Extracting String Info from WebRequest Cookie

[James Johnson]

Dear C#dex,

I define a variable: HttpWebRequest webRequest and run the following
request

webRequest = WebRequest.Create(TARGET_URL) as HttpWebRequest;

The webRequest object returns values and in the debugger I can see the
value I want in the property

webRequest._ChallengedUri.AbsoluteUri;

However that property is protected and not available outside of the
debugger. Does anyone have a suggestion how I might obtain programmatic
access to the property or a similar public property that contains the
same info?

Thanks,

James J.

 

[Scott Allen]

Hi James:

Are you looking for a cookie value? You can attach a CookieContainer
instance to your request and then iterate through the collection of
Cookie objects.

 

[Joerg Jooss]

Dear C#dex,

I define a variable: HttpWebRequest webRequest and run the following
request

webRequest = WebRequest.Create(TARGET_URL) as HttpWebRequest;

The webRequest object returns values and in the debugger I can see the
value I want in the property

webRequest._ChallengedUri.AbsoluteUri;

Um... what exactly is in there you'd like to have as well?

Cheers,

 

[James Johnson]

Dear Joerg

The property

webRequest._ChallengedUri.AbsoluteUri;

contains a uri such as "http://localhost/FirstProject/WebForm4.aspx"

I am trying to figure out how to extract that string. I have tried to
get something in a cookie container

webRequest = WebRequest.Create(TARGET_URL) as HttpWebRequest;
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.CookieContainer = cookies;

// write the form values into the request message
StreamWriter requestWriter = new
StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();

// we don't need the contents of the response, just the cookie it
issues
webRequest.GetResponse().Close();

System.Net.CookieCollection myCookieColl =
webRequest.CookieContainer.GetCookies(siteUri);

I can get a value for a cookie from myCookieColl in the debugger, but it
is encoded (e.g. "t0m2qf55lelfzo55xsuxdi55") and there is no exposed
Item[] property for myCookieColl that would enable me to step through
the cookies, so I am stuck at present. I can't figure out how to get a
cookie out of the collection and I can't figure out how to decode the
Value.

Thanks,

James J.

 

[Joerg Jooss]

Dear Joerg

The property


contains a uri such as "http://localhost/FirstProject/WebForm4.aspx"

I am trying to figure out how to extract that string.

I just wonder why would want to extract low level implementation of the
HttpWebRequest -- what part of the request do you need to figure out that
you do not or can not control?

I have tried to
get something in a cookie container

webRequest = WebRequest.Create(TARGET_URL) as HttpWebRequest;
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.CookieContainer = cookies;

// write the form values into the request message
StreamWriter requestWriter = new
StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();

// we don't need the contents of the response, just the cookie it
issues
webRequest.GetResponse().Close();

System.Net.CookieCollection myCookieColl =
webRequest.CookieContainer.GetCookies(siteUri);

I can get a value for a cookie from myCookieColl in the debugger, but
it is encoded (e.g. "t0m2qf55lelfzo55xsuxdi55") and there is no
exposed Item[] property for myCookieColl that would enable me to step
through the cookies, so I am stuck at present. I can't figure out
how to get a cookie out of the collection and I can't figure out how
to decode the Value.

CookieCollection *does* have in indexer. See
http://msdn.microsoft.com/library/d...rfsystemnetcookiecollectionclassitemtopic.asp

Cheers,

 

[James Johnson]

Well, I have discovered that all you have to do to reference a cookie in
a cookie collection is to provide an index directly to the cookie
collection such as:

Cookie cookie = myCookieColl[0];

However, I still face the problem of the cookie.Value being encoded. Is
it bytes? Is it encrypted? How do you deal with the value and decode
it?

Thanks,

James J.

 

[Joerg Jooss]

Well, I have discovered that all you have to do to reference a cookie
in a cookie collection is to provide an index directly to the cookie
collection such as:

Cookie cookie = myCookieColl[0];

If you're coming from VB.NET: You don't use the Item property in C#.
Instead, you access an item within a collection using the [] operator (aka
indexer), similar to accessing array items.

In additon to accessing a cookie by index, you can also access it by name.

Cookie cookie = myCookieColl["DeliciousCookie"];

However, I still face the problem of the cookie.Value being encoded.
Is it bytes? Is it encrypted? How do you deal with the value and
decode it?

Cookie.Value delivers the value "as is". You have to check with the
server-side application developers how they encoded or encrypted the
value -- chances are, they're not going to tell you ;-)

Cheers,

 

[James Johnson]

How about it Scott? You are the guy that suggested that I don't need
the contents of the response, just the cookie it issues. How do I get
the Uri out of the cookie?

Thanks,

James J.

 

[Joerg Jooss]

Well, I have discovered that all you have to do to reference a cookie
in a cookie collection is to provide an index directly to the cookie
collection such as:

Cookie cookie = myCookieColl[0];

If you're coming from VB.NET: You don't use the Item property in C#.
Instead, you access an item within a collection using the [] operator
(aka indexer), similar to accessing array items.

In additon to accessing a cookie by index, you can also access it by
name.
Cookie cookie = myCookieColl["DeliciousCookie"];

However, I still face the problem of the cookie.Value being encoded.
Is it bytes? Is it encrypted? How do you deal with the value and
decode it?

Cookie.Value delivers the value "as is". You have to check with the
server-side application developers how they encoded or encrypted the
value -- chances are, they're not going to tell you ;-)

OK, I just read the entire thread again because I somehow missed James'
original posting, but I still don't get why should have
webRequest._ChallengedUri.AbsoluteUri anything to do with your cookie's
value? If you want to get retrieve local cookies, call

CookieCollection cookies = CookieContainer.GetCookies(new
Uri("http://localhost/"));

Cheers,

 

[Scott Allen]

Hi James:

I was assuming (assumptions are bad I know) from the title of the post
that the value you needed was ultimately stored in the cookie. If the
server side developers decided the cookie contents need to be
encrypted, than as Joerg pointed out you'd have to ask them about it.

I wasn't quite sure why you were trying to peek at
_ChallengedUri.AbsoluteUri, but I'm guessing now that is because you
need to know some URL, and that URL is not the TARGET_URL used when
you create the WebRequest. If the WebRequest is bouncing around
between URLs, you can set the AllowAutoRedirect property of
HttpWebRequest to false and parse the redirects yourself.

If that's not what you are looking for, perhaps you could try to
rephrase the question? I guess I'm not entirely sure what you are
looking for.

Apologies for the confusion,

 

[James Johnson]

Dear Scott,

Here is a quote from your code in the article you referenced.

// we don't need the contents of the response, just the cookie it issues
webRequest.GetResponse().Close();

// now we can send out cookie along with a request for the protected
page
webRequest = WebRequest.Create(SECRET_PAGE_URL) as HttpWebRequest;
webRequest.CookieContainer = cookies;
responseReader = new
StreamReader(webRequest.GetResponse().GetResponseStream());

Maybe I am making an erroneous assumption here, but I assumed that
SECRET_PAGE_URL came from the cookie. Otherwise I don't know how you
get the new URL. Also I can see the response URI in the webRequest
object in the _ChallengedUri.AbsoluteUri property when I use the
debugger. That URI is the URI that I want. However, as I have
mentioned, I can't get it programmatically.

Thanks for your help,

James J.

 

[Scott Allen]

Hi James:

I think I might have picked a bad variable name.

In my article I knew both URLs I needed beforehand.

LOGIN_URL represents a login page with username / password textbox
controls for forms authentication.

SECRET_PAGE_URL represents a page protected by forms authentication. I
need to login before I can request the secret page succesfully. If I
don't log in the server won't let me see the page.

First I request LOGIN_URL first to get the viewstate values ASP.NET
expects me to post back. You would not nessecarily need to do this for
all sites.

Next I POST to the LOGIN_URL to simulate a user logging in with a web
browser, that is a username and password are sent as POST data for the
web application to parse out and verify. If succesful, most forms
authentication schemes will send a cookie down in the response
headers. You can think of this cookie as a ticket. The ticket gives
you access to protected pages on the site, but in order to get the
protedted pages you have to present the ticket to the server. There is
really nothing I had to get out of the cookie, I just need the cookie
so I can prove I authenticated.

In order to reach the SECRET_PAGE_URL then, which is nothing more than
some page protected by forms authentication, I send the cookie value
along with the request. The server code sees this cookie and realizes
I have succesfully logged in previously, so it responds with the HTML
for the secret page.

Am I making any sense?