HttpWebRequest and Forms Authentication

[Matthew Judd]

I am using Forms Authentication on my site, this process mostly works fine.
The problem I am having is that I have a page that uses an HttpWebRequest
object to get the html generated from one of the aspx pages within my site,
which it then emails to somebody. The problem I have with this is that the
email gets the login page instead of the page I requested, because when I do
the WebRequest it gets sent to the forms authentication login page that I
have specified. I need to be able to get my WebRequest to bypass the forms
authentication for this request, but I do not know how. Any suggestions would
be appreciated.

Matthew Judd

 

[Jorge Matos]

You probably need to add the Forms Authentication cookie as a http header in
your request to the other web page. The WebRequest type has a "headers"
property that you can use to add the Forms Authentication cookie to - then
when you make the request with the WebRequest object, your forms auth cookie
will go along for the ride.

hth
Jorge

 

[Joe Kaplan \(MVP - ADSI\)]

Before that, you will probably need to make a separate request to the
authentication page and post some credentials so that you can get the cookie
value to begin with. It may be possible to hardcode a cookie value that
will work, but generally these things expire, so you'd probably need to get
one dynamically. Use an HTTP debugger like Fiddler to see the exact format
of the post so that you can replicate it in code.

In general, forms auth is not well suited for screen scraping or web
services-type of authentication. However, you can do it if you really want
to.

Joe K.

 

[Jorge Matos]

I didn't know about Fiddler - gotta look into that. I disagree about the
separate request though, if the user is already authenticated then you can
programmatically access the Forms Auth Cookie that is already present as a
header in the current request context, and since Matthew is hitting a web
page that is already in the site this should work. I agree with you only if
you are hitting an external web site that is using Forms Auth.

 

[Joe Kaplan \(MVP - ADSI\)]

I Agree with you as well. I missed the part about this being on the same
site and already having the cookie.

Fiddler is quite cool. I think you will find it quite useful.

Joe K.