HttpWebRequest: Cookies question

[Jerry Rhodes]

When I run the code below, the web server tells me that I need to
enable cookies. Can anyone tell me what might be causing that? I'm
trying to POST userid and password to their login web page. Thanks!

Dim CookieJar As CookieContainer = New CookieContainer()
Dim WebReq As HttpWebRequest
Dim WebResp As HttpWebResponse
Dim StrmRdr As StreamReader
Dim StrmWrtr As StreamWriter
Dim PostParms As String
Dim URLString As String
Dim HTML as String
= "https://www.nordstrombanking.com/onlineserv/HB/Login.cgi"

WebReq = CType(WebRequest.Create(New Uri(URLString)),
HttpWebRequest)
WebReq.CookieContainer = CookieJar
WebReq.Credentials = CredentialCache.DefaultCredentials
WebReq.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; .NET CLR 1.0.3705)"
WebReq.KeepAlive = True
WebReq.Headers.Set("Pragma", "no-cache")
WebReq.Timeout = 30000
WebReq.Method = "POST"
WebReq.ContentType = "application/x-www-form-urlencoded"
PostParms = "userNumber=12345678&password=87654321&OK=submit&"
& _
"runmode=SIGN_IN&LAST_ACTIVE_URL="
WebReq.ContentLength = PostParms.Length
StrmWrtr = New StreamWriter(WebReq.GetRequestStream)
StrmWrtr.Write(PostParms)
StrmWrtr.Close()
WebResp = WebReq.GetResponse
StrmRdr = New StreamReader(WebResp.GetResponseStream)
HTML = StrmRdr.ReadToEnd.Trim
StrmRdr.Close()
WebResp.Close()

The source for the web page is:

<meta http-equiv="Pragma" Content="no-cache">
<meta http-equiv="Expires" Content="Tuesday, 14-Dec-1971 04:30:00
GMT">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<title>Internet Banking Timeout</title> <!-- for non-nav pages -->
<!--
<script language="JavaScript">
ldt = new Date;
inSubmit = 0;
function dofocus() {
document.Login.userNumber.focus();
inSubmit = 0;
}
function clear() {
document.Login.userNumber.value = "";
document.Login.password.value = "";
dofocus();
}
function formField1()
{
Ctrl = document.Login.userNumber;
if (Ctrl.value == "")
{
validatePrompt (Ctrl, "Please enter a valid Customer Number.")
return (false);
}
else
return (true);
}
function formField2()
{
bName = navigator.appName; // get version of Navigator
bVer = parseInt(navigator.appVersion);
// if Netscape 2.0 or below just get out
if (bName == "Netscape" && bVer < 3)
return (true);
Ctrl = document.Login.password;
if (Ctrl.value == "")
{
validatePrompt (Ctrl, "Please enter a Password.")
return (false);
}
else
return (true);
}
function runSubmit (form)
{
if (!formField1())
return false;

if (!formField2())
return false;
// Due to the re-direct from the timeout warning, this no longer
works.
// form.LAST_ACTIVE_URL.value = window.location.search;
document.cookie = "signonValid=TRUE; path=/";
return true;
}
function validatePrompt (Ctrl, PromptStr)
{
alert(PromptStr);
Ctrl.focus();
return;
}
// -->


</script>
</head>

<body bgcolor=white leftmargin=3 onload="dofocus()">

<div align="center">
<br><br>
<span class="mainTitle">Internet Banking Timeout</span>

<form autocomplete="OFF" name="Login" method="post"
action="./Login.cgi" onsubmit="return runSubmit(this)">

<table width="500" border="0">
<tr>
<td valign="top">

<span class="subtitle">For security reasons, your Internet Banking
session has timed out. Please login again by entering your customer
number and password here...<BR><BR>If you would like to increase your
session timeout please do so by clicking on the User Options button
inside of Internet Banking.</span>

<br><br>
</td>
<td valign="top" width="15"><br></td>
<td valign="top">
<table border="1">
<tr>
<td align="center">
<span class="sectionTitle">Customer Number</span><br>
<input type="hidden" name="runmode" value="SIGN_IN">
<input type="hidden" name="LAST_ACTIVE_URL" value="">&nbsp;
<input name="userNumber" size="16" maxlength="32"> &nbsp;
</td>
</tr>
<tr>
<td align=center>
<span class="sectionTitle">Password</span><br>&nbsp;
<input type="password" name="password" size="16" maxlength="8">
&nbsp;
</td>
</tr>
<tr>
<td align="center" valign="middle">
<input name="OK" type="submit" value=" Enter ">
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>



</div>

<!-- end of IB Timeout -->

</body>
</html>

 

[Joerg Jooss]

When I run the code below, the web server tells me that I need to
enable cookies. Can anyone tell me what might be causing that? I'm
trying to POST userid and password to their login web page. Thanks!

Dim CookieJar As CookieContainer = New CookieContainer()
Dim WebReq As HttpWebRequest
Dim WebResp As HttpWebResponse
Dim StrmRdr As StreamReader
Dim StrmWrtr As StreamWriter
Dim PostParms As String
Dim URLString As String
Dim HTML as String
= "https://www.nordstrombanking.com/onlineserv/HB/Login.cgi"

WebReq = CType(WebRequest.Create(New Uri(URLString)),
HttpWebRequest)
WebReq.CookieContainer = CookieJar
WebReq.Credentials = CredentialCache.DefaultCredentials
WebReq.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; .NET CLR 1.0.3705)"
WebReq.KeepAlive = True
WebReq.Headers.Set("Pragma", "no-cache")
WebReq.Timeout = 30000
WebReq.Method = "POST"
WebReq.ContentType = "application/x-www-form-urlencoded"
PostParms = "userNumber=12345678&password=87654321&OK=submit&"
& _
"runmode=SIGN_IN&LAST_ACTIVE_URL="
WebReq.ContentLength = PostParms.Length
StrmWrtr = New StreamWriter(WebReq.GetRequestStream)
StrmWrtr.Write(PostParms)
StrmWrtr.Close()
WebResp = WebReq.GetResponse
StrmRdr = New StreamReader(WebResp.GetResponseStream)
HTML = StrmRdr.ReadToEnd.Trim
StrmRdr.Close()
WebResp.Close()

The source for the web page is: [...]
function runSubmit (form)
{
if (!formField1())
return false;

if (!formField2())
return false;
// Due to the re-direct from the timeout warning, this no longer
works.
// form.LAST_ACTIVE_URL.value = window.location.search;
document.cookie = "signonValid=TRUE; path=/"; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


return true;
}

Ah, the josys of remote controlling some third-party web app ;-)

You didn't reverse engineer the web form completely. Your code does not set
this cookie. Adding it to your cookie container should do the trick.

Cheers,

 

[Jerry Rhodes]

Joerg,

Thank you very, very much for your response. What would a developer in
the MS world do without Google and people like you??? Your idea got me
past the cookie question. Now the only HTML I'm getting back is below.
"HomeBanking" is the final destination page, but who knows what happened
in the web server. Thanks again!!
<html>
<head>
<meta http-equiv="refresh" content="25;url=html/JavaScriptError.html">
<script language="JavaScript">
<!--
location.href = "HomeBanking.cgi";
// -->
</script>
</head>
<body>
</body>
</html>

 

[Joerg Jooss]

Joerg,

Thank you very, very much for your response. What would a developer
in the MS world do without Google and people like you??? Your idea
got me past the cookie question. Now the only HTML I'm getting back
is below. "HomeBanking" is the final destination page, but who knows
what happened in the web server. Thanks again!!

Jerry,

so HomeBanking.cgi gets you there? Great. Never mind the weird architecture
they're using. When I looked at their home page, I found a number of funny
things nobody in my team would implement if he knew what's good for him ;-)

Cheers,