Can't get Set-Cookie headers after posting to Forms Auth. login page

Discussion in 'ASP .Net' started by =?Utf-8?B?SWdneSBFdmFucw==?=, Apr 24, 2004.

  1. Hi

    My app is trying to login to an ASP.NET site that uses Forms authentication. I am trying to do in my app (what was previously posted in a newsgroup) the same that a browser does
    3) The browser requests the login page specified
    4) The server responds with the login pag
    5) The user fills in the login page and submits the form, so the browser POSTs the form back to the login pag
    6) If the credentials are valid, the server responds with another "302 Page Moved" status, a Location header pointing to protected.aspx, and a Set-Cookie header providing the encrypted Forms Authentication Ticket

    I build a Post request to login.aspx and use HttpWebRequest to send it. I use HttpWebResponse to get the response

    I have sent the proper login & password & VIEWSTATE info and all that stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found" with 3 Set-Cookie Headers. The web site redirects me to default.aspx; the trace shows my side (IIS?) sending a GET request for default.aspx, and that's what my app gets in my HttpWebResponse object. The problem is that I don't get logged in because this automatic GET request (below my app somewhere) doesn't get the cookies from the "302 Found" response and send it with the request; I know this because I run the trace and do the same steps from a browser, and in that session, the cookies get passed properly in the 'GET default.aspx' request

    The HttpWebResponse object has a ContinueDelegate property, where I can provide a delegate method that's called when a HTTP 100 Continue response is received, but nothing for a "302 Found" response

    Any ideas how to solve this? This is a show-stopper for me. I have a standard setup: VS.NET 2003 on XP Pro with IE 6.0 SP1

    Thanks in advance
    Iggy Evans
     
    =?Utf-8?B?SWdneSBFdmFucw==?=, Apr 24, 2004
    #1
    1. Advertising

  2. =?Utf-8?B?SWdneSBFdmFucw==?=

    Joerg Jooss Guest

    Iggy Evans wrote:
    > Hi,
    >
    > My app is trying to login to an ASP.NET site that uses Forms
    > authentication. I am trying to do in my app (what was previously
    > posted in a newsgroup) the same that a browser does: 3) The browser
    > requests the login page specified. 4) The server responds with the
    > login page 5) The user fills in the login page and submits the form,
    > so the browser POSTs the form back to the login page 6) If the
    > credentials are valid, the server responds with another "302 Page
    > Moved" status, a Location header pointing to protected.aspx, and a
    > Set-Cookie header providing the encrypted Forms Authentication
    > Ticket.
    >
    > I build a Post request to login.aspx and use HttpWebRequest to send
    > it. I use HttpWebResponse to get the response.
    >
    > I have sent the proper login & password & VIEWSTATE info and all that
    > stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found"
    > with 3 Set-Cookie Headers. The web site redirects me to default.aspx;
    > the trace shows my side (IIS?) sending a GET request for
    > default.aspx, and that's what my app gets in my HttpWebResponse
    > object. The problem is that I don't get logged in because this
    > automatic GET request (below my app somewhere) doesn't get the
    > cookies from the "302 Found" response and send it with the request; I
    > know this because I run the trace and do the same steps from a
    > browser, and in that session, the cookies get passed properly in the
    > 'GET default.aspx' request.


    The most simple explanation is that you didn't set a CookiContainer in your
    HttpWebRequest. If you don't, the framework won't process cookies and
    they're all lost.

    Cheers,
    --
    Joerg Jooss
     
    Joerg Jooss, Apr 24, 2004
    #2
    1. Advertising

  3. Brilliant. Thanks, Joerg, that worked

    Iggy
     
    =?Utf-8?B?SWdneSBFdmFucw==?=, Apr 25, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    712
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. 23s
    Replies:
    4
    Views:
    2,471
    Raterus
    Jul 3, 2004
  3. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    578
    Elton Wang
    Jan 8, 2005
  4. jazzdrums
    Replies:
    2
    Views:
    831
    jazzdrums
    Aug 28, 2007
  5. Eric
    Replies:
    2
    Views:
    575
Loading...

Share This Page