cookies:


So on my next GET request I include
Cookie: ASP.NET-SessionId=5zaasakdhaksfg34;

The MyAppp seems to come from web.config - possibly related to forms
based authentication?

This is as far as I get - further requests for pages (mimicking my
browser) using the returned ids gives me errors:
HTTP/1.1 403 Forbidden

What could I be missing - what are the 403 errors specific to - lack
of authentication?

Tim Smith

When I use a network sniffer on IE - I do see a couple of fields that
are passed back, but they are empty? Is this passed as
application/x-www-form-urlencoded data? If the web page passes no
extra HTML or HTTP information - what else could be needed? I seem to
matching IE communication with my socket code.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question
