Session Cookie and HttpWebResponse


K

Karsten Grombach

Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver (asp
3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by the
remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I
was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie
to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebRequest.Create(urlRed),
HttpWebRequest)
wReq.ContentType = "application/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.SessionID
sPostData = sPostData & "&USERNAME=" & HttpUtility.UrlEncode("myuser")
sPostData = sPostData & "&password=" & HttpUtility.UrlEncode("mypassword")
sPostData = sPostData & "&language=" & HttpUtility.UrlEncode("DE_AT")

Dim enc As System.Text.Encoding = System.Text.Encoding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sPostData)
wReq.ContentLength = bPostBuffer.Length
Dim streamPostData As Stream = wReq.GetRequestStream()
streamPostData.Write(bPostBuffer, 0, bPostBuffer.Length)
streamPostData.Close()

Dim wResp As HttpWebResponse = CType(wReq.GetResponse(), HttpWebResponse)
Dim responseStream As StreamReader = New
StreamReader(wResp.GetResponseStream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream.ReadToEnd()wResp.Close()
responseStream.Close()

Response.Write(html)

Thanks and Regards
Karsten
 
Ad

Advertisements

P

Philip Q [MVP]

You can't really pass the session cookie, or any form of cookie. This is
because cookies have certain security on them which means that only the
domain/application that assigned them, can get them (this was at the centre
of a Passport hack a few years ago).
Instead, you can pass the variables in to a querystring on the request, or
you can use a stateserver/sql server to store the cookie data and have both
webservers get the information off that.
 
K

Karsten Grombach

Hi Philip,

Thanks for your reply, but I don't quite understand you...
Using the sateserver/sqlserver is no option as we cannot change the legacy
asp application to use that anymore..
Do I have to pass my current (asp.net ) session ID with the
querystring/postdata to the asp application?
Regards
Karsten


Philip Q said:
You can't really pass the session cookie, or any form of cookie. This is
because cookies have certain security on them which means that only the
domain/application that assigned them, can get them (this was at the centre
of a Passport hack a few years ago).
Instead, you can pass the variables in to a querystring on the request, or
you can use a stateserver/sql server to store the cookie data and have both
webservers get the information off that.

--
Philip Q
Microsoft MVP [ASP.NET]
http://aspalliance.com/wisemonk/

Karsten Grombach said:
Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver (asp
3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by the
remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I
was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie
to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebRequest.Create(urlRed),
HttpWebRequest)
wReq.ContentType = "application/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.SessionID
sPostData = sPostData & "&USERNAME=" & HttpUtility.UrlEncode("myuser")
sPostData = sPostData & "&password=" & HttpUtility.UrlEncode("mypassword")
sPostData = sPostData & "&language=" & HttpUtility.UrlEncode("DE_AT")

Dim enc As System.Text.Encoding = System.Text.Encoding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sPostData)
wReq.ContentLength = bPostBuffer.Length
Dim streamPostData As Stream = wReq.GetRequestStream()
streamPostData.Write(bPostBuffer, 0, bPostBuffer.Length)
streamPostData.Close()

Dim wResp As HttpWebResponse = CType(wReq.GetResponse(), HttpWebResponse)
Dim responseStream As StreamReader = New
StreamReader(wResp.GetResponseStream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream.ReadToEnd()wResp.Close()
responseStream.Close()

Response.Write(html)

Thanks and Regards
Karsten
 
Ad

Advertisements

K

Karsten Grombach

when using a proxy page, the solution is quite simple: just add hidden input
fields and submit them to the legacy server..
i don't really like the javascript part, but after having spent an afternoon
and a morning trying to solve this, i won't complain...

thanks all, for helping me!

here my proxpage which gets set to the iframe src attribute..

<%@ Page Language="vb" AutoEventWireup="false"
Codebehind="airmanagerproxy.aspx.vb" Inherits="TestWeb.airmanagerproxy"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>airmanagerproxy</title>
<meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">
<meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</head>
<body MS_POSITIONING="GridLayout" >
<script language=javascript>
function submitIt()
{

document.proxyForm.action="https://book.bla.at/AM/business/AT/booking/asp/lo
gin.asp";
document.proxyForm.method="POST"

document.proxyForm.submit();

}
window.setTimeout("submitIt()",2000);

</script>
<form id="proxyForm" method="post" runat="server">
</form>
</body>
</html>

CodeBehind:
Imports System.Web.UI.HtmlControls
Public Class airmanagerproxy
Inherits System.Web.UI.Page
#Region " Vom Web Form Designer generierter Code "

'Dieser Aufruf ist für den Web Form-Designer erforderlich.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()
End Sub

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
InitializeComponent()
End Sub
#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
' Hier Benutzercode zur Seiteninitialisierung einfügen
Me.EnableViewState = False

' create the hiddenfields
' values are still hardcoded
Dim userName As HtmlInputHidden = New HtmlInputHidden()
userName.Name = "USERNAME"
userName.ID = "USERNAME"
userName.Value = "xxx"
Dim password As HtmlInputHidden = New HtmlInputHidden()
password.Name = "password"
password.ID = "password"
password.Value = "xxx"
Dim language As HtmlInputHidden = New HtmlInputHidden()
language.Name = "language"
language.ID = "language"
language.Value = "DE_AT"

' add the hiddenfields to the form
Dim form As Control = Me.FindControl("proxyForm")
form.Controls.Add(userName)
form.Controls.Add(password)
form.Controls.Add(language)

End Sub
End Class
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top